|
Poslao: 26 Jul 2007 20:14
|
offline
- Dubara
- Prijatelj foruma
- Pridružio: 26 Jul 2007
- Poruke: 1079
- Gde živiš: u blizini
|
Ne mogu da preuzmem gmer.zip sa tog linka, desava se isto kao kada pokusavam da otvorim nesto iz attachmenta ili kao sto sam opisao sa Hijack This.
Download još i ne krene a dobijam upozorenje pri dnu prozora: “While files from the internet can be useful, some files can potentially harm your comuter. If you do not trust the source, do not open or save this file.” Lijevo je onaj prepoznatljivi windows štit Security centra. U Control panelu Firewall je ukljucune kao i Automatic Update i Virus Protection.
|
|
|
|
|
|
|
Poslao: 26 Jul 2007 20:25
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Zar se tu ne pojavljuje mogucnost da ipak preuzmes program?
|
|
|
|
|
|
|
Poslao: 26 Jul 2007 20:25
|
offline
- Dubara
- Prijatelj foruma
- Pridružio: 26 Jul 2007
- Poruke: 1079
- Gde živiš: u blizini
|
U medjuvremenu u Toolbarsu pojavila se ikona Google Desktop Search koju nisam tražio. Vrši update i to je uradio skoro 40 procenata. Neznam da li to ima veze s ovim sto radimo?
|
|
|
|
|
|
|
Poslao: 26 Jul 2007 20:30
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
To si imao instalirano od ranije. Mozda ti taj update oduzima dobar deo konekcije, pa ti zato ne ide download ovih ostalih stvari.
Sacekaj dok se to zavrsi, pa da vidimo onda sta se desava.
Pitanje: kada pokusas download, osim te poruke, jel se gore (ispod polja za upis adrese nekog sajta) javlja i zuta traka u kojoj isto opominje na download?
|
|
|
|
|
|
|
Poslao: 26 Jul 2007 20:58
|
offline
- Dubara
- Prijatelj foruma
- Pridružio: 26 Jul 2007
- Poruke: 1079
- Gde živiš: u blizini
|
Krenulo je....skeniranje je u toku sa gmer.exe
Odgovor: ranije sa downloadom nije bilo problema. Ispod polja za upis adrese u exploreru nije bilo zute trake. Klasicni je Toolbars.
Dopuna: 26 Jul 2007 20:57
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-26 20:57:59
Windows 5.1.2600 Service Pack 2
---- User IAT/EAT - GMER 1.0.13 ----
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe[1208] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe[1208] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe[1208] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe[1208] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe[1208] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe[1208] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe[1208] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe[1208] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe[1208] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe[1208] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
---- Devices - GMER 1.0.13 ----
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F9A9E5A4] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F9AA16BE] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F9AA1A5A] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F9A9E52C] avgntmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F9A9E52C] avgntmgr.sys
---- EOF - GMER 1.0.13 ----
Dopuna: 26 Jul 2007 20:58
GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-07-26 21:02:56
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
Ati HotKey Poller@ = %SystemRoot%\System32\atievxx.exe
gupdate /*Google Update Service*/@ = "C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe" /svc
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@CAPONC:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE = C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
@avgnt"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
@AttuneClientEngineC:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe /*file not found*/ = C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe /*file not found*/
@PCSuiteTrayApplicationC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/ = C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
@RavTimeXPC:\WINDOWS\Mstray.exe /*file not found*/ = C:\WINDOWS\Mstray.exe /*file not found*/
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MsnMsgr"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background g = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background g
@MSMSGS"C:\Program Files\Messenger\MSMSGS.EXE" /background = "C:\Program Files\Messenger\MSMSGS.EXE" /background
@Google Desktop Search"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
@swgC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\system32\upnpui.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Universal Plug and Play Devices*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll /*file not found*/ = C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll /*file not found*/
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar2.dll = c:\program files\google\googletoolbar2.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Program Files\Windows Live Toolbar\msntb.dll = C:\Program Files\Windows Live Toolbar\msntb.dll
@{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll = C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://home.sweetim.com = http://home.sweetim.com
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.ba/ = http://www.google.ba/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37E5647D-7E6C-4BDD-BD56-580826564AAB} /*Local Area Connection*/ >>>
@IPAddress192.168.1.5 = 192.168.1.5
@NameServer =
@DefaultGateway =
@Domain =
C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Canon LBP-800 Status Window.LNK = Canon LBP-800 Status Window.LNK
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk
---- EOF - GMER 1.0.13 ----
|
|
|
|
|
|
|
Poslao: 26 Jul 2007 21:02
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Jesi li instalirao neki program za vreme dok je GMER skenirao?
|
|
|
|
|
|
|
Poslao: 26 Jul 2007 21:08
|
offline
- Dubara
- Prijatelj foruma
- Pridružio: 26 Jul 2007
- Poruke: 1079
- Gde živiš: u blizini
|
Nisam nista instalirao...brisao sam sa desktopa dokumente koji su bili visak, mešu njima i zip fajl Aveo koji sam poslao. Bila mi je otvoren jedan sajt www.fokus.ba i nista vise.... Ako je potrebno ponoviću proces?
|
|
|
|
|
|
|
Poslao: 26 Jul 2007 21:12
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Odradi jednu potragu za fajlovima ikernel.exe i ShimEng.dll i uploaduj mi ih preko one forme preko koje si uploadovao i onaj ZIP.
|
|
|
|
|
|
|
Poslao: 26 Jul 2007 21:28
|
offline
- Dubara
- Prijatelj foruma
- Pridružio: 26 Jul 2007
- Poruke: 1079
- Gde živiš: u blizini
|
Poslao sam dva ikernell.exe a pronsao sam cetiri ShimEng.dll Identicne nazive imaju (tri su po 64 kb a jedan 59) Poslao sam jedan od 64 i ovaj od 59 kb.
|
|
|
|
|
|
|
Poslao: 26 Jul 2007 21:40
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
ikernel.exe nisi izgleda nasao. Poslao si mi Prefetch (*.pf) fajlove, meni trebaju EXE fajlovi.
ikernel treba da je negde u C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\
U sustini, to bi trebao da je legitiman fajl, ali nisam nacisto zasto se pojavio u GMER logu. To je deo Install Shield instalera, i pokrece se kada pokreces instalacije programa.
Ajde napravi novi log tog Rootkit taba u GMERu, da vidimo da li ce ponovo da se pojavi.
Osimo toga, ja ne vidim nista cudno u ostatku logova.
|
|
|
|
|
|
