MyCity » Ambulanta -> Arhiva Ambulante » Trojan.wn32.autoit.za i Trojan-gamethief.win32.magania.bear

Trojan.wn32.autoit.za i Trojan-gamethief.win32.magania.bear

Napisano na dan: 7.7.2009
1

Trojan.wn32.autoit.za i Trojan-gamethief.win32.magania.bear
Sledeća strana Pagination

Idi na vrh

Poslao: 07 Jul 2009 15:25
Idi na vrh
offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Ima li tragova ovim infekcijama

Logfile of HijackThis v1.99.1
Scan saved at 11:22:14, on 7.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\The Bat!\thebat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Brksi\Desktop\brx.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [thebat_startup] C:\Program Files\The Bat!\thebat.exe /minimize
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: BUG's Birthday Buddy.lnk = C:\Program Files\BUG Software\Contact.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: WF_RemCtrl.lnk = C:\Program Files\WinFast\WFTVFM\Remote prog\WF_RemCtrl.exe
O8 - Extra context menu item: Dodaj u Protiv reklama - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistika mrežnog Anti-Virusa - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Poslao: 07 Jul 2009 15:53
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo Brksi. Koristio si stariju verziju HJT-a.

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 07 Jul 2009 16:17
Idi na vrh
offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

https://www.mycity.rs/must-login.png

ComboFix 09-07-06.03 - Brksi 07.07.2009 16:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.3071.2535 [GMT 2:00]
Running from: c:\documents and settings\Brksi\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-448173340-3470804536-1184880548-1000
c:\program files\The Bat!\thebat.exe
c:\windows\Installer\b04cb1.msi
c:\windows\Installer\e5afe5.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-06 16:18 . 2009-07-06 16:18 -------- d-----w- c:\documents and settings\Brksi\Application Data\Apple Computer
2009-07-06 16:18 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-06 16:18 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-06 16:18 . 2009-07-06 16:18 -------- d-----w- c:\program files\iPod
2009-07-06 16:18 . 2009-07-06 16:18 -------- d-----w- c:\program files\iTunes
2009-07-06 16:18 . 2009-07-06 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-06 16:17 . 2009-07-06 16:17 -------- d-----w- c:\program files\Bonjour
2009-07-06 16:16 . 2009-07-06 16:18 -------- d-----w- c:\program files\Common Files\Apple
2009-07-06 13:19 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-06 13:19 . 2008-04-14 03:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-05 17:39 . 2009-07-05 17:39 -------- d-----w- c:\documents and settings\Brksi\Application Data\Ulead Systems
2009-07-05 17:32 . 2009-07-05 17:32 -------- d-----w- c:\program files\Common Files\InterVideo
2009-07-05 17:32 . 2009-07-05 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-07-05 17:32 . 2002-11-22 00:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-07-05 17:32 . 2002-11-22 00:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-07-05 17:32 . 2002-11-22 00:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-07-05 17:32 . 2002-11-22 00:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-07-05 17:32 . 2002-11-22 00:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-07-05 17:32 . 2002-11-22 00:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2009-07-05 17:30 . 2007-01-03 21:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-07-05 17:30 . 2007-01-03 21:58 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-07-05 17:29 . 2009-07-05 17:29 -------- d-----w- c:\program files\Common Files\LightScribe
2009-07-05 17:15 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-07-03 15:54 . 2009-07-03 15:54 -------- d-----w- c:\program files\QuickTime
2009-07-03 15:54 . 2009-07-06 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-03 15:54 . 2009-07-03 15:54 -------- d-----w- c:\documents and settings\Brksi\Local Settings\Application Data\Apple
2009-07-03 15:54 . 2009-07-03 15:54 -------- d-----w- c:\program files\Apple Software Update
2009-07-03 15:54 . 2009-07-03 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-03 15:53 . 2009-07-06 16:18 -------- d-----w- c:\documents and settings\Brksi\Local Settings\Application Data\Apple Computer
2009-06-27 11:20 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-06-27 11:20 . 2009-06-27 11:21 -------- d-----w- c:\program files\PDFCreator
2009-06-27 11:20 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-06-15 17:37 . 2009-06-15 17:37 -------- d-----w- c:\program files\PC Inspector File Recovery
2009-06-14 09:14 . 2009-06-14 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-06-14 09:14 . 2009-06-14 09:14 -------- d-----w- c:\program files\DVD Shrink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 14:09 . 2009-04-21 17:00 17084960 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-07 14:09 . 2009-04-21 17:00 640544 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-07 14:08 . 2009-04-21 19:34 -------- d-----w- c:\documents and settings\Brksi\Application Data\Skype
2009-07-07 14:08 . 2009-05-19 18:07 -------- d-----w- c:\program files\BUG Software
2009-07-07 14:06 . 2009-04-21 17:00 66248 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-07 14:06 . 2009-04-21 17:00 250604 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-07 14:05 . 2009-04-21 18:38 -------- d-----w- c:\program files\The Bat!
2009-07-07 09:13 . 2009-04-21 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-07 09:13 . 2009-04-21 18:39 -------- d-----w- c:\documents and settings\Brksi\Application Data\The Bat!
2009-07-05 17:36 . 2009-04-21 16:12 95504 ----a-w- c:\documents and settings\Brksi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 17:32 . 2009-04-21 15:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 17:30 . 2009-04-21 17:26 -------- d-----w- c:\program files\DivX
2009-07-05 17:23 . 2009-04-21 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-07-05 17:21 . 2009-04-21 15:41 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-07-05 17:17 . 2009-04-21 15:41 -------- d-----w- c:\program files\Ulead Systems
2009-07-05 17:00 . 2009-06-04 08:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-05 14:42 . 2009-06-01 11:50 -------- d-----w- c:\program files\Sound Forge
2009-06-23 23:32 . 2009-04-21 19:25 -------- d-----w- c:\program files\Trillian
2009-06-16 13:19 . 2009-05-24 12:58 -------- d-----w- c:\program files\DOSBox-0.72
2009-06-14 11:47 . 2009-04-21 19:36 -------- d-----w- c:\documents and settings\Brksi\Application Data\skypePM
2009-06-14 09:38 . 2009-04-29 11:57 -------- d-----w- c:\documents and settings\Brksi\Application Data\Ahead
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 18:39 . 2009-06-04 18:38 -------- d-----w- c:\documents and settings\Brksi\Application Data\TeamViewer
2009-06-04 09:34 . 2009-06-04 09:34 1865064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\LT\ProcessWatch.exe
2009-06-04 09:32 . 2009-06-04 09:32 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-04 09:32 . 2009-06-04 09:17 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-04 09:16 . 2009-06-04 09:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-04 09:16 . 2009-06-04 09:16 -------- d-----w- c:\program files\Lavasoft
2009-06-04 09:16 . 2009-06-03 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-04 08:59 . 2009-06-04 08:55 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-06-04 08:58 . 2009-06-03 17:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-04 08:55 . 2009-06-04 08:55 -------- d-----w- c:\documents and settings\Brksi\Application Data\URSoft
2009-06-03 12:44 . 2009-04-21 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-01 11:51 . 2009-06-01 11:51 -------- d-----w- c:\program files\Sonic Foundry MP3 Plug-In
2009-05-25 18:24 . 2009-05-25 18:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-25 18:24 . 2009-05-25 18:24 -------- d-----w- c:\program files\Java
2009-05-25 18:23 . 2009-05-25 18:23 152576 ----a-w- c:\documents and settings\Brksi\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-24 12:54 . 2009-05-24 12:54 -------- d-----w- c:\documents and settings\Brksi\Application Data\IDMComp
2009-05-24 12:54 . 2009-05-24 12:54 -------- d-----w- c:\program files\UltraEdit
2009-05-21 19:14 . 2009-04-21 17:01 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-21 19:14 . 2009-04-21 17:01 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-19 18:00 . 2009-05-19 18:00 -------- d-----w- c:\program files\Web Publish
2009-05-19 17:31 . 2009-05-19 17:31 2678 ----a-w- c:\windows\java\Packages\Data\6575VHZT.DAT
2009-05-19 17:31 . 2009-05-19 17:31 2678 ----a-w- c:\windows\java\Packages\Data\F9JHBJ3V.DAT
2009-05-19 17:31 . 2009-05-19 17:31 2678 ----a-w- c:\windows\java\Packages\Data\7D71VDVX.DAT
2009-05-19 17:31 . 2009-05-19 17:31 2678 ----a-w- c:\windows\java\Packages\Data\35BZPVL3.DAT
2009-05-13 16:09 . 2009-05-13 16:09 -------- d-----w- c:\program files\Windows Media Components
2009-05-11 19:35 . 2009-05-11 19:35 5430 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{BA28EF74-7FA3-44A9-A4FE-A97CB01311BB}\_F358EBCB0E76F1E24C436A.exe
2009-05-11 19:35 . 2009-05-11 19:35 5430 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{BA28EF74-7FA3-44A9-A4FE-A97CB01311BB}\_6FEFF9B68218417F98F549.exe
2009-05-11 19:35 . 2009-05-11 19:35 5430 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{BA28EF74-7FA3-44A9-A4FE-A97CB01311BB}\_69AA9D68D200DD2F730D86.exe
2009-05-11 19:35 . 2009-05-11 19:35 5430 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{BA28EF74-7FA3-44A9-A4FE-A97CB01311BB}\_386CB149566A2A61863128.exe
2009-05-11 19:35 . 2009-05-11 19:35 -------- d-----w- c:\program files\Readon Technology
2009-05-11 19:33 . 2009-05-11 19:33 182024 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-11 19:33 . 2009-05-11 19:33 -------- d-----w- c:\program files\MSBuild
2009-05-11 19:33 . 2009-05-11 19:33 -------- d-----w- c:\program files\Reference Assemblies
2009-04-24 10:40 . 2009-04-24 10:40 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-04-24 09:52 . 2009-04-24 09:52 26694 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
2009-04-24 09:52 . 2009-04-24 09:52 26694 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-04-24 09:52 . 2009-04-24 09:52 26694 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-04-24 09:52 . 2009-04-24 09:52 26694 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
2009-04-23 13:37 . 2009-04-23 12:30 485 ----a-w- C:\inVHDDrvLog.dat
2009-04-23 13:34 . 2009-04-23 12:27 86016 ----a-w- c:\windows\system32\Dversion.dll
2009-04-23 13:34 . 2009-04-23 12:27 110592 ----a-w- c:\windows\system32\DVC.dll
2009-04-22 21:26 . 2009-04-21 15:01 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-22 09:36 . 2009-04-22 09:36 61440 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{C619B312-19F3-460A-9F7B-443248379F18}\ARPPRODUCTICON.exe
2009-04-21 19:36 . 2009-04-21 19:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-21 19:14 . 2009-04-21 19:14 131072 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{AFF2F374-AAE3-48E5-BB3C-78305D25D5C4}\NewShortcut3_AFF2F374AAE348E5BB3C78305D25D5C4.exe
2009-04-21 19:14 . 2009-04-21 19:14 131072 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{AFF2F374-AAE3-48E5-BB3C-78305D25D5C4}\NewShortcut1_AFF2F374AAE348E5BB3C78305D25D5C4.exe
2009-04-21 19:14 . 2009-04-21 19:14 10134 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{AFF2F374-AAE3-48E5-BB3C-78305D25D5C4}\ARPPRODUCTICON.exe
2009-04-21 18:34 . 2009-04-21 18:34 45056 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2009-04-21 17:43 . 2009-04-21 17:43 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-04-21 17:20 . 2007-04-28 13:51 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-04-21 17:20 . 2009-04-21 17:20 112144 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys
2009-04-21 17:20 . 2009-04-21 17:20 682512 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll
2009-04-21 17:20 . 2009-04-21 17:20 194320 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys
2009-04-21 17:20 . 2009-04-21 17:20 150032 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll
2009-04-21 17:20 . 2009-04-21 17:20 342544 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll
2009-04-21 16:43 . 2009-04-21 16:43 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-04-21 16:23 . 2009-04-21 16:13 100921 ----a-w- c:\windows\hpgins17.dat
2009-04-21 16:23 . 2009-04-21 16:23 128 ----a-w- c:\documents and settings\Brksi\Local Settings\Application Data\fusioncache.dat
2009-04-21 14:58 . 2009-04-21 14:58 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2008-05-25 19:17 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-05-04 282624]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-04 518488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 218376]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-14 99840]

c:\documents and settings\Brksi\Start Menu\Programs\Startup\
BUG's Birthday Buddy.lnk - c:\program files\BUG Software\Contact.exe [2009-5-19 270336]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2007-7-19 1873280]
WF_RemCtrl.lnk - c:\program files\WinFast\WFTVFM\Remote prog\WF_RemCtrl.exe [2009-4-21 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4.6.2009 11:17 64160]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 18:08 81688]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [21.4.2009 17:36 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [21.4.2009 17:36 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [21.4.2009 17:36 34789]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4.4.2007 13:58 24344]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [21.4.2009 17:41 9446]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1005904]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-thebat_startup - c:\program files\The Bat!\thebat.exe
HKLM-Run-CmPCIaudio - CMICNFG3.CPL


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Brksi\Application Data\Mozilla\Firefox\Profiles\rjurc5d9.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1224)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1280)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

- - - - - - - > 'explorer.exe'(4296)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\program files\Trillian\events.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NetLimiter 2 Monitor\nlsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NetLimiter 2 Monitor\NLClient.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-07-07 16:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 14:11

Pre-Run: 42.706.382.848 bytes free
Post-Run: 42.756.706.304 bytes free

267

Poslao: 07 Jul 2009 16:26
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zipuj/raruj sledece C:\Qoobox i posalji na upload preko ovog linka

http://www.mycity.rs/ambulanta-upload.php

Poslao: 07 Jul 2009 17:45
Idi na vrh
offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Napisano: 07 Jul 2009 17:21

Karantin je prevelik za kacenje. Probao sam vratiti neke fajove btw smatram da su svi legitimni fajlovi obrisani.... i posle kucanja skripte

DEQUARANTINE::
C:\Qoobox\Quarantine\C\Program Files\The Bat!\hebat.exe.vi
QUIT::

cf je kao nesto uradio ali exe nije vratio evo novog loga


https://www.mycity.rs/must-login.png

Dopuna: 07 Jul 2009 17:45

https://www.mycity.rs/must-login.png

Poslao: 07 Jul 2009 18:50
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Uploaduj mi: C:\Qoobox\Quarantine\C\WINDOWS\system32\mdm.exe.vir

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

Poslao: 07 Jul 2009 19:13
Idi na vrh
offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Na sta sumljate............. sta me snaslo

Poslao: 07 Jul 2009 19:19
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Brksi ::Na sta sumljate............. sta me snaslo

Ne mozemo da gatamo u pasulj, uploaduj. Smile

Poslao: 07 Jul 2009 19:22
Idi na vrh
offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Ova verzija comboa buguje....... sad cu up

Poslao: 07 Jul 2009 19:40
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Javi kad uploadujes.

MyCity » Ambulanta -> Arhiva Ambulante » Trojan.wn32.autoit.za i Trojan-gamethief.win32.magania.bear

Ko je trenutno na forumu
 

Ukupno su 505 korisnika na forumu :: 17 registrovanih, 2 sakrivenih i 486 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, A.R.Chafee.Jr., drimer, HrcAk47, indja, loon123, Mi lao shu, mikrimaus, mnn2, nedeljkovici, nenad81, pavlo, Profica, RecA, ruma, Zimbabwe, šumar bk2