Možda tražite i:
Dosadni trojanac
Rootkit na SD kartici
rootkit pitanje?
Trojanac u mejlu sa subject-om Milosevic

MyCity » Ambulanta -> Arhiva Ambulante » trojanac i rootkit

trojanac i rootkit

Napisano na dan: 6.5.2008

Strana:
1
2
3

trojanac i rootkit

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

inarak84 Poslao: 08 Maj 2008 18:30 Idi na vrh
offline inarak84 Novi MyCity građanin Pridružio: 06 Maj 2008 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisam uspjela zavrsit keniranje sa combofixom jer mi se opet pojavio plavi ekran kao i sinoc i morala sam restartovat kompjuter.

Profil

dr_Bora Poslao: 08 Maj 2008 19:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-uj sledeći file: C:\WINDOWS\system32\user32.dll Upload link: http://www.mycity.rs/ambulanta-upload.php ------------------------------------------------------------------------------------- Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Save ... dugme ispod i snimi negde taj file. Priloži snimljeni file uz poruku (koristi opciju Prikači fajl). Dopuna: 08 Maj 2008 19:44 Pitanje: imaš li Windows instalacioni CD?

Profil

inarak84 Poslao: 08 Maj 2008 20:35 Idi na vrh
offline inarak84 Novi MyCity građanin Pridružio: 06 Maj 2008 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: skidam gmer nisam jos zavrsila a cd imam Dopuna: 08 Maj 2008 20:35 mycity.rs/must-login.png Ovo je snimljeni scan sa gmer.exe.Morala sam ponovo restartovat kompjuter ali sam iz drugog puta uspjela zavrsit skeniranje.

Profil

dr_Bora Poslao: 08 Maj 2008 21:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Sudeći po uploadovanom file-u, izgleda da je ComboFix ipak uspeo da odradi što je trebalo. U logovima postoje tragovi infekcije koja se prenosi putem USB flash drive-ova, stoga je potrebno da priključiš iste ukoliko poseduješ neki u toku narednog postupka. Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. skini sledeći file na Desktop: https://www.mycity.rs/must-login.png Dvoklik na njega i u obaveštenju koje se pojavi, klik na Yes. ------------------------------------------------------------------------------------- Još jednom ćemo probati sa skeniranjem CF-om, ali pre toga odradi sledeće podešavanje u avast!-u: avast! settings... pod Troubleshooting: čekiraj Disable avast! self-defense module. Pokreni ComboFix i postavi log ukoliko skeniranje bude uspešno. Pitanje: da li je problem da download-uješ nekih desetak MB? Hteo bih da odradimo skeniranje jednim AV programom.

Profil

inarak84 Poslao: 08 Maj 2008 21:14 Idi na vrh
offline inarak84 Novi MyCity građanin Pridružio: 06 Maj 2008 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ako pitas imam li onaj usb uredjaj za prenos podataka koji se prikljuci na kompjuter nemam pa ne znam trebam li pokretat taj flash program a skinucu sta god treba.

Profil

dr_Bora Poslao: 08 Maj 2008 21:18 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da, na to mislim. Ipak odradi i deo sa Flash_Disinfector-om (veoma kratak postupak).

Profil

inarak84 Poslao: 08 Maj 2008 21:40 Idi na vrh
offline inarak84 Novi MyCity građanin Pridružio: 06 Maj 2008 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradila sam sve sa flash disinfectorom.Hocu li vratiti setting koji sam promjenila u avastu ili ostaviti?Evo i log fajla. ComboFix 08-05-01.3 - irina 2008-05-08 21:26:56.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.84 [GMT 2:00] Running from: C:\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\windf.EXE C:\WINDOWS\system32\drivers\windf.hlp C:\WINDOWS\xmg.exe . ((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))) . 2008-05-08 20:14 . 2008-05-08 20:20 250 --a------ C:\WINDOWS\gmer.ini 2008-05-07 22:57 . 2008-05-07 23:04 <DIR> d-------- C:\Documents and Settings\irina\Application Data\MiniDm 2008-05-06 23:36 . 2008-05-06 23:36 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-05-06 23:36 . 2008-05-07 22:58 <DIR> d--hs---- C:\WINDOWS\system32\dllcache 2008-05-06 23:36 . 2008-05-06 23:36 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-05-06 23:02 . 2008-05-06 23:02 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-06 21:48 . 2008-05-06 22:19 <DIR> d-------- C:\Program Files\Panda Security 2008-05-06 18:49 . 2008-05-07 15:38 <DIR> d-------- C:\Documents and Settings\irina\Application Data\IEPro 2008-05-06 18:48 . 2008-05-06 18:49 <DIR> d-------- C:\Program Files\IEPro 2008-05-06 16:58 . 2008-05-06 16:58 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-05 20:44 . 2008-05-05 20:44 <DIR> d-------- C:\Program Files\Common Files\Raxco 2008-05-05 20:15 . 2008-05-05 20:17 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-05-05 19:49 . 2008-05-05 19:49 <DIR> d-------- C:\Documents and Settings\irina\.housecall6.6 2008-05-04 20:40 . 2008-05-04 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse 2008-04-28 16:57 . 2008-04-28 16:57 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo! 2008-04-28 16:56 . 2008-04-29 12:03 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\IE7Pro 2008-04-13 19:57 . 2005-11-01 09:52 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2008-04-13 19:57 . 2005-11-01 09:52 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2008-04-13 19:57 . 2005-11-01 09:52 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2008-04-13 19:57 . 2005-11-01 09:52 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2008-04-13 19:57 . 2005-11-01 09:52 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2008-04-13 19:57 . 2005-11-01 09:52 5,632 --a------ C:\WINDOWS\system32\kbd103.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-08 19:25 --------- d-----w C:\Documents and Settings\irina\Application Data\OnlineArmor 2008-05-08 19:20 --------- d-----w C:\Program Files\FlashGet 2008-05-08 19:16 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-05-06 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\GoBit Games 2008-05-06 16:48 --------- d-----w C:\Program Files\IE7Pro 2008-05-05 18:44 --------- d-----w C:\Program Files\Raxco 2008-04-05 17:12 --------- d-----w C:\Documents and Settings\irina\Application Data\IE7Pro 2007-10-24 16:01 774,144 -c--a-w C:\Program Files\RngInterstitial.dll . ------- Sigcheck ------- 2005-11-01 10:55 502272 847c91b55752adee4cb76b8252ee5691 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((( snapshot@2008-05-06_23.30.43.77 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-06 21:20:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-08 19:23:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2007-04-25 13:08:36 2,233,944 ----a-w C:\WINDOWS\Downloaded Program Files\msi.1.0.0.8.dll + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-05-08 18:14:34 819,200 ----a-w C:\WINDOWS\gmer.dll + 2008-03-03 18:29:06 761,856 ----a-w C:\WINDOWS\gmer.exe + 2005-11-01 08:52:56 1,852,928 ----a-w C:\WINDOWS\system32\dllcache\acgenral.dll + 2004-08-03 22:56:42 450,048 ----a-w C:\WINDOWS\system32\dllcache\aclayers.dll + 2004-08-03 22:56:42 244,736 ----a-w C:\WINDOWS\system32\dllcache\acspecfc.dll + 2004-08-03 22:56:42 116,224 ----a-w C:\WINDOWS\system32\dllcache\acxtrnal.dll + 2004-08-03 22:56:48 98,304 ----a-w C:\WINDOWS\system32\dllcache\ahui.exe + 2004-08-03 22:56:42 126,976 ----a-w C:\WINDOWS\system32\dllcache\apphelp.dll + 2008-05-08 18:14:34 86,097 ----a-w C:\WINDOWS\system32\drivers\gmer.sys + 2008-05-08 19:24:14 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_57c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 23:10 68856] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-24 14:30 185632] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "SoundMan"="SOUNDMAN.EXE" [2005-11-01 10:56 90112 C:\WINDOWS\SOUNDMAN.EXE] "MagUninstall"="C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe" [ ] "OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-04 02:38 4803136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-04 00:56 388608 C:\WINDOWS\system32\cmd.exe] "nlhr"="C:\WINDOWS\System32\AdvPack.Dll" [2004-08-04 00:56 99840] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-04 02:38 633344] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\IEPro\\MiniDM.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 01:06] R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-03 09:40] R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 01:06] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] . Contents of the 'Scheduled Tasks' folder "2008-01-23 02:30:01 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Program Files\ErrorSmart\ErrorSmart.ex - C:\Program Files\ErrorSmart "2008-05-08 16:18:32 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9504676A-6C34-4D3A-B2E5-9943296C7447}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-08 21:29:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-08 21:31:36 ComboFix-quarantined-files.txt 2008-05-08 19:31:31 ComboFix2.txt 2008-05-07 19:40:58 ComboFix3.txt 2008-05-06 21:32:49 Pre-Run: 34,437,558,272 bytes free Post-Run: 34,448,900,096 bytes free 139 --- E O F --- 2008-05-08 17:01:30

Profil

dr_Bora Poslao: 08 Maj 2008 22:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslednji log fino izgleda... Podešavanje u avast!-u neka ostane kakvo jeste za sada. Ovako ćemo... Odradićeš skeniranje dr.Web CureIt-om (sada ili sutra, po želji) i onda ćeš sutra poslepodne (ili kasnije, kad stigneš) da postaviš log dr.Web skeniranja i novi ComboFix log (poslednji, nadam se ). Preuzmi Dr.Web CureIt (~10 MB). Privremeno isključi svoj antivirus Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu (ili ga priloži uz poruku).

Profil

inarak84 Poslao: 09 Maj 2008 19:27 Idi na vrh
offline inarak84 Novi MyCity građanin Pridružio: 06 Maj 2008 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png Ovo je report list od scana sa DrWebom a evo i log file od combofixa.Jedno pitanje koji je dobar spyware program da se moze skinut s neta jer sam imala Lavasoft ali mi je pravio probleme pa nemam vec duze vrijeme nikakav antispyware program. ComboFix 08-05-01.3 - irina 2008-05-09 19:08:03.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.85 [GMT 2:00] Running from: C:\Downloads\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))) . 2008-05-09 16:18 . 2008-05-09 19:05 <DIR> d-------- C:\Documents and Settings\irina\DoctorWeb 2008-05-08 20:14 . 2008-05-08 20:20 250 --a------ C:\WINDOWS\gmer.ini 2008-05-07 22:57 . 2008-05-07 23:04 <DIR> d-------- C:\Documents and Settings\irina\Application Data\MiniDm 2008-05-06 23:36 . 2008-05-06 23:36 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-05-06 23:36 . 2008-05-07 22:58 <DIR> d--hs---- C:\WINDOWS\system32\dllcache 2008-05-06 23:36 . 2008-05-06 23:36 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-05-06 23:02 . 2008-05-06 23:02 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-06 21:48 . 2008-05-06 22:19 <DIR> d-------- C:\Program Files\Panda Security 2008-05-06 18:49 . 2008-05-07 15:38 <DIR> d-------- C:\Documents and Settings\irina\Application Data\IEPro 2008-05-06 18:48 . 2008-05-06 18:49 <DIR> d-------- C:\Program Files\IEPro 2008-05-06 16:58 . 2008-05-06 16:58 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-05 20:44 . 2008-05-05 20:44 <DIR> d-------- C:\Program Files\Common Files\Raxco 2008-05-05 20:15 . 2008-05-05 20:17 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-05-05 19:49 . 2008-05-05 19:49 <DIR> d-------- C:\Documents and Settings\irina\.housecall6.6 2008-05-04 20:40 . 2008-05-04 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse 2008-04-28 16:57 . 2008-04-28 16:57 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo! 2008-04-28 16:56 . 2008-04-29 12:03 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\IE7Pro 2008-04-13 19:57 . 2005-11-01 09:52 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2008-04-13 19:57 . 2005-11-01 09:52 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2008-04-13 19:57 . 2005-11-01 09:52 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2008-04-13 19:57 . 2005-11-01 09:52 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2008-04-13 19:57 . 2005-11-01 09:52 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2008-04-13 19:57 . 2005-11-01 09:52 5,632 --a------ C:\WINDOWS\system32\kbd103.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-09 17:06 --------- d-----w C:\Program Files\FlashGet 2008-05-09 11:59 --------- d-----w C:\Documents and Settings\irina\Application Data\OnlineArmor 2008-05-08 19:16 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-05-06 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\GoBit Games 2008-05-06 16:48 --------- d-----w C:\Program Files\IE7Pro 2008-05-05 18:44 --------- d-----w C:\Program Files\Raxco 2008-04-05 17:12 --------- d-----w C:\Documents and Settings\irina\Application Data\IE7Pro 2007-10-24 16:01 774,144 -c--a-w C:\Program Files\RngInterstitial.dll . ------- Sigcheck ------- 2005-11-01 10:55 502272 847c91b55752adee4cb76b8252ee5691 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((( snapshot@2008-05-06_23.30.43.77 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-06 21:20:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-09 11:51:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2007-04-25 13:08:36 2,233,944 ----a-w C:\WINDOWS\Downloaded Program Files\msi.1.0.0.8.dll + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-05-08 18:14:34 819,200 ----a-w C:\WINDOWS\gmer.dll + 2008-03-03 18:29:06 761,856 ----a-w C:\WINDOWS\gmer.exe + 2005-11-01 08:52:56 1,852,928 ----a-w C:\WINDOWS\system32\dllcache\acgenral.dll + 2004-08-03 22:56:42 450,048 ----a-w C:\WINDOWS\system32\dllcache\aclayers.dll + 2004-08-03 22:56:42 244,736 ----a-w C:\WINDOWS\system32\dllcache\acspecfc.dll + 2004-08-03 22:56:42 116,224 ----a-w C:\WINDOWS\system32\dllcache\acxtrnal.dll + 2004-08-03 22:56:48 98,304 ----a-w C:\WINDOWS\system32\dllcache\ahui.exe + 2004-08-03 22:56:42 126,976 ----a-w C:\WINDOWS\system32\dllcache\apphelp.dll + 2008-05-08 18:14:34 86,097 ----a-w C:\WINDOWS\system32\drivers\gmer.sys + 2008-05-09 11:52:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_578.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 23:10 68856] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-24 14:30 185632] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "SoundMan"="SOUNDMAN.EXE" [2005-11-01 10:56 90112 C:\WINDOWS\SOUNDMAN.EXE] "MagUninstall"="C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe" [ ] "OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-04 02:38 4803136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-04 00:56 388608 C:\WINDOWS\system32\cmd.exe] "nlhr"="C:\WINDOWS\System32\AdvPack.Dll" [2004-08-04 00:56 99840] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-04 02:38 633344] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\IEPro\\MiniDM.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 01:06] R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-03 09:40] R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 01:06] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] . Contents of the 'Scheduled Tasks' folder "2008-01-23 02:30:01 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Program Files\ErrorSmart\ErrorSmart.ex - C:\Program Files\ErrorSmart "2008-05-08 16:18:32 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9504676A-6C34-4D3A-B2E5-9943296C7447}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-09 19:10:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-09 19:13:04 ComboFix-quarantined-files.txt 2008-05-09 17:12:46 ComboFix2.txt 2008-05-08 19:31:37 ComboFix3.txt 2008-05-07 19:40:58 ComboFix4.txt 2008-05-06 21:32:49 Pre-Run: 34,707,771,392 bytes free Post-Run: 34,705,457,152 bytes free 135 --- E O F --- 2008-05-09 17:05:41

Profil

dr_Bora Poslao: 09 Maj 2008 20:27 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Čist log... Obriši folder: C:\Documents and Settings\irina\DoctorWeb I, kakvo je sada stanje? Detektuje li AV nešto? Dolazi li i dalje do restartovanja? Nešto drugo što smatraš da bi trebalo da spomeneš?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » trojanac i rootkit

Ko je trenutno na forumu

Ukupno su 585 korisnika na forumu :: 23 registrovanih, 3 sakrivenih i 559 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Bane san, bbogdan, bladesu, DejanSt, Dimitrise93, FileFinder, Georgius, HrcAk47, indja, ivan1973, jackreacher011011, kolateralnasteta, kolle.the.kid, Lazarus, Lutvo_Redzepagic, mb1213, Parker, Sančo, Trpe Grozni, UAV operator, vathra, VP6919

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by