MyCity » Ambulanta -> Arhiva Ambulante » Trojanac u tmp.edb file-u

Trojanac u tmp.edb file-u

Napisano na dan: 16.2.2010

Trojanac u tmp.edb file-u
Sledeća strana Pagination

Idi na vrh

Poslao: 16 Feb 2010 23:10
Idi na vrh
offline
  • Pridružio: 09 Apr 2008
  • Poruke: 66

Od antivirusnog programa ima Bit defender Intetrnet Security 2010. Zadovoljan sam s njime i bas mi je juce otkrio i uklonio trojanca u C: Program data/Microsoft/search/data/applications/Windows/tmp.edb. Sve je bilo u redu dok mi nije pri svakom paljenju PC-a, Bit Defender pokazivao da jos uvek imam istog trijanca i da ga on delete-uje. Kad sam probao da "rucno" izbrisem file, pokazao mi je ovo:
mycity.rs/must-login.png


Dali da to zanemarim ili....????

Poslao: 16 Feb 2010 23:38
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav.

Za početak isprati uputstvo -> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Poslao: 17 Feb 2010 00:00
Idi na vrh
offline
  • Pridružio: 09 Apr 2008
  • Poruke: 66

Napisano: 16 Feb 2010 23:55

Evo poruke Bit Defender-a:
mycity.rs/must-login.png

Dopuna: 17 Feb 2010 0:00

Inace, jasno mi je uputstvo za postavljanje teme u ambulanti, ali sam se veoma uplasio kada mi je posle pokretanja GMER-a puko windows i pojavio se plavi ekran smrti. Ne bih mogo dalje sam po vasem uputstvu:(

Poslao: 17 Feb 2010 00:12
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Hajde ponovo pročitaj uputstvo.


Potreban DDS log opisan u Korak#2;

U uputstvu pod Korak#3 imaš opisan alternativni alat RootRepeal ukoliko Gmer ne radi stabilno.

Poslao: 17 Feb 2010 00:28
Idi na vrh
offline
  • Pridružio: 09 Apr 2008
  • Poruke: 66

Napisano: 17 Feb 2010 0:24

Evo poruke DDS-a:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Tino at 0:16:43.85 on Wed 02/17/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1304 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Opera\opera.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\rstrui.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
E:\My Documents\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 72200]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2009-10-19 79368]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-9-22 83208]
R2 TeamViewer;TeamViewer 3;c:\program files\teamviewer3\TeamViewer_Host.exe [2008-3-12 181544]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 153448]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-10-8 55808]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-25 25088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-1 3328]

=============== Created Last 30 ================

2010-02-16 22:48:05 298615994 ----a-w- c:\windows\MEMORY.DMP
2010-02-10 12:26:57 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 12:26:57 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 12:26:55 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-10 12:26:54 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 12:26:54 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 12:26:54 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-10 12:26:54 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 12:26:54 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-10 12:26:54 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-10 12:26:54 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-02 18:33:34 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-02-02 18:33:34 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-02-02 18:33:34 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-02-02 18:33:34 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-02-02 18:33:34 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-02-02 18:33:34 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-02-02 18:33:33 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-02-02 18:33:30 0 d-----w- c:\program files\VSO
2010-02-01 18:16:28 28 ----a-w- c:\windows\system32\'
2010-02-01 18:16:15 6016 ----a-w- c:\windows\system32\drivers\vnccom.SYS
2010-01-28 23:22:02 0 d-----w- c:\users\tino\appdata\roaming\UltraVNC
2010-01-28 22:36:36 0 d-----w- c:\program files\UltraVNC
2010-01-28 17:34:35 52 ----a-w- c:\windows\system32\ashttpstats.csv
2010-01-27 20:56:32 0 d-----w- c:\users\tino\appdata\roaming\DameWare Development
2010-01-27 20:53:20 710 ----a-w- c:\windows\install.bat
2010-01-27 12:28:46 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 12:28:46 2614272 ----a-w- c:\windows\explorer.exe
2010-01-24 23:10:34 0 d-----w- c:\programdata\ACD Systems
2010-01-24 23:10:21 0 d-----w- c:\program files\ACD Systems
2010-01-24 18:39:04 0 d-----w- c:\program files\Nero
2010-01-24 16:12:05 0 d-----w- c:\programdata\vsosdk
2010-01-24 01:44:41 0 d-----w- c:\program files\The KMPlayer
2010-01-22 16:59:47 87608 ----a-w- c:\users\tino\appdata\roaming\inst.exe
2010-01-22 16:59:47 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-22 16:59:47 47360 ----a-w- c:\users\tino\appdata\roaming\pcouffin.sys
2010-01-22 10:09:24 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 08:02:18 0 d-----w- c:\windows\system32\appmgmt
2010-01-21 08:00:53 0 d-----w- c:\users\tino\appdata\roaming\ACD Systems
2010-01-21 07:59:14 0 d-----w- c:\program files\common files\ACD Systems
2010-01-20 01:18:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-19 12:47:46 0 d-----w- C:\PFiles
2010-01-19 12:32:35 0 d-----w- c:\programdata\Adobe
2010-01-19 12:28:13 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-19 12:23:29 0 d-----w- c:\program files\common files\PX Storage Engine
2010-01-19 12:21:00 0 d-----w- c:\program files\K-Lite Codec Pack
2010-01-18 12:45:30 0 d-----w- c:\users\tino\appdata\roaming\TeamViewer
2010-01-18 12:45:00 0 d-----w- c:\program files\TeamViewer3
2010-01-18 12:42:50 0 d-----w- c:\users\tino\temp
2010-01-18 09:43:39 0 d-----w- c:\programdata\Real
2010-01-18 09:40:34 0 d-----w- c:\programdata\Apple Computer
2010-01-18 09:39:49 0 d-----w- c:\programdata\Apple
2010-01-18 09:36:24 0 d-----w- c:\program files\common files\xing shared
2010-01-18 09:36:07 0 d-----w- c:\program files\common files\Real
2010-01-18 09:32:01 0 d-----r- c:\program files\Skype
2010-01-18 09:31:57 0 d-----w- c:\programdata\Skype
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\wsbl.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_white.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_spoof.sig
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_sign.slf
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_fuzzy.sig
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_black.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\pcwords.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\pc_sign.slf
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ab_sbl.sig

==================== Find3M ====================

2010-02-16 22:52:40 690716 ----a-w- c:\windows\system32\perfh015.dat
2010-02-16 22:52:40 132210 ----a-w- c:\windows\system32\perfc015.dat
2010-02-09 21:07:12 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-02-09 21:07:12 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-01-17 23:16:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-08 11:40:12 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40:12 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32:02 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-07-19 11:23:38 38710 ----a-w- c:\windows\inf\perflib\0415\perfd.dat
2009-07-19 11:23:38 38710 ----a-w- c:\windows\inf\perflib\0415\perfc.dat
2009-07-19 11:23:38 337158 ----a-w- c:\windows\inf\perflib\0415\perfi.dat
2009-07-19 11:23:37 337158 ----a-w- c:\windows\inf\perflib\0415\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:19:01.98 ===============

mycity.rs/must-login.png

Dopuna: 17 Feb 2010 0:28

Imam problem sa RootRepeal-om. Pokazuje eror:
mycity.rs/must-login.png

Poslao: 17 Feb 2010 22:56
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Izvini na čekanju.


Da li ti se javljaju još neki problemi sem ove detekcije AV-a koju si naveo?

MyCity » Ambulanta -> Arhiva Ambulante » Trojanac u tmp.edb file-u

Ko je trenutno na forumu
 

Ukupno su 864 korisnika na forumu :: 43 registrovanih, 7 sakrivenih i 814 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ajo baba, Alexandar-1973, amaterSRB, Bokiboks, Boris BM, dane007, Dannyboy, Djokislav, DonRumataEstorski, Duh sa sekirom, Excalibur13, flash12, FOX, gorican, Griffon vulture, ikan, Ivica1102, Karla, kolle.the.kid, Komentator, Kubovac, kybonacci, Litostroton, mikrimaus, milutin134, Misirac, Mlav, mnn2, mocnijogurt, nebojsag, nemkea71, nextyamb, opt1, powSrb, raptorsi, RJ, Sirius, Trpe Grozni, Tvrtko I, vathra, vlajkox, W123, |_MeD_|