MyCity » Ambulanta -> Arhiva Ambulante » riskware Invader

riskware Invader

Napisano na dan: 21.3.2008

riskware Invader

Sledeća strana

Pagination

Odgovori

brzi16 Poslao: 21 Mar 2008 08:50 Idi na vrh
offline brzi16 Novi MyCity građanin Pridružio: 21 Mar 2008 Poruke: 2	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 8:27:01 AM, on 3/21/2008 Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\SxgTkBar.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\xp\Desktop\Hajackthis\tr3.exe.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE PLEOMAX Web Camera O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{2CBD1293-24D4-42EB-8910-5CA3C77B07B5}: NameServer = 217.23.192.9 217.23.192.14 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Profil

dr_Bora Poslao: 21 Mar 2008 09:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Šta tačno KIS detektuje? Privremeno isključi sav zaštitini softver (KIS, Spyware Terminator, Spyware Doctor) pre pokretanja sledećeg programa. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

brzi16 Poslao: 21 Mar 2008 22:41 Idi na vrh
offline brzi16 Novi MyCity građanin Pridružio: 21 Mar 2008 Poruke: 2	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-03-21.1 - xp 2008-03-21 22:29:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.177 [GMT 1:00] Running from: C:\Documents and Settings\xp\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))) . 2008-03-21 22:20 . 2008-03-21 22:20 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-21 22:18 . 2008-03-21 22:18 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-21 22:16 . 2008-03-21 22:16 <DIR> d-------- C:\Documents and Settings\xp\Application Data\Creative 2008-03-21 22:16 . 2008-03-21 22:16 584 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-03-21 22:16 . 2008-03-21 22:16 584 --a------ C:\WINDOWS\system32\settings.sfm 2008-03-21 22:15 . 2008-03-21 22:15 22 --a------ C:\WINDOWS\system32\ati64hlp.stb 2008-03-21 22:13 . 2008-03-21 22:13 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-03-21 22:13 . 2008-03-21 22:13 <DIR> d-------- C:\Program Files\KORG 2008-03-21 22:08 . 2008-03-21 22:08 <DIR> d-------- C:\Program Files\HP 2008-03-21 22:08 . 2008-03-21 22:08 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-03-21 22:08 . 2003-12-11 11:15 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll 2008-03-21 22:08 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2008-03-21 22:08 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2008-03-21 22:08 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2008-03-21 22:08 . 2003-12-11 11:15 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2008-03-21 22:08 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2008-03-21 22:07 . 2008-03-21 22:09 70,107 --a------ C:\WINDOWS\hpdj3740.his 2008-03-21 22:07 . 2008-03-21 22:09 7,196 --a------ C:\WINDOWS\hpdj3740.ini 2008-03-21 22:07 . 2008-03-21 22:07 1,260 --a------ C:\WINDOWS\hpbvspst.his 2008-03-21 22:07 . 2008-03-21 22:07 414 --a------ C:\WINDOWS\hpbvspst.ini 2008-03-21 22:03 . 2008-03-21 22:03 <DIR> d-------- C:\Documents and Settings\xp\Application Data\Ahead 2008-03-21 22:01 . 2008-03-21 22:01 <DIR> d-------- C:\Program Files\Nero 2008-03-21 22:01 . 2008-03-21 22:06 <DIR> d-------- C:\Program Files\Common Files\Ahead . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-21 21:38 198,944 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-21 21:27 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-03-21 21:27 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-03-21 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-21 21:13 21,792 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-21 20:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-21 20:58 --------- d-----w C:\Program Files\CyberLink 2008-03-21 20:58 --------- d-----w C:\Documents and Settings\xp\Application Data\CyberLink 2008-03-21 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-03-21 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-03-21 20:54 --------- d-----w C:\Program Files\Winamp 2008-03-21 20:54 --------- d-----w C:\Documents and Settings\xp\Application Data\Winamp 2008-03-21 20:51 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-21 20:48 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-21 20:48 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-21 20:47 --------- d-----w C:\Program Files\Kaspersky Lab 2008-03-21 20:43 --------- d-----w C:\Program Files\Creative 2008-03-21 20:26 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-21 20:18 --------- d-----w C:\Program Files\ATI Technologies 2008-03-21 19:48 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10 339968] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10 57344] "P17Helper"="P17.dll" [2005-05-03 12:38 64512 C:\WINDOWS\system32\P17.dll] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 16:46 172032] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 18:55 49152] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-03-30 03:47 40960] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS [2002-06-24 05:30] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 ZSMC302;PLEOMAX Web Camera;C:\WINDOWS\system32\Drivers\usbvm302.sys [2004-03-30 03:47] Newly Created Service - CREATIVE_SERVICE_FOR_CDROM_ACCESS Newly Created Service - KL1 . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-03-21 22:38:10 Windows 5.1.2600 Service Pack 3, v.3264 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-03-21 22:39:20

Profil

DEMIAN Poslao: 21 Mar 2008 22:54 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! @brzi16 Izvinjavam se što upadam Bori u temu ali odgovori čoveku dok si tu online. Bitno je. Ne bi te pitao da nije. dr_Bora :: Šta tačno KIS detektuje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » riskware Invader

Ko je trenutno na forumu

Ukupno su 1076 korisnika na forumu :: 42 registrovanih, 5 sakrivenih i 1029 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AleksSE, Andrija357, Apok, Arsenije, babaroga, Brana01, delrey, djboj, Djokkinen, Dogma21, doom83, Draganeli, drimer, Georgius, GhostOfSparta480, goxin, havoc995, HogarStrashni, Jakov01, JOntra, krkalon, Krusarac, Kubovac, kybonacci, laki_bb, M1los, mean_machine, mercedesamg, Mercury, milenko crazy north, milos.cbr, Romibrat, skvara, ss10, Stanlio, theNedjeljko, Toper, tubular, Vatreni Zmaj, voja64, šumar bk2, 2001

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by