Trojan.wn32.autoit.za i Trojan-gamethief.win32.magania.bear

1

Trojan.wn32.autoit.za i Trojan-gamethief.win32.magania.bear

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Ima li tragova ovim infekcijama

Logfile of HijackThis v1.99.1
Scan saved at 11:22:14, on 7.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\The Bat!\thebat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Brksi\Desktop\brx.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [thebat_startup] C:\Program Files\The Bat!\thebat.exe /minimize
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: BUG's Birthday Buddy.lnk = C:\Program Files\BUG Software\Contact.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: WF_RemCtrl.lnk = C:\Program Files\WinFast\WFTVFM\Remote prog\WF_RemCtrl.exe
O8 - Extra context menu item: Dodaj u Protiv reklama - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistika mrežnog Anti-Virusa - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo Brksi. Koristio si stariju verziju HJT-a.

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

https://www.mycity.rs/must-login.png

ComboFix 09-07-06.03 - Brksi 07.07.2009 16:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.3071.2535 [GMT 2:00]
Running from: c:\documents and settings\Brksi\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-448173340-3470804536-1184880548-1000
c:\program files\The Bat!\thebat.exe
c:\windows\Installer\b04cb1.msi
c:\windows\Installer\e5afe5.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-06 16:18 . 2009-07-06 16:18 -------- d-----w- c:\documents and settings\Brksi\Application Data\Apple Computer
2009-07-06 16:18 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-06 16:18 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-06 16:18 . 2009-07-06 16:18 -------- d-----w- c:\program files\iPod
2009-07-06 16:18 . 2009-07-06 16:18 -------- d-----w- c:\program files\iTunes
2009-07-06 16:18 . 2009-07-06 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-06 16:17 . 2009-07-06 16:17 -------- d-----w- c:\program files\Bonjour
2009-07-06 16:16 . 2009-07-06 16:18 -------- d-----w- c:\program files\Common Files\Apple
2009-07-06 13:19 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-06 13:19 . 2008-04-14 03:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-05 17:39 . 2009-07-05 17:39 -------- d-----w- c:\documents and settings\Brksi\Application Data\Ulead Systems
2009-07-05 17:32 . 2009-07-05 17:32 -------- d-----w- c:\program files\Common Files\InterVideo
2009-07-05 17:32 . 2009-07-05 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-07-05 17:32 . 2002-11-22 00:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-07-05 17:32 . 2002-11-22 00:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-07-05 17:32 . 2002-11-22 00:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-07-05 17:32 . 2002-11-22 00:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-07-05 17:32 . 2002-11-22 00:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-07-05 17:32 . 2002-11-22 00:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2009-07-05 17:30 . 2007-01-03 21:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-07-05 17:30 . 2007-01-03 21:58 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-07-05 17:29 . 2009-07-05 17:29 -------- d-----w- c:\program files\Common Files\LightScribe
2009-07-05 17:15 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-07-03 15:54 . 2009-07-03 15:54 -------- d-----w- c:\program files\QuickTime
2009-07-03 15:54 . 2009-07-06 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-03 15:54 . 2009-07-03 15:54 -------- d-----w- c:\documents and settings\Brksi\Local Settings\Application Data\Apple
2009-07-03 15:54 . 2009-07-03 15:54 -------- d-----w- c:\program files\Apple Software Update
2009-07-03 15:54 . 2009-07-03 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-03 15:53 . 2009-07-06 16:18 -------- d-----w- c:\documents and settings\Brksi\Local Settings\Application Data\Apple Computer
2009-06-27 11:20 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-06-27 11:20 . 2009-06-27 11:21 -------- d-----w- c:\program files\PDFCreator
2009-06-27 11:20 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-06-15 17:37 . 2009-06-15 17:37 -------- d-----w- c:\program files\PC Inspector File Recovery
2009-06-14 09:14 . 2009-06-14 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-06-14 09:14 . 2009-06-14 09:14 -------- d-----w- c:\program files\DVD Shrink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 14:09 . 2009-04-21 17:00 17084960 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-07 14:09 . 2009-04-21 17:00 640544 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-07 14:08 . 2009-04-21 19:34 -------- d-----w- c:\documents and settings\Brksi\Application Data\Skype
2009-07-07 14:08 . 2009-05-19 18:07 -------- d-----w- c:\program files\BUG Software
2009-07-07 14:06 . 2009-04-21 17:00 66248 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-07 14:06 . 2009-04-21 17:00 250604 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-07 14:05 . 2009-04-21 18:38 -------- d-----w- c:\program files\The Bat!
2009-07-07 09:13 . 2009-04-21 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-07 09:13 . 2009-04-21 18:39 -------- d-----w- c:\documents and settings\Brksi\Application Data\The Bat!
2009-07-05 17:36 . 2009-04-21 16:12 95504 ----a-w- c:\documents and settings\Brksi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 17:32 . 2009-04-21 15:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 17:30 . 2009-04-21 17:26 -------- d-----w- c:\program files\DivX
2009-07-05 17:23 . 2009-04-21 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-07-05 17:21 . 2009-04-21 15:41 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-07-05 17:17 . 2009-04-21 15:41 -------- d-----w- c:\program files\Ulead Systems
2009-07-05 17:00 . 2009-06-04 08:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-05 14:42 . 2009-06-01 11:50 -------- d-----w- c:\program files\Sound Forge
2009-06-23 23:32 . 2009-04-21 19:25 -------- d-----w- c:\program files\Trillian
2009-06-16 13:19 . 2009-05-24 12:58 -------- d-----w- c:\program files\DOSBox-0.72
2009-06-14 11:47 . 2009-04-21 19:36 -------- d-----w- c:\documents and settings\Brksi\Application Data\skypePM
2009-06-14 09:38 . 2009-04-29 11:57 -------- d-----w- c:\documents and settings\Brksi\Application Data\Ahead
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 18:39 . 2009-06-04 18:38 -------- d-----w- c:\documents and settings\Brksi\Application Data\TeamViewer
2009-06-04 09:34 . 2009-06-04 09:34 1865064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\LT\ProcessWatch.exe
2009-06-04 09:32 . 2009-06-04 09:32 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-04 09:32 . 2009-06-04 09:17 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-04 09:16 . 2009-06-04 09:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-04 09:16 . 2009-06-04 09:16 -------- d-----w- c:\program files\Lavasoft
2009-06-04 09:16 . 2009-06-03 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-04 08:59 . 2009-06-04 08:55 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-06-04 08:58 . 2009-06-03 17:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-04 08:55 . 2009-06-04 08:55 -------- d-----w- c:\documents and settings\Brksi\Application Data\URSoft
2009-06-03 12:44 . 2009-04-21 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-01 11:51 . 2009-06-01 11:51 -------- d-----w- c:\program files\Sonic Foundry MP3 Plug-In
2009-05-25 18:24 . 2009-05-25 18:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-25 18:24 . 2009-05-25 18:24 -------- d-----w- c:\program files\Java
2009-05-25 18:23 . 2009-05-25 18:23 152576 ----a-w- c:\documents and settings\Brksi\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-24 12:54 . 2009-05-24 12:54 -------- d-----w- c:\documents and settings\Brksi\Application Data\IDMComp
2009-05-24 12:54 . 2009-05-24 12:54 -------- d-----w- c:\program files\UltraEdit
2009-05-21 19:14 . 2009-04-21 17:01 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-21 19:14 . 2009-04-21 17:01 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-19 18:00 . 2009-05-19 18:00 -------- d-----w- c:\program files\Web Publish
2009-05-19 17:31 . 2009-05-19 17:31 2678 ----a-w- c:\windows\java\Packages\Data\6575VHZT.DAT
2009-05-19 17:31 . 2009-05-19 17:31 2678 ----a-w- c:\windows\java\Packages\Data\F9JHBJ3V.DAT
2009-05-19 17:31 . 2009-05-19 17:31 2678 ----a-w- c:\windows\java\Packages\Data\7D71VDVX.DAT
2009-05-19 17:31 . 2009-05-19 17:31 2678 ----a-w- c:\windows\java\Packages\Data\35BZPVL3.DAT
2009-05-13 16:09 . 2009-05-13 16:09 -------- d-----w- c:\program files\Windows Media Components
2009-05-11 19:35 . 2009-05-11 19:35 5430 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{BA28EF74-7FA3-44A9-A4FE-A97CB01311BB}\_F358EBCB0E76F1E24C436A.exe
2009-05-11 19:35 . 2009-05-11 19:35 5430 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{BA28EF74-7FA3-44A9-A4FE-A97CB01311BB}\_6FEFF9B68218417F98F549.exe
2009-05-11 19:35 . 2009-05-11 19:35 5430 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{BA28EF74-7FA3-44A9-A4FE-A97CB01311BB}\_69AA9D68D200DD2F730D86.exe
2009-05-11 19:35 . 2009-05-11 19:35 5430 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{BA28EF74-7FA3-44A9-A4FE-A97CB01311BB}\_386CB149566A2A61863128.exe
2009-05-11 19:35 . 2009-05-11 19:35 -------- d-----w- c:\program files\Readon Technology
2009-05-11 19:33 . 2009-05-11 19:33 182024 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-11 19:33 . 2009-05-11 19:33 -------- d-----w- c:\program files\MSBuild
2009-05-11 19:33 . 2009-05-11 19:33 -------- d-----w- c:\program files\Reference Assemblies
2009-04-24 10:40 . 2009-04-24 10:40 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-04-24 09:52 . 2009-04-24 09:52 26694 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
2009-04-24 09:52 . 2009-04-24 09:52 26694 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-04-24 09:52 . 2009-04-24 09:52 26694 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-04-24 09:52 . 2009-04-24 09:52 26694 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
2009-04-23 13:37 . 2009-04-23 12:30 485 ----a-w- C:\inVHDDrvLog.dat
2009-04-23 13:34 . 2009-04-23 12:27 86016 ----a-w- c:\windows\system32\Dversion.dll
2009-04-23 13:34 . 2009-04-23 12:27 110592 ----a-w- c:\windows\system32\DVC.dll
2009-04-22 21:26 . 2009-04-21 15:01 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-22 09:36 . 2009-04-22 09:36 61440 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{C619B312-19F3-460A-9F7B-443248379F18}\ARPPRODUCTICON.exe
2009-04-21 19:36 . 2009-04-21 19:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-21 19:14 . 2009-04-21 19:14 131072 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{AFF2F374-AAE3-48E5-BB3C-78305D25D5C4}\NewShortcut3_AFF2F374AAE348E5BB3C78305D25D5C4.exe
2009-04-21 19:14 . 2009-04-21 19:14 131072 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{AFF2F374-AAE3-48E5-BB3C-78305D25D5C4}\NewShortcut1_AFF2F374AAE348E5BB3C78305D25D5C4.exe
2009-04-21 19:14 . 2009-04-21 19:14 10134 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{AFF2F374-AAE3-48E5-BB3C-78305D25D5C4}\ARPPRODUCTICON.exe
2009-04-21 18:34 . 2009-04-21 18:34 45056 ----a-r- c:\documents and settings\Brksi\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2009-04-21 17:43 . 2009-04-21 17:43 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-04-21 17:20 . 2007-04-28 13:51 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-04-21 17:20 . 2009-04-21 17:20 112144 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys
2009-04-21 17:20 . 2009-04-21 17:20 682512 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll
2009-04-21 17:20 . 2009-04-21 17:20 194320 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys
2009-04-21 17:20 . 2009-04-21 17:20 150032 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll
2009-04-21 17:20 . 2009-04-21 17:20 342544 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll
2009-04-21 16:43 . 2009-04-21 16:43 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-04-21 16:23 . 2009-04-21 16:13 100921 ----a-w- c:\windows\hpgins17.dat
2009-04-21 16:23 . 2009-04-21 16:23 128 ----a-w- c:\documents and settings\Brksi\Local Settings\Application Data\fusioncache.dat
2009-04-21 14:58 . 2009-04-21 14:58 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2008-05-25 19:17 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-05-04 282624]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-04 518488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 218376]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-14 99840]

c:\documents and settings\Brksi\Start Menu\Programs\Startup\
BUG's Birthday Buddy.lnk - c:\program files\BUG Software\Contact.exe [2009-5-19 270336]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2007-7-19 1873280]
WF_RemCtrl.lnk - c:\program files\WinFast\WFTVFM\Remote prog\WF_RemCtrl.exe [2009-4-21 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4.6.2009 11:17 64160]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 18:08 81688]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [21.4.2009 17:36 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [21.4.2009 17:36 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [21.4.2009 17:36 34789]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4.4.2007 13:58 24344]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [21.4.2009 17:41 9446]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1005904]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-thebat_startup - c:\program files\The Bat!\thebat.exe
HKLM-Run-CmPCIaudio - CMICNFG3.CPL


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Brksi\Application Data\Mozilla\Firefox\Profiles\rjurc5d9.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1224)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1280)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

- - - - - - - > 'explorer.exe'(4296)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\program files\Trillian\events.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NetLimiter 2 Monitor\nlsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NetLimiter 2 Monitor\NLClient.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-07-07 16:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 14:11

Pre-Run: 42.706.382.848 bytes free
Post-Run: 42.756.706.304 bytes free

267

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zipuj/raruj sledece C:\Qoobox i posalji na upload preko ovog linka

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Napisano: 07 Jul 2009 17:21

Karantin je prevelik za kacenje. Probao sam vratiti neke fajove btw smatram da su svi legitimni fajlovi obrisani.... i posle kucanja skripte

DEQUARANTINE::
C:\Qoobox\Quarantine\C\Program Files\The Bat!\hebat.exe.vi
QUIT::

cf je kao nesto uradio ali exe nije vratio evo novog loga


https://www.mycity.rs/must-login.png

Dopuna: 07 Jul 2009 17:45

https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Uploaduj mi: C:\Qoobox\Quarantine\C\WINDOWS\system32\mdm.exe.vir

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Na sta sumljate............. sta me snaslo

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Brksi ::Na sta sumljate............. sta me snaslo

Ne mozemo da gatamo u pasulj, uploaduj. Smile

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Ova verzija comboa buguje....... sad cu up

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Javi kad uploadujes.

Ko je trenutno na forumu
 

Ukupno su 1149 korisnika na forumu :: 38 registrovanih, 8 sakrivenih i 1103 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, 8u47, amaterSRB, Asparagus, babaroga, Ben Roj, bokisha253, bolenbgd, Denaya, Doca, Dovla, draganl, FOX, Grond, Insan, JanaH, kikisp, Kruger, Kubovac, laurusri, mačković, mercedesamg, Milometer, Milos1389, mkukoleca, NMNJ, novator, opt1, pein, pristinski korpus, Sirius, stegonosa, trutcina, USSVoyager, Vlad000, Vlada1389, Vlada78, W123