CW1 i CW6 jer su to neki virusi?
Ja sam ovo sa loga gore AVG-a uklanjao preko TC, i jos nekih programa! Ovo cw1, cw6 i nekih 10 programa koji su imali ovakav naziv, nesto bhkgk.exe, pa bsdie.exe. tako neke gluposto 10 komada, ukonih sa TCpmanderom ono kad se vide skriveni fajlovi. Nista nije kocilo pri radu, sem sto se pojavljivao neki cudan zvuk ono bezveze kad se radi i onaj zvuk kao da se otvaraju foderi, i nista vise!
Ali evo logova sa procedure ovog foruma, da vidite da li je jos nesto ostalo:
U pitanj je 32 bitni WIN kod mene!
Prvo DDS:
DDS (Ver_10-12-05.01) - NTFSx86
Run by Korisnik at 23:55:02,92 on cet 12/09/2010
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1075 [GMT 1:00]
AV: AVG Anti-Virus 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.microsoft.com
udefault_page_url = hxxp://www.microsoft.com
uWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DrvIcon] c:\windows\7sp_files\drive icon\DrvIcon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279208048328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279208792609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\dji7eshf.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\korisnik\local settings\application data\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\dji7eshf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-7-11 14912]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 BBDemon;Backbone Service;d:\program files\dassault systemes\b16\intel_a\code\bin\CATSysDemon.exe [2005-9-6 35840]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-4-16 38144]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\pc auto shutdown\ShutdownService.exe [2010-10-29 461928]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-12-4 30152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [2010-4-16 332928]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-16 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-16 8456]
S3 SliceDisk5;SliceDisk5; [x]
=============== File Associations ===============
=============== Created Last 30 ================
==================== Find3M ====================
2099-08-15 07:36:33 315392 ----a-w- c:\windows\HideWin.exe
2010-11-21 21:36:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-21 21:36:14 348160 ----a-w- c:\windows\system32\msvcr71.dll
2008-03-09 05:25:10 236 ---ha-w- c:\program files\common files\dx.reg
============= FINISH: 23:55:45,40 ===============
Sada drugi program GMER:
Imate Log 1, 2, 3!
Treci program: Odradicu danas-to ostajem duzan!!! Pa posle Vi kazite...
Dopuna: 11 Dec 2010 2:20
Treci program koji sam ostao duzan, ne mogu pokrenuti, tj kada krene da skenira javi mi se ovo obavestenje (plavi ekran):
Проблем је био откривен и прозори је затворена за спречавање штета од овог рачунара!
Процес или нит од кључног значаја за систем рада неочекивано је завршио или није окончан.
Ако је ово први пут да сте видели ову грешку заустављања екрана, поново покрените рачунар. Ако се овај екран се појави поново, следите ове кораке:
Проверите да ли било који нови хардвер и софтвер правилно инсталиран. Ако је ово нове инсталације, питајте хардвер или софтвер произвођача за све допуне за Виндовс можда ће бити потребно.
Ако се проблем настави, онемогућите или уклоните све ново инсталираног хардвера софтвера. Онемогући меморије БИОС опције као што је кеширање или сенчење.
Ако морате да користите безбедном режиму да уклоне или онемогућите компоненте. поново покрените рачунар, притисните тастер Ф8 да бисте изаберите Адванцед Стартуп Оптионс, а затим изаберите Сафе Мод.
A problem has been detected and windows has been shut down to prevent damage of this computer!
A process or thread crucial to sistem operation has unexpectedly exited or been terminated.
If thsi is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to make sure any new hardware and software is properly installed. If this a new installation, ask your hardware or software manufacturer for any windows updates you might need.
If problem continue, disable or remove any newly installed hardware of software. Disable Bios memory options such as caching or shadowing.
If you need to Use safe mode to remove or disable components. restart your computer, press F8 to select Advanced startup options, and then select safe mod.
Nece dakle da ga prihvati moji WIN, a proverih da je 32 bitni!
Evo izvestaja, samo da kazem da sam morao da deinstaliram AVG 2011, pa tek onda je program mogao da skenira comp, pored onog totalnog iskljucenja, pa evo rezultata, javite ako treba jos nesto da radim:
ComboFix 10-12-11.01 - Korisnik 12/11/2010 21:50:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1554 [GMT 1:00]
Running from: d:\my documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2010-11-21 21:36 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-21 21:36 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-09 21:20 . 2010-11-09 21:20 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2008-03-09 05:25 . 2010-04-09 00:19 236 ---ha-w- c:\program files\Common Files\dx.reg
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
"DrvIcon"="c:\windows\7SP_Files\Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\orbixd.exe"=
"d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
Log nije kompletan. Ako ne moze da stane ceo okaci ga preko opcije prikaci fajl.
Napisano: 11 Dec 2010 22:29
Izvinjavam se moja greska
Evo celog:
ComboFix 10-12-11.01 - Korisnik 12/11/2010 21:50:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1554 [GMT 1:00]
Running from: d:\my documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2010-11-21 21:36 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-21 21:36 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-09 21:20 . 2010-11-09 21:20 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2008-03-09 05:25 . 2010-04-09 00:19 236 ---ha-w- c:\program files\Common Files\dx.reg
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
"DrvIcon"="c:\windows\7SP_Files\Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\orbixd.exe"=
"d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\MartView\\IeEmbed.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/13/2010 9:36 PM 685816]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 10:20 PM 299984]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [7/11/2003 2:22 PM 14912]
R2 BBDemon;Backbone Service;d:\program files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [9/6/2005 9:11 PM 35840]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [4/16/2010 10:59 AM 38144]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [10/29/2010 2:23 AM 461928]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/4/2010 3:38 AM 30152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 26192]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 8:42 PM 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [4/16/2010 9:37 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [4/16/2010 9:37 PM 8456]
S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [4/16/2010 10:57 AM 332928]
S3 SliceDisk5;SliceDisk5; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Contents of the 'Scheduled Tasks' folder
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:42]
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:42]
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1647877149-839522115-1003Core.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-16 20:44]
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1647877149-839522115-1003UA.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-16 20:44]
2010-12-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1647877149-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1647877149-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
------- Supplementary Scan -------
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\dji7eshf.default\
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\dji7eshf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
------- File Associations -------
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - e:\hbcd\wintools\HijackThis.exe
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-12-11 21:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------- LOCKED REGISTRY KEYS ---------------------
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2764)
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
------------------------ Other Running Processes ------------------------
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\program files\Raxco\PerfectDisk\PDAgentS1.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtWLan.exe
Completion time: 2010-12-11 22:01:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 21:01
Pre-Run: 5.349.470.208 bytes free
Post-Run: 5.267.374.080 bytes free
[boot loader]
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 73541A9CCB4AB86FE147BD087198030C
Dopuna: 11 Dec 2010 22:34
U logu stoji da radi AVG, a ja ga deinstalirao
Dopuna: 12 Dec 2010 1:27
Obrisao sam AVG bio je ostao u Program Files, ne znam kako a radio je u task Manageru...Dok je radio radio sam skeniranje s Combo Fix-om!
Obrisai sam ja AV ono sto je moglu u TComanderu, a neki fajlovi nisu hteli! Pa sam butovao sa miniXP i obrisao sve osatlo! Inace, sa racunarom je OK, mada mi je pre dizao sistem sa 6 vozica, sada mu treba 10! Ne znam mozda mi je vratio ona difolt podesaavanja po registriju, jer sam mu radio ono friziranje, prebacivanje onih brojeva iz 0 u 1 i tako, da bi se brze dizao, a na listi podizanja, ne dize neki program pride, pa da znam zasto je produzio to dizanje sistema, mnada nije strasno, to je to!
Jeino neka pri radu, al to ima vise od godinu dana, nekad zacrni se ekran, ono 2-3 sec, i to prodje i nastavi da radi bez problema! Mislimda to nema veze s virusima!
Sad mali OFF, kako se brisu datoteke iz kante u miniXP-u, tj koji je folder tamo kanta recaycle bin, jer recaycler? Nekad na desktopu, mi u ikonici za kantu stoji kao da imam neki fajl unutra, a unutra ja sve pobrisah, pa reko daubijem sve u njoj
Dopuna: 13 Dec 2010 1:20
Inace ne koristim AV to me nervira, ne znam zasto, ma nikad mi se nista ne desava, sem sada sa Malvarom, ali se nadam da sam ih pobio do sada, a kod Vas je uzorak sada na analizu!!!
Samo ako posumnjam na nesto, ja instaliram AV, to ubijem ako je sumnjivo i teraj...
Ok. odradicu !