Author Topic: trojan,rootkit  (Read 10381 times)

0 Members and 1 Guest are viewing this topic.

sépadubidon

  • Guest
trojan,rootkit
« on: March 10, 2014, 04:08:46 PM »
Hello

I suspect still  virus/rootkit.

I run several time aswmbr who terminate with appcrash.

I need some help, can you make something for this?

Thank you

peter

Nom du journal :Application
Source :       Windows Error Reporting
Date :         10/03/2014 14:20:53
ID de l’événement :1001
Catégorie de la tâche :Aucun
Niveau :       Information
Mots clés :    Classique
Utilisateur :  N/A
Ordinateur :   azerty
Description :
Récipient d’erreurs , type 0
Nom d’événement : APPCRASH
Réponse : Non disponible
ID de CAB : 0

Signature du problème :
P1 : aswMBR(2).exe
P2 : 0.9.9.1771
P3 : 5147644e
P4 : ntdll.dll
P5 : 6.1.7601.18247
P6 : 521ea8e7
P7 : c0000005
P8 : 0002e3be
P9 :
P10 :

Fichiers joints :

Ces fichiers sont peut-être disponibles ici :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_aswMBR(2).exe_432beacaf3fbf7bc35fdc7cd12e1ff5a7869890_19e21bba

Symbole d’analyse :
Nouvelle recherche de la solution : 0
ID de rapport : 37fb5ca5-a854-11e3-a973-c213b54a2eee
Statut du rapport : 0
XML de l’événement :
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" />
    <EventID Qualifiers="0">1001</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-03-10T13:20:53.000000000Z" />
    <EventRecordID>45377</EventRecordID>
    <Channel>Application</Channel>
    <Computer>azerty</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>APPCRASH</Data>
    <Data>Non disponible</Data>
    <Data>0</Data>
    <Data>aswMBR(2).exe</Data>
    <Data>0.9.9.1771</Data>
    <Data>5147644e</Data>
    <Data>ntdll.dll</Data>
    <Data>6.1.7601.18247</Data>
    <Data>521ea8e7</Data>
    <Data>c0000005</Data>
    <Data>0002e3be</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_aswMBR(2).exe_432beacaf3fbf7bc35fdc7cd12e1ff5a7869890_19e21bba</Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>37fb5ca5-a854-11e3-a973-c213b54a2eee</Data>
    <Data>0</Data>
  </EventData>
</Event>




Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: trojan,rootkit
« Reply #1 on: March 10, 2014, 04:17:01 PM »
Hello,
We'll run system diagnostics with these two powerful tools. That will allow us to quickly ascertain whether or not malware may be running on your machine.



=> Please download Farbar Recovery Scan Tool () by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
---    ---    ---    ---    ---    ---


=> Please download GMER, the RootKit Detector tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.
  • Wait for initial scan to finish - if there is any query, click No;
  • Click [ Scan ] button and wait until the full scan is complete;
  • Click [ Save ... ]- save the report to the Desktop (named ARK );

  • Then click the >>> button and select Autostart card;
  • Click [ Scan ] button;
  • After quick scan, click Copy button;
  • Open notepad and Paste text. Save report to the Desktop (named autostart )
> Attach here both Gmer logreports. (ARK.txt and autostart.txt)

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #2 on: March 10, 2014, 10:00:20 PM »
ok so the différents log in size is greater than 512k,

I have compress files but i cannot sent it [rar file!]
i try to send the paste selection in two times...not possible! [greater than 10000 char]

how can i do it?

sorry

peter

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: trojan,rootkit
« Reply #3 on: March 10, 2014, 10:09:49 PM »
Post logs in separate reply if they are small enough...... if not, upload to fileshare site and post download link


sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #4 on: March 10, 2014, 10:39:38 PM »

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #5 on: March 10, 2014, 10:41:11 PM »
addition.txt

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #6 on: March 10, 2014, 10:42:43 PM »
and last autostart.txt

peter

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: trojan,rootkit
« Reply #7 on: March 10, 2014, 10:47:05 PM »
Bonjour.

Supprimé. Je ne vois pas le lien.
« Last Edit: March 10, 2014, 10:49:30 PM by Michael (alan1998) »
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #8 on: March 10, 2014, 11:18:53 PM »
Bonjour Michael,
je viens de cliquer sur le lien et téléchargé à nouveau le fichier,
cela fonctionne...

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #9 on: March 10, 2014, 11:29:51 PM »
on the site http://wikisend.com/
sinds 15 minutes I receive the message:
"We are sorry, but an error has occured while Uploading."

problem on the server...wait...

peter

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: trojan,rootkit
« Reply #10 on: March 11, 2014, 01:23:16 AM »
Bonjour,

je peut accesse le fichier ARK.txt. Ce pas un probleme.

Ou voulez-vous dire un autre fichier? Si oui, quel est le nom de fichier? Essayer de le telecharger aux Google Drive.

Je suis desole de ne pas avoir les accents, je n'ai pas de clavier français: (
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #11 on: March 11, 2014, 08:08:43 AM »
j'ai accidentellement activé le clavier us...désolé,
je retransmets les logs

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #12 on: March 11, 2014, 08:09:43 AM »
addition.txt

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #13 on: March 11, 2014, 08:10:16 AM »
autostart.txt

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #14 on: March 11, 2014, 08:11:43 AM »