MyCity » Ambulanta -> Arhiva Ambulante » Trojanac u tmp.edb file-u

Trojanac u tmp.edb file-u

Napisano na dan: 16.2.2010

Trojanac u tmp.edb file-u
Sledeća strana Pagination

Idi na vrh

Poslao: 16 Feb 2010 23:10
Idi na vrh
offline
  • Pridružio: 09 Apr 2008
  • Poruke: 66

Od antivirusnog programa ima Bit defender Intetrnet Security 2010. Zadovoljan sam s njime i bas mi je juce otkrio i uklonio trojanca u C: Program data/Microsoft/search/data/applications/Windows/tmp.edb. Sve je bilo u redu dok mi nije pri svakom paljenju PC-a, Bit Defender pokazivao da jos uvek imam istog trijanca i da ga on delete-uje. Kad sam probao da "rucno" izbrisem file, pokazao mi je ovo:
[Link mogu videti samo ulogovani korisnici]


Dali da to zanemarim ili....????



Poslao: 16 Feb 2010 23:38
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav.

Za početak isprati uputstvo -> [Link mogu videti samo ulogovani korisnici]



Poslao: 17 Feb 2010 00:00
Idi na vrh
offline
  • Pridružio: 09 Apr 2008
  • Poruke: 66

Napisano: 16 Feb 2010 23:55

Evo poruke Bit Defender-a:
[Link mogu videti samo ulogovani korisnici]

Dopuna: 17 Feb 2010 0:00

Inace, jasno mi je uputstvo za postavljanje teme u ambulanti, ali sam se veoma uplasio kada mi je posle pokretanja GMER-a puko windows i pojavio se plavi ekran smrti. Ne bih mogo dalje sam po vasem uputstvu:(

Poslao: 17 Feb 2010 00:12
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Hajde ponovo pročitaj uputstvo.


Potreban DDS log opisan u Korak#2;

U uputstvu pod Korak#3 imaš opisan alternativni alat RootRepeal ukoliko Gmer ne radi stabilno.

Poslao: 17 Feb 2010 00:28
Idi na vrh
offline
  • Pridružio: 09 Apr 2008
  • Poruke: 66

Napisano: 17 Feb 2010 0:24

Evo poruke DDS-a:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Tino at 0:16:43.85 on Wed 02/17/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1304 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Opera\opera.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\rstrui.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
E:\My Documents\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 72200]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2009-10-19 79368]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-9-22 83208]
R2 TeamViewer;TeamViewer 3;c:\program files\teamviewer3\TeamViewer_Host.exe [2008-3-12 181544]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 153448]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-10-8 55808]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-25 25088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-1 3328]

=============== Created Last 30 ================

2010-02-16 22:48:05 298615994 ----a-w- c:\windows\MEMORY.DMP
2010-02-10 12:26:57 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 12:26:57 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 12:26:55 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-10 12:26:54 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 12:26:54 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 12:26:54 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-10 12:26:54 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 12:26:54 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-10 12:26:54 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-10 12:26:54 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-02 18:33:34 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-02-02 18:33:34 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-02-02 18:33:34 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-02-02 18:33:34 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-02-02 18:33:34 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-02-02 18:33:34 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-02-02 18:33:33 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-02-02 18:33:30 0 d-----w- c:\program files\VSO
2010-02-01 18:16:28 28 ----a-w- c:\windows\system32\'
2010-02-01 18:16:15 6016 ----a-w- c:\windows\system32\drivers\vnccom.SYS
2010-01-28 23:22:02 0 d-----w- c:\users\tino\appdata\roaming\UltraVNC
2010-01-28 22:36:36 0 d-----w- c:\program files\UltraVNC
2010-01-28 17:34:35 52 ----a-w- c:\windows\system32\ashttpstats.csv
2010-01-27 20:56:32 0 d-----w- c:\users\tino\appdata\roaming\DameWare Development
2010-01-27 20:53:20 710 ----a-w- c:\windows\install.bat
2010-01-27 12:28:46 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 12:28:46 2614272 ----a-w- c:\windows\explorer.exe
2010-01-24 23:10:34 0 d-----w- c:\programdata\ACD Systems
2010-01-24 23:10:21 0 d-----w- c:\program files\ACD Systems
2010-01-24 18:39:04 0 d-----w- c:\program files\Nero
2010-01-24 16:12:05 0 d-----w- c:\programdata\vsosdk
2010-01-24 01:44:41 0 d-----w- c:\program files\The KMPlayer
2010-01-22 16:59:47 87608 ----a-w- c:\users\tino\appdata\roaming\inst.exe
2010-01-22 16:59:47 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-22 16:59:47 47360 ----a-w- c:\users\tino\appdata\roaming\pcouffin.sys
2010-01-22 10:09:24 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 08:02:18 0 d-----w- c:\windows\system32\appmgmt
2010-01-21 08:00:53 0 d-----w- c:\users\tino\appdata\roaming\ACD Systems
2010-01-21 07:59:14 0 d-----w- c:\program files\common files\ACD Systems
2010-01-20 01:18:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-19 12:47:46 0 d-----w- C:\PFiles
2010-01-19 12:32:35 0 d-----w- c:\programdata\Adobe
2010-01-19 12:28:13 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-19 12:23:29 0 d-----w- c:\program files\common files\PX Storage Engine
2010-01-19 12:21:00 0 d-----w- c:\program files\K-Lite Codec Pack
2010-01-18 12:45:30 0 d-----w- c:\users\tino\appdata\roaming\TeamViewer
2010-01-18 12:45:00 0 d-----w- c:\program files\TeamViewer3
2010-01-18 12:42:50 0 d-----w- c:\users\tino\temp
2010-01-18 09:43:39 0 d-----w- c:\programdata\Real
2010-01-18 09:40:34 0 d-----w- c:\programdata\Apple Computer
2010-01-18 09:39:49 0 d-----w- c:\programdata\Apple
2010-01-18 09:36:24 0 d-----w- c:\program files\common files\xing shared
2010-01-18 09:36:07 0 d-----w- c:\program files\common files\Real
2010-01-18 09:32:01 0 d-----r- c:\program files\Skype
2010-01-18 09:31:57 0 d-----w- c:\programdata\Skype
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\wsbl.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_white.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_spoof.sig
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_sign.slf
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_fuzzy.sig
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ph_black.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\pcwords.dat
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\pc_sign.slf
2010-01-18 09:21:25 0 ----a-w- c:\windows\system32\ab_sbl.sig

==================== Find3M ====================

2010-02-16 22:52:40 690716 ----a-w- c:\windows\system32\perfh015.dat
2010-02-16 22:52:40 132210 ----a-w- c:\windows\system32\perfc015.dat
2010-02-09 21:07:12 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-02-09 21:07:12 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-01-17 23:16:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-08 11:40:12 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40:12 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32:02 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-07-19 11:23:38 38710 ----a-w- c:\windows\inf\perflib\0415\perfd.dat
2009-07-19 11:23:38 38710 ----a-w- c:\windows\inf\perflib\0415\perfc.dat
2009-07-19 11:23:38 337158 ----a-w- c:\windows\inf\perflib\0415\perfi.dat
2009-07-19 11:23:37 337158 ----a-w- c:\windows\inf\perflib\0415\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:19:01.98 ===============

[Link mogu videti samo ulogovani korisnici]

Dopuna: 17 Feb 2010 0:28

Imam problem sa RootRepeal-om. Pokazuje eror:
[Link mogu videti samo ulogovani korisnici]

Poslao: 17 Feb 2010 22:56
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Izvini na čekanju.


Da li ti se javljaju još neki problemi sem ove detekcije AV-a koju si naveo?

MyCity » Ambulanta -> Arhiva Ambulante » Trojanac u tmp.edb file-u

Ko je trenutno na forumu
 

Ukupno su 2956 korisnika na forumu :: 82 registrovanih, 3 sakrivenih i 2871 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Abebe Bikila, Acivi, amaterSRB, Arhiv, Asteker, bavar357, berste23, bobomicek, boj.an, bukefal, Carl Gustaf, cenejac111, Cirkon, Daba75, Dejan_vw, Demi87, Dimitrise93, djboj, Dorcolac, drimer, Drugsparrow, Dusko_Dugousko, Džekson, gaga23, Georgius, goran.vvv, ivicasimo, Ivoo, jalos, Jeremiah, Joksss, Još malo pa deda, K a s p e r, kalens021, kolateralnasteta, Krajišnik97, Kruger, Lazarus, Lep1na, ljubo70, Macalone, mayorlany, Medojed, mercedesamg, MiGac, mikhailo, Milos ZA, nebkv, nixos, opt1, orfanel, ozzy, pavle_pzs, Pekman, Petarvu, Piicoki, Radula, Ravac, redstar011, redstar72, repac, rovac, S2M, sekretar, Semprini, smuk, stegonosa, they live, Tvrtko I, vidra1, virked, vlad4, Vlado82, Voice1, Vrač, vrgudinac, wolverined4, Wrangler, Zastava, zoran77, Zukov, Zvonkozvonko