• Naslovna
• FAQ
• Pravilnik
• O ES-u
• Tim
• Korisnici
• Statistike

 

• elitesecurity ::
• elitemadzone ::
• EMAIL ::
• RSS ::
• ES Mobile

  Niste ulogovani?  Username :   Password:   

• Registracija
• Zaboravili ste password?
• Flashback ▲▼
• Login problem?

 

Pretraga:

 

Srodne teme 02.03.2006. Zvucnici 5.1 veliki problem!! 05.06.2007. Problem u Internet Explorer-u! 20.08.2005. Allpic i eeprom(problem) 11.10.2005. Problem sa zvukom LG 6245 03.05.2006. suse 10 i problem sa usbdisk-om 18.09.2006. problem sa decimalnim brojevima 26.06.2007. Microsoft Vista problem boot!!!! 19.12.2007. Hotmail, Problem. 03.04.2008. smf 1.1.4 i IE login problem 24.10.2008. Telekom ADSL problem Navigacija Brisanje liste Aktuelne teme u ovom forumu: Uloga korisnika u zaštiti operativnog.. Pojavljuje se prozor za translate kada.. rootkit, kako ga se rešiti? zashtita programa !!!! Fceabook problem sa autentifikacijom l.. Cerber3 ransomware Nepoznati Intermediate Certificate Kako da resim ovaj problem Kako da deinstaliram windows defender .. Oonn virus pomoc api backend Eset Maliciozni softver otvara neželjene s.. Ransomware, ncov ekstenzija fajla [FREE] Komercijalan software za zašti.. Ransomware kao oblik malicioznog softv.. Izaberite forum: Linux Linux aplikacije Linux desktop okruženja Linux hardware Windows desktop Windows aplikacije Zaštita Office Windows drajveri Office :: Word Office :: Excel Macintosh Mac hardware Mac software Iphone Enterprise Networking SOHO Networking Wireless Windows mreže Linux mreže Wireless :: WiMax Wireless :: Mikrotik Wireless :: Wireless oprema Linux/UNIX serveri i servisi Unix BSD Skript jezici Security Virtualizacija Cloud Computing Services Security :: Kriptografija i enkripcija .NET 3D programiranje Art of Programming Asembler C/C++ programiranje Kernel i OS programiranje Pascal / Delphi / Kylix Java Embedded sistemi Perl PHP Python Visual Basic 6 Veštačka inteligencija Security Coding XML GameDev - Razvoj Igara Ostali programski jezici PHP :: PHP za početnike PHP :: Smarty template engine .NET :: .NET Desktop razvoj .NET :: ASP.NET .NET :: WPF Programiranje C/C++ programiranje :: C/C++ za početnike Baze podataka MySQL Oracle Access MS SQL Firebird/Interbase PostgreSQL Fiksna telefonija VoIP Udruženje korisnika teleko.. GSM - telefoni GSM - upotreba GSM - servisiranje Mreže i novosti Smartphone Mreže i novosti :: Mobilni internet Mreže i novosti :: Telenor - korisnički servis Mreže i novosti :: VIP - korisnički servis Mreže i novosti :: MTS - korisnički servis Smartphone :: Symbian OS Smartphone :: Windows Mobile Smartphone :: Android GSM - telefoni :: Nokia PDA Uređaji GPS Portable Players Anonimnost i privatnost ISP Browseri E-mail Instant Messaging FTP Google Hosting ISP :: Wireless mreže i ISP ISP :: ADSL E-mail :: Anti-spam Instant Messaging :: IRC Hosting :: Domeni Google :: Gmail E-Marketing Web aplikacije Web dizajn i CSS Web dizajn softver Web razvoj Pretraživači i SEO Flash Javascript i AJAX Web dizajn i CSS :: Kritike Grafički dizajn Izdavaštvo 3D modelovanje Rasterska grafika Vektorska grafika 3D modelovanje :: CAD/CAM Matične ploče, procesori .. Video karte i monitori Storage Ostali hardver Overclocking & Modding PC Konfiguracije Laptopovi Vodič za kupovinu - PC har.. Tablet PC Muzička produkcija Audio kompresija Audio softver Video produkcija Video kompresija Video softver Multimedijalni uređaji Digitalni fotoaparati Digitalne kamere Home Theater Digitalni fotoaparati :: Fotografija Digitalni fotoaparati :: Vodič za kupovinu - Digita.. Elektronika Elektrotehnika Elektronika :: TV uređaji Elektronika :: Radio elektronika i tehnika Elektronika :: Mikrokontroleri Elektronika :: Audio-elektronika Auto-elektronika :: Tuning Vodič za učenje Vodič za posao Vodič za emigraciju Fizika Matematika Nauka Sertifikati Informatika Vodič za učenje :: Seminarski radovi Vodič za učenje :: Obrazovne institucije Vodič za emigraciju :: Život u USA Vodič za emigraciju :: Život u Norveškoj Vodič za emigraciju :: Život u Nemačkoj E-Poslovanje E-Kupovina IT pravo i politika razvoja IT događaji IT berza poslova IS i ERP Ekonomija Berza Cryptocoins IT berza poslova :: Arhiva IT berze poslova IT pravo i politika razvoja :: Registar Nacionalnog ID E-Poslovanje :: E-Transakcije E-Poslovanje :: Forex E-Kupovina :: Platne kartice Digitalna Televizija Advocacy Ankete Predlozi i pitanja Vesti Čekaonica Vesti :: ES leto manifestacija MadZone TechZone Poljoprivreda AutoZone MotoZone Svakodnevnica Video igre MadZone :: Zanimljivi linkovi MadZone :: Kultura TechZone :: Ergonomija TechZone :: Grejanje TechZone :: Klimatizacija TechZone :: Bela tehnika AutoZone :: Fiat Panda club Lista poslednjih: 16, 32, 64, 128 poruka.

youmademyday Član broj: 230772 Poruke: 2 *.tel.net.ba. Profil Problem s rootkitom 30.08.2009. u 12:27 - pre 190 meseci Pozdrav, imam problem sa rootkitom koji je detektirala AVIRA Antivir koja je instalirana na mom kompjuteru. Nakon dolje navedenih scanova sada mi komp normalno radi. Jedina stvar je sto Mozilla Firefox (ver.3.5.) nece da se podigne cak ni u njegovom Safe Mode-u. Nisam siguran je li to jos ima veze sa rootkitom. Mene zanima jesam li se sada zaista rijesio rootkita i zasto ne mogu pokrenuti firefox, odnosno sta da ucinim da bih ga ponovno pokrenuo. Zahvaljujem se na svakoj pomoci. Evo sto sam sve radio: Prvo sto sam uradio je scan sa Malwarebytes' Antimalware. Evo loga: Malwarebytes' Anti-Malware 1.40 Database version: 2701 Windows 5.1.2600 Service Pack 3 30.8.2009 0:42:57 mbam-log-2009-08-30 (00-42-52).txt Scan type: Full Scan (C:\|) Objects scanned: 196198 Time elapsed: 52 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mset (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mset (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\msvtx86.aqmgu (Rootkit.Agent.C) -> No action taken. C:\WINDOWS\Temp\_ex-68.exe (Rogue.SystemSecurity) -> No action taken. C:\Documents and Settings\user\Application Data\wiaserva.log (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\msvdx86.aqmgu (Rootkit.Agent.C) -> No action taken. C:\WINDOWS\system32\msvkx86.aqmgu (Rootkit.Agent.C) -> No action taken. C:\WINDOWS\system32\msvpx86.aqmgu (Rootkit.Agent.C) -> No action taken. C:\Documents and Settings\user\Local Settings\Temp\BN1.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\user\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\user\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken. Nakon toga sam resetovao kompjuter i uradio scan sa rootkim revealerom. Evo i loga za njega: HKLM\SECURITY\Policy\Secrets\SAC* 14.3.2008 10:34 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 14.3.2008 10:34 0 bytes Key name contains embedded nulls (*) HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 15.8.2008 12:14 0 bytes Access is denied. C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 30.8.2009 0:45 64.00 KB Visible in Windows API, but not in MFT or directory index. Onda sam instalirao HiJackThis. Evo i njegov log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:17:34, on 30.8.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\user\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{841BE294-9144-43A4-8B44-8F95F84C9E75}: NameServer = 212.39.98.162,212.39.98.161 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: GP - Sysinternals - www.sysinternals.com - C:\DOCUME~1\user\LOCALS~1\Temp\GP.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KT - Sysinternals - www.sysinternals.com - C:\DOCUME~1\user\LOCALS~1\Temp\KT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6623 bytes Za kraj sam uradio scan sa GMER. Evo i njegov log: GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net Rootkit scan 2009-08-30 12:39:03 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT splf.sys ZwCreateKey [0xF84570E0] SSDT splf.sys ZwEnumerateKey [0xF8475CA2] SSDT splf.sys ZwEnumerateValueKey [0xF8476030] SSDT splf.sys ZwOpenKey [0xF84570C0] SSDT splf.sys ZwQueryKey [0xF8476108] SSDT splf.sys ZwQueryValueKey [0xF8475F88] SSDT splf.sys ZwSetValueKey [0xF847619A] INT 0x62 ? 82BDCBF8 INT 0x74 ? 82098BF8 INT 0x82 ? 82BDCBF8 INT 0x83 ? 82B6EBF8 INT 0x84 ? 82098BF8 INT 0xA4 ? 82098BF8 INT 0xB4 ? 82098BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? splf.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload EF3068AC 5 Bytes JMP 820981D8 .text akftn21w.SYS EF0DA386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text akftn21w.SYS EF0DA3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text akftn21w.SYS EF0DA3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text akftn21w.SYS EF0DA3C9 1 Byte [2E] .text akftn21w.SYS EF0DA3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82B6E2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8488C4C] splf.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8488CA0] splf.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8458040] splf.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F845813C] splf.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84580BE] splf.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84587FC] splf.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84586D2] splf.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8468048] splf.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 820982D8 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!swprintf] C1815753 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeSetEvent] 00002590 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeCancelTimer] 43881855 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!sprintf] 7E8D503F IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] B9E85728 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!ZwClose] E0835200 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoStartTimer] 06468A00 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeInitializeTimer] 8306E8C0 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoInitializeTimer] 023C18C4 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!ZwCreateKey] 52500000 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeSetTimer] E85350F8 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!_allmul] FFFFF848 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!_except_handler3] BE7875C0 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!PoSetPowerState] 00000008 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!_aulldiv] 838D0000 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!strstr] 00001A8C IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!_strupr] E850006A IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!KeTickCount] 808B8D00 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!memmove] 83FFFF68 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!KeGetCurrentIrql] 57B80974 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!KfRaiseIrql] 8B000000 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!KfLowerIrql] 56C35DE5 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!HalGetInterruptVector] 8D08758B IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520 IAT \SystemRoot\System32\Drivers\akftn21w.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 82B6A1F8 AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbohci \Device\USBPDO-0 81F5A500 Device \Driver\PCI_PNP1852 \Device\00000044 splf.sys Device \Driver\dmio \Device\DmControl\DmIoDaemon 82B6C1F8 Device \Driver\dmio \Device\DmControl\DmConfig 82B6C1F8 Device \Driver\dmio \Device\DmControl\DmPnP 82B6C1F8 Device \Driver\dmio \Device\DmControl\DmInfo 82B6C1F8 Device \Driver\usbohci \Device\USBPDO-1 81F5A500 Device \Driver\usbohci \Device\USBPDO-2 81F5A500 Device \Driver\usbehci \Device\USBPDO-3 820AD500 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Ftdisk \Device\HarddiskVolume1 82BDD1F8 Device \Driver\Cdrom \Device\CdRom0 820BB1F8 Device \Driver\Cdrom \Device\CdRom1 820BB1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{841BE294-9144-43A4-8B44-8F95F84C9E75} 82020500 Device \Driver\NetBT \Device\NetBt_Wins_Export 82020500 Device \Driver\NetBT \Device\NetbiosSmb 82020500 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbohci \Device\USBFDO-0 81F5A500 Device \Driver\usbohci \Device\USBFDO-1 81F5A500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81F0F500 Device \Driver\usbohci \Device\USBFDO-2 81F5A500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 81F0F500 Device \Driver\usbehci \Device\USBFDO-3 820AD500 Device \Driver\Ftdisk \Device\FtControl 82BDD1F8 Device \Driver\sptd \Device\2453301852 splf.sys Device \Driver\SiSRaid \Device\Scsi\SiSRaid1 82B6B1F8 Device \Driver\SiSRaid \Device\Scsi\SiSRaid1Port2Path0Target0Lun0 82B6B1F8 Device \Driver\akftn21w \Device\Scsi\akftn21w1Port3Path0Target0Lun0 81F28500 Device \Driver\akftn21w \Device\Scsi\akftn21w1 81F28500 Device \FileSystem\Cdfs \Cdfs 81FBE368 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x33 0x83 0x07 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x17 0xBE 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x16 0x64 0x01 0xFB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x33 0x83 0x07 0xBD ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x17 0xBE 0x9D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x16 0x64 0x01 0xFB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x33 0x83 0x07 0xBD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x17 0xBE 0x9D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x16 0x64 0x01 0xFB ... ---- EOF - GMER 1.0.15 ---- Odgovor na temu

magna86 Anti Malware Fighter Član broj: 189287 Poruke: 557 Sajt: www.mycity.rs/Ambulanta +16 Profil Re: Problem s rootkitom 31.08.2009. u 08:15 - pre 190 meseci Ponovo pokreni Gmer,sacekaj da se zavrsi uvodno skeniranje (ako se pojavi nekakva poruka idi na No) idi na Scan i sacekaj da skeniranje bude zavrseno...klikni Save ...sacuvaj to kao GmerLog1 Klikni desnim tasterom na prozor programa Gmer i odaberi Options >> Only non MS files i klikni Scan ..napravice se novi log...taj log sacuvaj kao GmerLog2 Klikni taster >>> i izaberi Autostart karticu. po zavrsetku skeniranja izaberi Copy,otvori novi notepad,izaberi Paste i taj log sacuvaj kao GmerLog3. Skini na Desktop i ovaj Program,DDS http://download.bleepingcomputer.com/sUBs/dds.scr Pokreni ga i odradi skeniranje...napravice se log ( tj dva loga ,nama treba samo DDS.txt log) ...i te logove zajedno sa ova tri Gmer loga prikaci uz poruku http://www.itfix.biz/images/Malware.JPG Odgovor na temu

valjan Janko Valencik Software Deployer Schneider Electric Novi Sad Moderator Član broj: 158605 Poruke: 3531 *.adsl.eunet.rs. +553 Profil Re: Problem s rootkitom 31.08.2009. u 08:18 - pre 190 meseci Cekaj malo: Citat: Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mset (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mset (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken. i Citat: Files Infected: C:\WINDOWS\system32\msvtx86.aqmgu (Rootkit.Agent.C) -> No action taken. C:\WINDOWS\Temp\_ex-68.exe (Rogue.SystemSecurity) -> No action taken. C:\Documents and Settings\user\Application Data\wiaserva.log (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\msvdx86.aqmgu (Rootkit.Agent.C) -> No action taken. C:\WINDOWS\system32\msvkx86.aqmgu (Rootkit.Agent.C) -> No action taken. C:\WINDOWS\system32\msvpx86.aqmgu (Rootkit.Agent.C) -> No action taken. C:\Documents and Settings\user\Local Settings\Temp\BN1.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\user\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\user\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken. Pa sto je sve ovo "No actions taken"? Da li si proverio da li su svi pronadjeni fajlovi stiklirani i ako nisu da li si ih stiklirao, i pritisnuo Remove Selected i potvrdio sa OK? Odgovor na temu

magna86 Anti Malware Fighter Član broj: 189287 Poruke: 557 Sajt: www.mycity.rs/Ambulanta +16 Profil Re: Problem s rootkitom 31.08.2009. u 08:21 - pre 190 meseci pa ocigledno nije....mogao bi prvo to da odradis (pa onda ako ima potrebe sve ono gore ) ja ludak... mbam log bukvalno preskocio http://www.itfix.biz/images/Malware.JPG Odgovor na temu