riskware Invader

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 8:27:01 AM, on 3/21/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xp\Desktop\Hajackthis\tr3.exe.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE PLEOMAX Web Camera
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CBD1293-24D4-42EB-8910-5CA3C77B07B5}: NameServer = 217.23.192.9 217.23.192.14
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Šta tačno KIS detektuje?




Privremeno isključi sav zaštitini softver (KIS, Spyware Terminator, Spyware Doctor) pre pokretanja sledećeg programa.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.

Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-03-21.1 - xp 2008-03-21 22:29:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.177 [GMT 1:00]
Running from: C:\Documents and Settings\xp\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-21 22:20 . 2008-03-21 22:20 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-21 22:18 . 2008-03-21 22:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-21 22:16 . 2008-03-21 22:16 <DIR> d-------- C:\Documents and Settings\xp\Application Data\Creative
2008-03-21 22:16 . 2008-03-21 22:16 584 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-03-21 22:16 . 2008-03-21 22:16 584 --a------ C:\WINDOWS\system32\settings.sfm
2008-03-21 22:15 . 2008-03-21 22:15 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-03-21 22:13 . 2008-03-21 22:13 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-21 22:13 . 2008-03-21 22:13 <DIR> d-------- C:\Program Files\KORG
2008-03-21 22:08 . 2008-03-21 22:08 <DIR> d-------- C:\Program Files\HP
2008-03-21 22:08 . 2008-03-21 22:08 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-03-21 22:08 . 2003-12-11 11:15 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll
2008-03-21 22:08 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-03-21 22:08 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-03-21 22:08 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-03-21 22:08 . 2003-12-11 11:15 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2008-03-21 22:08 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-03-21 22:07 . 2008-03-21 22:09 70,107 --a------ C:\WINDOWS\hpdj3740.his
2008-03-21 22:07 . 2008-03-21 22:09 7,196 --a------ C:\WINDOWS\hpdj3740.ini
2008-03-21 22:07 . 2008-03-21 22:07 1,260 --a------ C:\WINDOWS\hpbvspst.his
2008-03-21 22:07 . 2008-03-21 22:07 414 --a------ C:\WINDOWS\hpbvspst.ini
2008-03-21 22:03 . 2008-03-21 22:03 <DIR> d-------- C:\Documents and Settings\xp\Application Data\Ahead
2008-03-21 22:01 . 2008-03-21 22:01 <DIR> d-------- C:\Program Files\Nero
2008-03-21 22:01 . 2008-03-21 22:06 <DIR> d-------- C:\Program Files\Common Files\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 21:38 198,944 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-21 21:27 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-03-21 21:27 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-03-21 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-21 21:13 21,792 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-21 20:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 20:58 --------- d-----w C:\Program Files\CyberLink
2008-03-21 20:58 --------- d-----w C:\Documents and Settings\xp\Application Data\CyberLink
2008-03-21 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-21 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-21 20:54 --------- d-----w C:\Program Files\Winamp
2008-03-21 20:54 --------- d-----w C:\Documents and Settings\xp\Application Data\Winamp
2008-03-21 20:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-21 20:48 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-21 20:48 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-21 20:47 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-21 20:43 --------- d-----w C:\Program Files\Creative
2008-03-21 20:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-21 20:18 --------- d-----w C:\Program Files\ATI Technologies
2008-03-21 19:48 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10 339968]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10 57344]
"P17Helper"="P17.dll" [2005-05-03 12:38 64512 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 16:46 172032]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 18:55 49152]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-03-30 03:47 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS [2002-06-24 05:30]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 ZSMC302;PLEOMAX Web Camera;C:\WINDOWS\system32\Drivers\usbvm302.sys [2004-03-30 03:47]

*Newly Created Service* - CREATIVE_SERVICE_FOR_CDROM_ACCESS
*Newly Created Service* - KL1
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-03-21 22:38:10
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-21 22:39:20

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

@brzi16
Izvinjavam se što upadam Bori u temu ali odgovori čoveku dok si tu online. Bitno je. Ne bi te pitao da nije.
dr_Bora ::
Šta tačno KIS detektuje?