MyCity » Ambulanta -> Arhiva Ambulante » Trojanac win32/agent ponovo

Trojanac win32/agent ponovo

Napisano na dan: 27.11.2007

Trojanac win32/agent ponovo
Sledeća strana Pagination

Idi na vrh

Poslao: 27 Nov 2007 22:46
Idi na vrh
offline
  • Pridružio: 27 Nov 2007
  • Poruke: 3

Trojanac win32/agent mi se prikacio,skinut sa nekog skript fajla, kako da ga uklonim, a da ne moram da rusim sistem?
Nod mi ga je registrovao,ali prilikom brisanja kaze da nema nijedan virus za brisanje,koliko sam ja primetila stavio ga je u karantin,sta da radim?
Pomozite,pritom imajte u vidu da nemam bas velikog pojma sa racunarima.
Koristim ADSL FlatHome paket 512/64
Evo saljem Vam izvestaj
Logfile of HijackThis v1.99.1
Scan saved at 21:54:33, on 27.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\Baksuz\Baksuz.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Office Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe



Poslao: 28 Nov 2007 10:24
Idi na vrh
offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Taj trojanac iz karantina nema gde da pobegne i ne predstavlja pretnju dok je tamo. Log koji si postavila ne pokazuje da ti je sistem zaražen.

btw. Naslovi koji sadrže reči POMOĆ ili HITNO i nisu najpoželjniji. Pomoć ćeš uvek dobiti na ovom mestu ako neko zna i u mogućnosti je da za to, a hitno je svima nama kad god imamo problem. Idući put daj naslov temi (npr) po nazivu detektovanog malware-a.. Wink

Pozz



Poslao: 28 Nov 2007 12:10
Idi na vrh
offline
  • Pridružio: 27 Nov 2007
  • Poruke: 3

Ok,mnogo se izvinjavam, primljeno k znaju. Hvala,ali....
..ja sam ga izbrisala iz karantina,jesam li zabrljala sad?

Poslao: 28 Nov 2007 12:15
Idi na vrh
offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Jok. Baš naprotiv, uradila si pravu stvar Smile

Poslao: 29 Nov 2007 11:06
Idi na vrh
offline
  • Pridružio: 27 Nov 2007
  • Poruke: 3

E, da i ja nekad "ubodem" pravu stvar Smile

E sad... Veceras ponovo neka "novina"
Pokusah da prebacim nesto sa usb-a,i NOD mi javi ponovo neki virus, poruka u Threat Log-u,stoji--
28.11.2007 20:39:46 AMON file G:\Autorun.inf INF/Autorun virus Error quarantining the object - - deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
Kada skeniram sa nodom nista ne pronalazi, ali u nekom AMON-file sistem monitory pise-Infected 8, cleaned 1, sto mi nekako ne zvuci dobro...

Sta sad?!

Dopuna: 29 Nov 2007 11:06

Zaboravili na mene? Crying or Very sad

Poslao: 29 Nov 2007 14:07
Idi na vrh
offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Haa.. šta sad ? Razz btw. Nismo zaboravili.. :]
Moraš i ti sama malo da se pokreneš. Upoznaj zaštitni softver koji koristiš.

Evo našao sam ti jednu temu baš o "nekom AMON-file sistem monitory" Wink
[Link mogu videti samo ulogovani korisnici]
Imaš tu i uopšteno o ostalim komponentama, podešavanjima, detekciji i greškama.. Pročitaj i biće ti jasnije dosta toga.

Ako budeš imala još neko pitanje oko anti-virusa, postavi ga ovde.

Pozz

MyCity » Ambulanta -> Arhiva Ambulante » Trojanac win32/agent ponovo

Ko je trenutno na forumu
 

Ukupno su 1223 korisnika na forumu :: 106 registrovanih, 8 sakrivenih i 1109 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, Arhiv, Avalon015, babaroga, bobomicek, Bojan198527, bojanM84, Boris90, boxbole, bpvl, Brankojle, bukefal, burevestnik, coaaco, CrazyDiablo, DejanCG, Demi87, Denaya, Dimitrije Paunovic, djboj, dragoljub11987, Duh sa sekirom, dulleo, Dzoni2412, EXIT78, feanor, g_g, gagidjuric, gasha, Gheljda, gomago, gregorxix, Haris, havoc995, Holy Saber, ILGromovnik, interesujeme, ivanR164, IvanVa, jodzula, Joja, Jomini, Još malo pa deda, Kalem, Kanader, Kenanjoz, Kruger, Krusarac, KUZMAR, kybonacci, Lazokobra, Litostroton, Macalone, Miki 84, mikrimaus, miodrag, moldway, Natuzzi, nebkv, nelezele, nerislav2025, nextyamb, pacika, Peruta, Phalanx, Pilence, Povratak1912, probisic, Profesor_018, raptorsi, raster12, redstar011, RJ, royst33, Rusmir, samocitam, SamostalniReferent, sap, Semprini, shota91, Sir Budimir, Slavian, SOVO515, Steeeefan, SympathyForTheDevil, t84dar, Tafocus, taomaster, TBoy, tomigun, Toper, Tribal, tvlada, vaso1, vathra, Velizar Laro, vensla, vidra1, Vlad000, vukajlo71, vuksa72, Wrangler, Yugol33, zlaya011, Zoran1959, Žrnov