MyCity » Ambulanta -> Arhiva Ambulante » Win32:Trojan-gen {Other}

Win32:Trojan-gen {Other}

Napisano na dan: 29.8.2008
2

Win32:Trojan-gen {Other}
Pagination Prethodna strana

Idi na vrh

Poslao: 30 Avg 2008 17:05
Idi na vrh
offline
  • PHP developer
  • Pridružio: 22 Mar 2006
  • Poruke: 3747
  • Gde živiš: 127.0.0.1

Konacno sam uspeo da skeniram ComboFix-om. U medjuvremenu je avast zapistao 2 puta, oba fajla su bezbedno smestena u avastov kovcezic.

Citat:ComboFix 08-08-28.06 - Administrator 2008-08-30 16:12:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.543 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\DaTeVidimSad\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM83a4db9f.txt
C:\WINDOWS\BM83a4db9f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\frtylhgf.dll
C:\WINDOWS\system32\henrpeef.exe
C:\WINDOWS\system32\lgmnferx.dll
C:\WINDOWS\system32\mpVEeMoq.ini
C:\WINDOWS\system32\mpVEeMoq.ini2
C:\WINDOWS\system32\npdqwlsb.ini
C:\WINDOWS\system32\voaclpwm.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.

2008-08-30 00:59 . 2008-08-30 00:59 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-08-29 22:01 . 2008-08-29 22:30 <DIR> d-------- C:\VundoFix Backups
2008-08-29 00:21 . 2008-08-29 00:21 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-27 23:07 . 2008-08-27 23:07 <DIR> d-------- C:\Program Files\ESET
2008-08-27 21:04 . 2008-08-27 21:33 <DIR> d-------- C:\Downloads
2008-08-27 21:03 . 2008-08-27 21:55 <DIR> d-------- C:\Program Files\BitComet
2008-08-27 20:17 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-08-27 20:16 . 2008-08-27 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-27 20:13 . 2008-08-27 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-22 19:15 . 2008-08-22 19:16 <DIR> d-------- C:\WINDOWS\NKCCDViewerSetting
2008-08-10 19:17 . 2008-08-10 19:17 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-08-03 21:51 . 2008-08-03 21:51 <DIR> d-------- C:\Program Files\Fun Web Products
2008-07-26 00:00 . 2008-07-26 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-07-24 00:49 . 2008-07-24 00:49 <DIR> d-------- C:\Program Files\Easy Thumbnails
2008-07-24 00:49 . 2008-07-24 00:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Easy Thumbnails
2008-07-23 19:41 . 2008-07-23 19:41 <DIR> d-------- C:\WINDOWS\Sun
2008-07-23 19:25 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-23 19:25 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-23 19:25 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-23 19:25 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-18 21:38 . 2008-07-18 21:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-18 15:43 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-18 15:43 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-18 15:29 . 2008-07-25 03:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-18 14:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-18 14:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-18 14:47 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-16 01:53 . 2008-07-28 19:14 67 --a------ C:\Program
2008-07-16 01:40 . <DIR> C:\Program Files\Professional crI_t v.3 Light Blue
2008-07-15 02:21 . 2008-08-12 01:20 <DIR> d-------- C:\Program Files\PokerStars
2008-07-09 20:57 . 2008-08-29 10:19 25 --a------ C:\WINDOWS\popcinfo.dat
2008-07-09 14:07 . 2008-08-22 21:56 921,632 --a------ C:\PA7302.DAT
2008-07-09 13:52 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-07-09 13:39 . 2008-07-09 13:39 <DIR> d-------- C:\WINDOWS\PixArt
2008-07-09 13:39 . 2008-07-09 13:39 <DIR> d-------- C:\Program Files\Common Files\PAC7302
2008-07-09 13:39 . 2006-11-03 10:59 48,128 --a------ C:\WINDOWS\system32\Remove.exe
2008-07-09 13:39 . 2007-05-08 10:11 291 --a------ C:\WINDOWS\system32\Remover.ini
2008-07-09 13:38 . 2008-07-09 13:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-09 13:36 . 2005-04-03 20:56 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-07-09 13:35 . 2008-08-04 18:24 <DIR> d-------- C:\WINDOWS\Album
2008-07-09 13:35 . 2008-07-09 13:35 <DIR> d-------- C:\Program Files\KYE
2008-07-09 13:01 . 2008-07-09 13:01 1,160 --a------ C:\WINDOWS\mozver.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 19:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-08-29 16:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-08-28 21:28 --------- d-----w C:\Program Files\Professional §©®ÎÞt v.3 Light Blue
2008-07-28 14:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-18 12:51 --------- d-----w C:\Program Files\Java
2008-07-12 12:53 --------- d-----w C:\Program Files\Mv2Player
2008-07-09 11:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-30 21:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-30 15:38 --------- d-----w C:\Program Files\DIFX
2008-06-30 15:35 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-30 15:35 --------- d-----w C:\Program Files\Realtek
2008-06-30 15:33 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-06-30 15:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-30 15:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-06-30 15:27 --------- d-----w C:\Program Files\Corel
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-03-05 23:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2004-01-19 00:39 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-03-11 00:40 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 20:41 33792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 00:35 7634944]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-31 00:35 86016]
"PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe" [2006-11-03 11:01 319488]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"nwiz"="nwiz.exe" [2006-10-31 00:35 1622016 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 08:20 16844800 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-08-03 07:22 1826816 C:\WINDOWS\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10444:TCP"= 10444:TCP:BitComet 10444 TCP
"10444:UDP"= 10444:UDP:BitComet 10444 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 PAC7302;Eye 312;C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-04-30 13:26]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A833C46A-D90A-4669-89A1-B6FD5119B571} - C:\WINDOWS\system32\qoMeEVpm.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-8097e803 - C:\WINDOWS\system32\gjvmdawm.dll
HKLM-Run-BM83a4db9f - C:\WINDOWS\system32\frtylhgf.dll
HKLM-Run-RegistryMechanic - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3sw429z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://home.alot.com/?src_id=11094&client_id=a812084ea8429ed8685ba238&camp_id=5&install_time=2008-07-30T10:57:18Z&tb_version=1.2.3
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 16:15:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-30 16:16:53 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-08-30 14:16:50

Pre-Run: 46,991,253,504 bytes free
Post-Run: 47,809,601,536 bytes free

176 --- E O F --- 2008-07-25 18:44:23

Poslao: 30 Avg 2008 19:08
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Log je cist. Nema znakova malwera.

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

Pozzz

Poslao: 31 Avg 2008 03:08
Idi na vrh
offline
  • PHP developer
  • Pridružio: 22 Mar 2006
  • Poruke: 3747
  • Gde živiš: 127.0.0.1

Veeeeeliko HVALA Smile komp vise ne pokazuje simptome zaraze, a scan Avastom nakon ovih intervencija je nasao i izvor zaraze, i uspesno ga ocistio.

Nasao je i par komada u system restore, koji sam kompletno obrisao bez grize savesti.

MyCity » Ambulanta -> Arhiva Ambulante » Win32:Trojan-gen {Other}

Ko je trenutno na forumu
 

Ukupno su 943 korisnika na forumu :: 43 registrovanih, 11 sakrivenih i 889 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., airsuba, Alexandar-1973, bojank, cikadeda, CikaKURE, Djokislav, Duh sa sekirom, dushan, FileFinder, FOX, galerija, goxin, grenadir, ikan, ivan1973, jackreacher011011, janbo, Krusarac, Krvava Devetka, Lucije Kvint, Mercury, MiGac, Milos ZA, nebojsag, nemkea71, nesa1962, nextyamb, NoOneEver Dreams, ozzy, Rakenica, Sirius, slonic_tonic, stankolich, Stanlio, Tas011, Toper, Trpe Grozni, uruk, Vatreni Zmaj, vladetije, zexoni