MyCity » Ambulanta -> Arhiva Ambulante » Rootkit problem

Rootkit problem

Napisano na dan: 24.6.2011
3

Rootkit problem
Pagination Prethodna strana

Idi na vrh

Poslao: 27 Jun 2011 14:59
Idi na vrh
offline
  • Pridružio: 26 Feb 2011
  • Poruke: 164

Nadam se da nema nista. Koliko sam prometio nema...



.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Dimitrije at 14:43:55 on 2011-06-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1332 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{97D69B6F-5FE6-455F-9758-1CE371667471} : DhcpNameServer = 192.168.1.1
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-27 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-27 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-27 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-27 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-27 42184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 ClientService;COMODO Time Machine Client Service;d:\program files\comodo\time machine\clientservice.exe --> d:\program files\comodo\time machine\ClientService.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
.
=============== Created Last 30 ================
.
2011-06-27 08:32:24 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-27 08:32:23 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-27 08:31:53 40112 ----a-w- c:\windows\avastSS.scr
2011-06-27 08:31:50 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 08:31:50 -------- d-----w- c:\program files\AVAST Software
2011-06-27 08:21:38 -------- d-----w- c:\windows\system32\appmgmt
.
==================== Find3M ====================
.
2011-06-26 21:05:05 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-06-26 21:05:05 13824 ----a-w- c:\windows\system32\slwga.dll
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57:34 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57:21 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57:13 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56:06 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35:40 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
.
============= FINISH: 14:44:35.14 ===============





[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]



Poslao: 27 Jun 2011 15:51
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Izvestaji govore da je MBR onaj koji pripada samom operativnom sistemu.
Detekcija je nestala. Nema tragova malware-a.
Tvoj PC je cist.

Mozes obrisati koriscene programe.



Poslao: 27 Jun 2011 15:52
Idi na vrh
offline
  • Pridružio: 26 Feb 2011
  • Poruke: 164

EEE Hvala bogu vise... Hvala ti na pomoci...

MyCity » Ambulanta -> Arhiva Ambulante » Rootkit problem

Ko je trenutno na forumu
 

Ukupno su 945 korisnika na forumu :: 90 registrovanih, 9 sakrivenih i 846 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Ailton, antonije64, Apok, Arahne, avijacija, bokicacar, ceman, CHARLIE JA., cifra, Cirkon, crnogorac, cvrle312, cyprus, Dannyboy, Darth Wader, debeli, dekan.m, deks, Dimitrise93, Dogma21, DonRumataEstorski, draganl, dragoljub11987, dule10savic, Dzigy, fijufijukrozkapiju55, FOX, Gitzherai, goxsys, Great White, hyla, jalos, Jose, Još malo pa deda, K-1A, lanishtefm, Lieutenant, LUDI, Luke Pathfinder, marsi, mačković, mercedesamg, metallac777, Metanoja, MIKI63, milikonst, MiljanXD, moldway, narandzasti, Natuzzi, nebidrag, nikola013, Otto Grunf, peraklio, Pero Petković, perunnurep, Pilence, ping15, Pururin, RajkoB, razumihin, rebro1974, RileHerc, S2M, samocitam, Sharpshooter, sistem22, skvara, Sledge Hammer, spalev, Srna, ssekir75, stegonosa, The trojkaaa, tomigun, troki1971, umpah-pah, uruk, Valter071, Vanderx, vathra, vazduh, vensla, voja64, volimpivuvolimrakiju, Wehicle, zexon, zlaya011, Zoran1959, zoran77