|
Poslao: 06 Dec 2011 14:10
|
offline
- jhoni01
- Građanin
- Pridružio: 15 Sep 2010
- Poruke: 73
- Gde živiš: Pancevo
|
Jutros,kada sam upalio komp,posle par minuta,avast izbaci da je pronadjen rootkit,i da je preporucljivo da obrisem,i ja stisnem obrisi,i trazio mi je boot scan,ja skeniram,i nadje mi samo ono sto je bilo u mc shield-u(karantinu),i kad se sistem podigao,opet mi je posle par minuta,izbacio to. I ja ponovo isto uradim,samo sto sada nista nije nasao,i desi mi se treci put,ali sada nisam isao na boot scan.
Evo slike avast-a,i DDS loga.
Izvinjavam se na losoj slici.
Koristio sam ranije combofix,i ne znam da li treba opet njega da pokrecem,i imam neku skriptu za njega,ali ne znam da li se uvek ista skripta koristi,ili ima i nekih drugih?
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by NIDzA at 13:51:51 on 2011-12-06
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [<NO NAME>]
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [PACTray] c:\windows\pixart\pap7501\PACTray.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [<NO NAME>]
mRun: [TkBellExe] "d:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: DhcpNameServer = 87.250.33.21 87.250.33.22
TCP: Interfaces\{1D1866C4-0864-4E0F-86E0-2FE8D3C1654E} : DhcpNameServer = 87.250.33.21 87.250.33.22
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nidza\application data\mozilla\firefox\profiles\fi8imcah.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\nidza\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\nidza\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: d:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: d:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: d:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: d:\program files\veetle\player\npvlc.dll
FF - plugin: d:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? aswFsBlk;aswFsBlk
S? aswFW;avast! TDI Firewall driver
S? aswNdis;avast! Firewall NDIS Filter Service
S? aswNdis2;avast! Firewall Core Firewall Service
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? avast! Firewall;avast! Firewall
S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
S? GUCI_AVS;Generic USB Controller Interface (AVS)
S? Hamachi2Svc;LogMeIn Hamachi Tunneling Engine
S? kbfilter;Keyboard Filter Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? UsbFltr;WayTechUSBFilterDriver
.
=============== Created Last 30 ================
.
2011-12-03 10:45:37 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-12-03 10:45:11 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-12-03 10:44:57 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-13 11:00:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:55:54,88 ===============
mycity.rs/must-login.png
|
|
|
|
|
|
|
Poslao: 06 Dec 2011 14:47
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Pozdrav.
Isprati uputstvo do kraja, znaci potrebni su nam i Gmer logovi i Attach log od DDS-a.
|
|
|
|
|
|
|
Poslao: 06 Dec 2011 18:28
|
offline
- jhoni01
- Građanin
- Pridružio: 15 Sep 2010
- Poruke: 73
- Gde živiš: Pancevo
|
Izvinjavam se sto tek sada odgovaram,imao sam jos nekih obaveza,a i scan gmera se oduzio,posto nisam izgleda sacuvao atach od prvog skeniranja sa dds-om,odradio sam ponovo skeniranje,i ako nema veze,evo vam atach log,i logovi od gmera.
Ne znam da li ima neke veze,ali kada sam trebao da uradim drugi postupak gmera,nije mi ponudio save,nego samo scan i copy,i isao sam na copy, pa u notepad sacuvao.
Ako nesto nije dobro,uradicu ponov scan,samo sto ce potrajati.
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
|
|
|
|
|
Poslao: 06 Dec 2011 19:00
|
offline
- jhoni01
- Građanin
- Pridružio: 15 Sep 2010
- Poruke: 73
- Gde živiš: Pancevo
|
Jeste,azuriran je,bas pise isto kao kod tebe. tj. na slici.
|
|
|
|
|
|
|
Poslao: 06 Dec 2011 19:02
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Ako si izvrsio Azuriranje, potrebno je restartovati sistem.
Javi stanje posle ovoga.
|
|
|
|
|
|
|
Poslao: 06 Dec 2011 19:05
|
offline
- jhoni01
- Građanin
- Pridružio: 15 Sep 2010
- Poruke: 73
- Gde živiš: Pancevo
|
Pa probacu,ja nisam kliktao na azuriranje,verovatno je on sam to uradio,posto u vreme kada je poslednji update stigao,ja nisam bio kod kuce,restartovacu ga,pa cu javiti. Problem se pojavljivao oko 10 minuta posle paljenja/dizanja sistema(danas).
|
|
|
|
|
|
|
Poslao: 06 Dec 2011 19:11
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Znam, izgleda da je lazna uzbuna, zato restartuj pa mi javi da li i dalje detektuje nesto.
|
|
|
|
|
|
|
Poslao: 06 Dec 2011 19:20
|
offline
- jhoni01
- Građanin
- Pridružio: 15 Sep 2010
- Poruke: 73
- Gde živiš: Pancevo
|
Napisano: 06 Dec 2011 19:18
Evo da kucnem u drvo,za sada nista ne detektuje.
Dopuna: 06 Dec 2011 19:20
Hvala puno!
|
|
|
|
|
|
