Poslao: 23 Jan 2009 21:08
|
offline
- Palve
- Novi MyCity građanin
- Pridružio: 23 Jan 2009
- Poruke: 17
|
Imam ADSL-Telekom.Pri ukljucivanju racunara u donjem desnom uglu(pored sata) imam crveni stit (mislim da je to firewall) koji izbaci oblacic u kome pise :"Security System has detected spyware infection".Klikom na taj "oblacic" otvara mi se sajt :http://premiumlivevirusscan.com/promo/1/freescan.php?nu=77100108,sam skenira racunar i nudi mi da skinem
InstallAVg_77100108.exe
Ukoliko zatvorim taj "oblacic" posle nekog vremena i vise obavestanja se sam konektuje na pomenuti sajt.Prilikom izlaska tog "oblacica" onemuguceno mi je pisanje dok ne kiliknem misem tamo gde pisem.
Imam antivirus Avira Premium,koja ne pronalai viruse.
Usput uvecane progrme odmah uvlaci posle izvesnog vremena( oko 20 sec) ili ih minimizira.
Hvala unapred!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:59, on 23/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\Administrator\Local Settings\Temp\a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Documents and Settings\All Users\Application Data\SearchIn1Step\searchin1172.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\SearchIn1Step\searchin1.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\DOCUME~1\Administrator\Local Settings\Temp\~tmpd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\DOCUME~1\Administrator\Local Settings\Temp\~tmpa.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Desktop\New Folder\TR3.exe..exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = world.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = auto.search.msn.com/response.asp?MT=deesk+t.....=&utf8
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Administrator\Local Settings\Temp\~tmpa.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Administrator\Local Settings\Temp\a.exe
O4 - HKCU\..\Run: [72203704292835744567060544868685] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://world.yahoo.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{03A2141D-7AB8-4386-B65D-9957D45F6E58}: NameServer = 212.200.170.33 212.200.170.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: SearchIn1Step Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SearchIn1Step\searchin1172.exe
--
End of file - 7302 bytes
|
|
|
|
|
Poslao: 23 Jan 2009 23:54
|
offline
- Palve
- Novi MyCity građanin
- Pridružio: 23 Jan 2009
- Poruke: 17
|
Nemam tu ikonicu u donjem desnom uglu.Jel to isto postizem ako u avirnom prozoru na opciju AntiVir Guard postavim Deactivate?
|
|
|
|
|
Poslao: 24 Jan 2009 00:18
|
offline
- Palve
- Novi MyCity građanin
- Pridružio: 23 Jan 2009
- Poruke: 17
|
evo:
ComboFix 09-01-21.04 - Administrator 2009-01-24 0:04:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.33 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
c:\windows\system32\BaD88IxB.exe.a_a
c:\windows\system32\msxml71.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.
2018-06-16 20:41 . 2004-08-03 21:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys
2018-06-16 20:41 . 2004-08-03 21:31 20,992 --a--c--- c:\windows\system32\dllcache\rtl8139.sys
2009-01-17 12:39 . 2009-01-17 12:39 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-17 12:39 . 2009-01-17 12:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-17 12:20 . 2009-01-17 12:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-16 03:02 . 2009-01-16 03:02 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-15 03:06 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-15 03:06 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-15 03:06 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-15 03:06 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-15 03:06 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-01-15 03:06 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-15 03:05 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-15 03:00 . 2009-01-16 03:07 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-15 03:00 . 2005-06-28 10:21 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-01-14 15:27 . 2009-01-14 15:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Avira
2009-01-14 01:04 . 2009-01-17 01:37 69,632 --a------ c:\windows\system32\BaD88IxB.exe
2009-01-07 15:57 . 2009-01-13 15:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\SearchIn1Step
2008-12-28 01:27 . 2008-12-28 01:29 <DIR> d--h----- c:\program files\Zero G Registry
2008-12-28 01:27 . 2008-12-28 01:29 <DIR> d-------- c:\program files\GeoGebra
2008-12-28 01:26 . 2008-12-28 01:26 <DIR> d--h----- c:\documents and settings\Administrator\InstallAnywhere
2008-12-27 15:45 . 2008-12-27 15:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DivX
2008-12-27 15:16 . 2008-12-27 15:16 <DIR> d-------- c:\program files\UltraISO
2008-12-27 15:16 . 2008-12-27 15:16 <DIR> d-------- c:\program files\Common Files\EZB Systems
2008-12-27 15:07 . 2009-01-22 21:24 <DIR> d-------- c:\documents and settings\Administrator\Contacts
2008-12-25 18:31 . 2009-01-20 15:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent
2008-12-25 14:36 . 2008-12-25 14:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp
2008-12-25 14:35 . 2009-01-23 00:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM
2008-12-25 14:28 . 2009-01-23 09:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype
2008-12-25 07:19 . 2009-01-20 10:38 <DIR> d-------- c:\documents and settings\Administrator
2008-12-24 20:40 . 2008-12-24 20:40 <DIR> d-------- c:\program files\FileZilla Server
2008-12-24 20:26 . 2008-12-24 20:26 <DIR> d-------- c:\program files\FileZilla FTP Client
2008-12-24 20:26 . 2008-12-24 20:38 <DIR> d-------- c:\documents and settings\jeca\Application Data\FileZilla
2008-12-24 18:19 . 2008-12-24 19:29 <DIR> d-------- c:\documents and settings\jeca\dwhelper
2008-12-24 17:49 . 2008-12-24 17:49 <DIR> d-------- c:\windows\Sun
2008-12-24 17:48 . 2004-08-03 22:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-24 17:21 . 2008-12-24 17:23 <DIR> d-------- c:\documents and settings\jeca\Application Data\Winamp
2008-12-24 16:49 . 2009-01-12 02:22 69 --a------ c:\windows\NeroDigital.ini
2008-12-24 14:55 . 2008-12-24 14:55 <DIR> d-------- c:\documents and settings\jeca\Application Data\Locktime
2008-12-24 14:47 . 2008-12-24 14:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Locktime
2008-12-24 14:31 . 2008-12-24 14:31 <DIR> d-------- c:\documents and settings\jeca\Application Data\Nero
2008-12-24 14:28 . 2006-03-17 11:45 802,816 --a------ c:\windows\system32\imagXRA7.dll
2008-12-24 14:28 . 2006-03-17 14:49 368,640 --a------ c:\windows\system32\TwnLib4.dll
2008-12-24 14:28 . 2006-03-17 11:45 258,048 --a------ c:\windows\system32\imagXR7.dll
2008-12-24 14:27 . 2008-12-24 14:28 <DIR> d-------- c:\program files\Nero
2008-12-24 14:27 . 2008-12-24 14:28 <DIR> d-------- c:\program files\Common Files\Nero
2008-12-24 14:27 . 2008-12-24 14:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-24 14:27 . 2006-03-17 11:45 1,757,184 --a------ c:\windows\system32\imagX7.dll
2008-12-24 14:27 . 2006-03-17 11:45 497,296 --a------ c:\windows\system32\imagXpr7.dll
2008-12-24 14:25 . 2009-01-13 19:18 <DIR> d-------- c:\program files\SearchIn1Step
2008-12-24 14:22 . 2008-12-24 14:22 <DIR> d-------- c:\program files\MyTorrent Downloader
2008-12-24 14:22 . 2008-12-24 14:22 <DIR> d-------- c:\documents and settings\jeca\Application Data\.Torrent Searcher Client
2008-12-24 14:21 . 2008-12-24 20:18 <DIR> d-------- c:\program files\BitLord
2008-12-24 14:20 . 2008-12-24 15:25 <DIR> d-------- c:\program files\BitComet
2008-12-24 14:20 . 2009-01-20 14:47 <DIR> d-------- C:\Downloads
2008-12-24 14:19 . 2008-12-24 14:19 <DIR> d-------- c:\program files\Mozilla Thunderbird
2008-12-24 14:19 . 2008-12-24 14:19 <DIR> d-------- c:\documents and settings\jeca\Application Data\Thunderbird
2008-12-24 14:17 . 2008-12-24 14:18 <DIR> d-------- c:\program files\MapSphere
2008-12-24 14:16 . 2008-12-24 14:16 <DIR> d-------- c:\program files\Java
2008-12-24 14:16 . 2006-10-12 03:10 49,265 --a------ c:\windows\system32\jpicpl32.cpl
2008-12-24 14:15 . 2008-12-24 14:15 <DIR> d-------- c:\program files\Common Files\Java
2008-12-24 14:14 . 2008-12-24 14:14 <DIR> d-------- c:\program files\Google
2008-12-24 14:13 . 2009-01-20 14:50 <DIR> d-------- c:\program files\FlashGet
2008-12-24 13:55 . 2008-12-24 17:26 <DIR> d-------- c:\program files\A d r e s e
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 11:51 --------- d-----w c:\program files\NoAdware5.0
2009-01-17 11:45 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-04 16:50 --------- d-----w c:\program files\Totalcmd 7.03
2008-12-29 20:14 --------- d-----w c:\program files\Common Files\Adobe
2008-12-28 00:32 --------- d-----w c:\program files\Crystal Player
2008-12-25 00:40 --------- d-----w c:\documents and settings\jeca\Application Data\Skype
2008-12-24 23:05 --------- d-----w c:\documents and settings\jeca\Application Data\skypePM
2008-12-24 16:22 --------- d-----w c:\program files\Winamp
2008-12-24 14:27 --------- d-----w c:\program files\Opera
2008-12-24 14:26 --------- d-----w c:\documents and settings\jeca\Application Data\SUPERAntiSpyware.com
2008-12-24 14:18 --------- d-----w c:\documents and settings\jeca\Application Data\uTorrent
2008-12-22 13:01 --------- d-----w c:\program files\uTorrent
2008-12-21 14:16 --------- d-----w c:\program files\Common Files\xing shared
2008-12-21 14:15 --------- d-----w c:\program files\Real
2008-12-21 14:15 --------- d-----w c:\program files\Common Files\Real
2008-12-13 20:26 --------- d-----w c:\program files\Skype
2008-12-13 20:26 --------- d-----w c:\program files\Common Files\Skype
2008-12-13 20:26 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-13 10:52 --------- d-----w c:\documents and settings\jeca\Application Data\Avira
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:35 --------- d-----w c:\program files\MSN Messenger
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-06-08 12:17 24,192 ----a-w c:\documents and settings\jeca\usbsermptxp.sys
2008-06-08 12:17 22,768 ----a-w c:\documents and settings\jeca\usbsermpt.sys
2008-04-22 22:40 56 --sh--r c:\windows\system32\2DA480F34A.sys
2008-04-22 22:40 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-26 68856]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\mihajlo\\igrice\\Re-volt\\revolt.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\pavle\\igrice\\ARMY MEN\\3DO\\Army Men RTS\\amrts.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15235:TCP"= 15235:TCP:BitComet 15235 TCP
"15235:UDP"= 15235:UDP:BitComet 15235 UDP
R4 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-04-22 164097]
R4 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2008-04-22 254209]
R4 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-04-22 41217]
R4 SearchIn1Step Service;SearchIn1Step Service;c:\documents and settings\All Users\Application Data\SearchIn1Step\searchin1172.exe [2009-01-13 4608]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-01-22 c:\windows\Tasks\At1.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At10.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At100.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At101.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At102.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At103.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At104.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At105.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At106.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At107.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At108.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At109.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At11.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At110.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At111.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At112.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At113.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At114.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At115.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At116.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At117.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At118.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At119.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At12.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At120.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At13.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At14.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At15.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At16.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At17.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At18.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At19.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At2.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At20.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At21.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At22.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At23.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At24.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-22 c:\windows\Tasks\At25.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At26.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At27.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At28.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At29.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At3.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At30.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At31.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At32.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At33.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At34.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At35.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At36.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At37.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At38.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At39.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At4.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At40.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At41.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At42.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At43.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At44.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At45.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At46.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At47.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At48.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-22 c:\windows\Tasks\At49.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At5.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At50.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At51.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At52.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At53.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At54.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At55.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At56.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At57.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At58.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At59.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At6.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At60.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At61.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At62.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At63.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At64.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At65.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At66.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At67.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At68.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At69.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At7.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At70.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At71.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At72.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-22 c:\windows\Tasks\At73.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At74.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At75.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At76.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At77.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At78.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At79.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At8.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At80.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At81.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At82.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At83.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At84.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At85.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At86.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At87.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At88.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At89.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At9.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At90.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At91.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At92.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At93.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At94.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At95.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At96.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-22 c:\windows\Tasks\At97.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At98.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\At99.job
- c:\windows\system32\BaD88IxB.exe [2009-01-17 01:37]
2009-01-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq59da94.default\
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-24 00:10:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe
c:\program files\FileZilla Server\FileZilla server.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\SearchIn1Step\searchin1.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-01-24 0:14:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-23 23:14:50
Pre-Run: 893,370,368 bytes free
Post-Run: 2,763,333,632 bytes free
448 --- E O F --- 2009-01-16 02:07:12
|
|
|
|
|
Poslao: 24 Jan 2009 16:28
|
offline
- Palve
- Novi MyCity građanin
- Pridružio: 23 Jan 2009
- Poruke: 17
|
Kada se startuje ComboFix izbacuje sledece upozorenje:
Waring!!
Avira AntiVir PersonalEdition
The above real time scanner(s) are still active but ComboFix shall
continue to run.Kindly note that this is at your own risk.
Sta sada da uradim?
|
|
|
|
|
Poslao: 24 Jan 2009 16:54
|
offline
- Palve
- Novi MyCity građanin
- Pridružio: 23 Jan 2009
- Poruke: 17
|
Da to sam uradila,ali mi posle iskljucenja te opcije Avire izbacuje Obavestenje:
Waring!!
Avira AntiVir PersonalEdition
The above real time scanner(s) are still active but ComboFix shall
continue to run.Kindly note that this is at your own risk.
|
|
|
|
Poslao: 24 Jan 2009 16:56
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Nije bitno, nastavi dalje sa ComboFixom i nakon tog upozorenja.
|
|
|
|