MyCity » Ambulanta -> Arhiva Ambulante » PDM.Keylogger malware

PDM.Keylogger malware

Napisano na dan: 12.4.2010

PDM.Keylogger malware

Sledeća strana

Pagination

Odgovori

Antares56 Poslao: 12 Apr 2010 00:56 Idi na vrh
offline Antares56 Građanin Pridružio: 16 Mar 2009 Poruke: 147	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 12 Apr 2010 0:37 Koristi Windows Vista OS i Kasperski AV mi prijavljuje PDM.Keylogger driver file Kernel mode memory patch kao malware ali ne moze da ga izbrise. Od pre 2 dana svaki put pri startovanju racunara AV ga detektuje. Internet konekcija preko Telenor 3G modema Huawei E1550. Logovi: DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 23:44:17.27 on Sun 04/11/2010 Internet Explorer: 7.0.6001.18000 Windows Windows Vista™ Extreme Edition 6.0.6001.1.1252.1.1033.18.1919.1056 [GMT 2:00] SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\lxdncoms.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\vmsnap3.exe C:\Windows\Domino.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Telenor Internet\Telenor Internet.exe C:\Users\Administrator\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll TB: Babylon: {965b54b0-71e0-4611-8de7-f73fa0b20e26} - c:\program files\babylon\babylon toolbar\BabylonIEToolBar.dll TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" mRun: [VMSnap3] c:\windows\VMSnap3.exe mRun: [Domino] c:\windows\Domino.exe mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe" mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe" mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableInstallerDetection = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll TCP: {EA84F460-76CD-44B1-9C70-1F134A9A3D17} = 217.65.192.1 217.65.192.52 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\progra~1\stardock\object~1\desksc~1\DesktopControlPanel.dll STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\progra~1\stardock\object~1\desksc~1\deskscapes.dll STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\progra~1\stardock\object~1\desksc~1\DreamControl.dll STS: AveVistaBackgroundFolder Class: {73526e5a-fd53-4be7-b5e2-d3c89d7413dc} - c:\windows\system32\branding\folderbg\VistaFolderBackground.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-7-3 303376] R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-4-5 103040] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472] R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2010-4-5 480128] R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\usbVM303.sys [2010-4-5 1472768] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-5 136176] S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984] =============== Created Last 30 ================ 2010-04-11 17:35:18 0 d-----w- C:\logs 2010-04-11 17:32:57 0 d-----w- c:\program files\Lexmark 2600 Series 2010-04-11 13:47:39 0 d-----w- c:\programdata\App4rTemp 2010-04-08 22:03:00 0 d-----w- c:\users\admini~1\appdata\roaming\Lexmark Productivity Studio 2010-04-08 22:02:01 0 d-----w- c:\program files\Lexmark Tools for Office 2010-04-08 11:41:08 0 d-----w- c:\programdata\Ezprint 2010-04-08 11:39:55 0 d-----w- C:\drivers 2010-04-08 11:30:21 0 d-----w- c:\programdata\lx_Cats 2010-04-07 21:05:03 0 d-----w- c:\program files\Babylon 2010-04-07 21:04:52 0 d-----w- c:\users\admini~1\appdata\roaming\Babylon 2010-04-07 21:04:52 0 d-----w- c:\programdata\Babylon 2010-04-06 18:07:02 189725566 ----a-w- c:\windows\MEMORY.DMP 2010-04-06 07:51:03 0 d-----w- c:\program files\NeoSmart Technologies 2010-04-06 02:38:31 0 d-----w- c:\windows\Panther 2010-04-06 01:57:27 32592 ----a-w- c:\windows\system32\msonpmon.dll 2010-04-06 01:56:01 0 d-----w- c:\program files\Microsoft Visual Studio 8 2010-04-06 01:53:40 0 d-----w- c:\windows\PCHEALTH 2010-04-06 01:51:58 0 d-----w- c:\programdata\Microsoft Help 2010-04-06 01:49:04 0 d-sh--w- c:\windows\Installer 2010-04-06 01:49:04 0 d-----w- c:\programdata\Stardock 2010-04-06 01:48:59 0 d-----w- c:\program files\Stardock 2010-04-05 17:36:41 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-04-05 17:34:09 0 d-----r- c:\program files\Skype 2010-04-05 17:34:05 0 d-----w- c:\programdata\Skype 2010-04-05 17:23:35 0 d-----w- c:\program files\VITSOFT 2010-04-05 17:19:54 0 d-----w- c:\program files\uTorrent 2010-04-05 17:19:25 0 d-----w- c:\users\admini~1\appdata\roaming\uTorrent 2010-04-05 17:15:45 178176 ----a-w- c:\windows\system32\unrar.dll 2010-04-05 17:15:42 0 d-----w- c:\program files\K-Lite Codec Pack 2010-04-05 16:59:57 0 d-----w- c:\program files\Audacity 2010-04-05 16:44:32 0 d-----w- c:\program files\Foxit Software 2010-04-05 16:43:01 61440 ----a-w- c:\program files\usrPX.dll 2010-04-05 16:43:01 49152 ----a-w- c:\program files\_ISREG32.DLL 2010-04-05 16:43:01 294912 ----a-w- c:\program files\APGuitarTuner.exe 2010-04-05 16:43:01 20480 ----a-w- c:\program files\usr.dll 2010-04-05 16:43:01 19968 ----a-w- c:\program files\cpuinf32.dll 2010-04-05 16:43:01 155648 ----a-w- c:\program files\usrA6.dll 2010-04-05 16:43:01 135168 ----a-w- c:\program files\usrM5.dll 2010-04-05 16:43:01 131072 ----a-w- c:\program files\usrM6.dll 2010-04-05 16:43:01 118784 ----a-w- c:\program files\usrP6.dll 2010-04-05 16:41:58 299520 ----a-w- c:\windows\uninst.exe 2010-04-05 02:56:54 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys 2010-04-05 02:56:54 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2010-04-05 02:56:54 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2010-04-05 02:56:54 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys 2010-04-05 02:56:54 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2010-04-05 02:56:40 0 d-----w- c:\program files\Telenor Internet 2010-04-05 02:56:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2010-04-05 02:40:02 0 d-----w- c:\program files\Vimicro 2010-04-05 02:23:31 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat 2010-04-05 02:22:29 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2010-04-05 02:22:29 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2010-04-05 02:21:52 0 d-----w- c:\programdata\Kaspersky Lab 2010-04-05 02:21:52 0 d-----w- c:\program files\Kaspersky Lab 2010-04-05 02:20:59 0 d-----w- c:\programdata\Kaspersky Lab Setup Files 2010-04-05 02:12:33 0 d-----w- c:\program files\GRETECH ==================== Find3M ==================== 2010-04-11 17:35:09 86016 ----a-w- c:\windows\inf\infstrng.dat 2010-04-11 17:35:09 51200 ----a-w- c:\windows\inf\infpub.dat 2010-04-11 17:35:04 86016 ----a-w- c:\windows\inf\infstor.dat 2010-04-06 01:44:35 174 --sha-w- c:\program files\desktop.ini 2010-04-05 16:59:20 98 ----a-w- c:\program files\state.txt 2010-04-05 16:58:47 142 ----a-w- c:\program files\errorlog.txt 2010-04-05 16:43:06 2762 ----a-w- c:\program files\DeIsL1.isu 2010-04-05 16:43:01 147 ----a-w- c:\program files\_DEISREG.ISR 2008-04-04 09:50:14 665600 ----a-w- c:\windows\inf\drvindex.dat 2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2000-07-31 12:42:04 19093 ----a-w- c:\program files\APGTHelp.htm 2000-07-25 10:58:28 1626 ----a-w- c:\program files\preset.txt 2000-07-06 09:37:14 13974 ----a-w- c:\program files\APLogo.bmp 2000-07-06 08:23:34 13974 ----a-w- c:\program files\APLogoOp.bmp 2000-06-06 14:06:28 4194 ----a-w- c:\program files\circle.bmp 2000-06-06 12:20:34 8398 ----a-w- c:\program files\label.bmp 2000-06-05 16:24:44 26082 ----a-w- c:\program files\NumBev.bmp 2000-06-05 16:24:26 26082 ----a-w- c:\program files\NumClr.bmp 2000-06-05 15:42:52 20250 ----a-w- c:\program files\NotesClr.bmp 2000-06-05 15:42:36 20250 ----a-w- c:\program files\NotesBev.bmp 2000-06-05 09:52:46 7014 ----a-w- c:\program files\gBar.bmp 2000-06-05 09:50:20 726 ----a-w- c:\program files\gTic.bmp 2000-06-05 09:07:24 486 ----a-w- c:\program files\string3.bmp 2000-06-05 09:07:24 302 ----a-w- c:\program files\string2.bmp 2000-06-05 09:07:24 302 ----a-w- c:\program files\string1.bmp 2000-05-31 11:46:24 6198 ----a-w- c:\program files\apSmall.bmp 2008-04-04 09:50:14 8192 --sha-w- c:\windows\users\default\NTUSER.DAT ============= FINISH: 23:45:11.61 =============== mycity.rs/must-login.png Dopuna: 12 Apr 2010 0:42 mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png Dopuna: 12 Apr 2010 0:56 Jel poznat nekome MFC driver i cemu on sluzi? Evo kako mi izgleda driver folder za telenor internet: Kasperski mi je takodje prijavio i taj MFC driver kao sumljiv ali sam ga ja kasnije odblokirao jer mi nije windows mogao da prepozna modem za internet.

Profil

dr_Bora Poslao: 13 Apr 2010 19:49 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Reklo bi se da smo propustili ovu temu... Izvini zbog toga. Citat:Kasperski AV mi prijavljuje PDM.Keylogger driver file Tačan naziv detektovanog file-a? Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » PDM.Keylogger malware

Ko je trenutno na forumu

Ukupno su 1014 korisnika na forumu :: 32 registrovanih, 7 sakrivenih i 975 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., acatomic, Bubimir, Centauro, delrey, dragoljub11987, GandorCC, Georgius, Krusarac, Kubovac, Lazarus, Marko Marković, Mcdado, Mihajlo, milenko crazy north, Milos ZA, mkukoleca, moldway, mrvica78, nebkv, novator, Prašinar, procesor, S2M, sabros, Sirius, stegonosa, Stoilkovic, t84dar, Valter071, W123, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by