Problem s Malwar-om...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 10 Dec 2010 4:08

CW1 i CW6 jer su to neki virusi?



Ja sam ovo sa loga gore AVG-a uklanjao preko TC, i jos nekih programa! Ovo cw1, cw6 i nekih 10 programa koji su imali ovakav naziv, nesto bhkgk.exe, pa bsdie.exe. tako neke gluposto 10 komada, ukonih sa TCpmanderom ono kad se vide skriveni fajlovi. Nista nije kocilo pri radu, sem sto se pojavljivao neki cudan zvuk ono bezveze kad se radi i onaj zvuk kao da se otvaraju foderi, i nista vise!

Ali evo logova sa procedure ovog foruma, da vidite da li je jos nesto ostalo:

U pitanj je 32 bitni WIN kod mene!

Prvo DDS:

DDS (Ver_10-12-05.01) - NTFSx86
Run by Korisnik at 23:55:02,92 on cet 12/09/2010
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1075 [GMT 1:00]

AV: AVG Anti-Virus 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
udefault_page_url = [Link mogu videti samo ulogovani korisnici]
uWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DrvIcon] c:\windows\7sp_files\drive icon\DrvIcon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [Link mogu videti samo ulogovani korisnici]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [Link mogu videti samo ulogovani korisnici]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\dji7eshf.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\korisnik\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Quick Starter: [Link mogu videti samo ulogovani korisnici] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\dji7eshf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-7-11 14912]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 BBDemon;Backbone Service;d:\program files\dassault systemes\b16\intel_a\code\bin\CATSysDemon.exe [2005-9-6 35840]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-4-16 38144]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\pc auto shutdown\ShutdownService.exe [2010-10-29 461928]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-12-4 30152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [2010-4-16 332928]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-16 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-16 8456]
S3 SliceDisk5;SliceDisk5; [x]

=============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================


==================== Find3M ====================

2099-08-15 07:36:33 315392 ----a-w- c:\windows\HideWin.exe
2010-11-21 21:36:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-21 21:36:14 348160 ----a-w- c:\windows\system32\msvcr71.dll
2008-03-09 05:25:10 236 ---ha-w- c:\program files\common files\dx.reg

============= FINISH: 23:55:45,40 ===============



[Link mogu videti samo ulogovani korisnici]

Sada drugi program GMER:

Imate Log 1, 2, 3!

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Treci program: Odradicu danas-to ostajem duzan!!! Pa posle Vi kazite...

Dopuna: 11 Dec 2010 2:20

Treci program koji sam ostao duzan, ne mogu pokrenuti, tj kada krene da skenira javi mi se ovo obavestenje (plavi ekran):

Проблем је био откривен и прозори је затворена за спречавање штета од овог рачунара!
Процес или нит од кључног значаја за систем рада неочекивано је завршио или није окончан.
Ако је ово први пут да сте видели ову грешку заустављања екрана, поново покрените рачунар. Ако се овај екран се појави поново, следите ове кораке:

Проверите да ли било који нови хардвер и софтвер правилно инсталиран. Ако је ово нове инсталације, питајте хардвер или софтвер произвођача за све допуне за Виндовс можда ће бити потребно.

Ако се проблем настави, онемогућите или уклоните све ново инсталираног хардвера софтвера. Онемогући меморије БИОС опције као што је кеширање или сенчење.
Ако морате да користите безбедном режиму да уклоне или онемогућите компоненте. поново покрените рачунар, притисните тастер Ф8 да бисте изаберите Адванцед Стартуп Оптионс, а затим изаберите Сафе Мод.




A problem has been detected and windows has been shut down to prevent damage of this computer!
A process or thread crucial to sistem operation has unexpectedly exited or been terminated.
If thsi is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware and software is properly installed. If this a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problem continue, disable or remove any newly installed hardware of software. Disable Bios memory options such as caching or shadowing.
If you need to Use safe mode to remove or disable components. restart your computer, press F8 to select Advanced startup options, and then select safe mod.

Nece dakle da ga prihvati moji WIN, a proverih da je 32 bitni!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo izvestaja, samo da kazem da sam morao da deinstaliram AVG 2011, pa tek onda je program mogao da skenira comp, pored onog totalnog iskljucenja, pa evo rezultata, javite ako treba jos nesto da radim:

ComboFix 10-12-11.01 - Korisnik 12/11/2010 21:50:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1554 [GMT 1:00]
Running from: d:\my documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\PRAVOS~1\PRAVos~1.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 21:36 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-21 21:36 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-09 21:20 . 2010-11-09 21:20 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2008-03-09 05:25 . 2010-04-09 00:19 236 ---ha-w- c:\program files\Common Files\dx.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\windows\7SP_Files\Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\orbixd.exe"=
"d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Log nije kompletan. Ako ne moze da stane ceo okaci ga preko opcije prikaci fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 11 Dec 2010 22:29

Izvinjavam se moja greska

Evo celog:


ComboFix 10-12-11.01 - Korisnik 12/11/2010 21:50:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1554 [GMT 1:00]
Running from: d:\my documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\PRAVOS~1\PRAVos~1.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 21:36 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-21 21:36 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-09 21:20 . 2010-11-09 21:20 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2008-03-09 05:25 . 2010-04-09 00:19 236 ---ha-w- c:\program files\Common Files\dx.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\windows\7SP_Files\Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\orbixd.exe"=
"d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\MartView\\IeEmbed.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/13/2010 9:36 PM 685816]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 10:20 PM 299984]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [7/11/2003 2:22 PM 14912]
R2 BBDemon;Backbone Service;d:\program files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [9/6/2005 9:11 PM 35840]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [4/16/2010 10:59 AM 38144]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [10/29/2010 2:23 AM 461928]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/4/2010 3:38 AM 30152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 26192]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 8:42 PM 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [4/16/2010 9:37 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [4/16/2010 9:37 PM 8456]
S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [4/16/2010 10:57 AM 332928]
S3 SliceDisk5;SliceDisk5; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:42]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:42]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1647877149-839522115-1003Core.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-16 20:44]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1647877149-839522115-1003UA.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-16 20:44]

2010-12-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1647877149-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]

2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1647877149-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\dji7eshf.default\
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Quick Starter: [Link mogu videti samo ulogovani korisnici] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\dji7eshf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - e:\hbcd\wintools\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-12-11 21:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"= ...
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2764)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\wscntfy.exe
c:\program files\Raxco\PerfectDisk\PDAgentS1.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtWLan.exe
.
**************************************************************************
.
Completion time: 2010-12-11 22:01:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 21:01

Pre-Run: 5.349.470.208 bytes free
Post-Run: 5.267.374.080 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 73541A9CCB4AB86FE147BD087198030C

Dopuna: 11 Dec 2010 22:34

U logu stoji da radi AVG, a ja ga deinstalirao

Dopuna: 12 Dec 2010 1:27

Obrisao sam AVG bio je ostao u Program Files, ne znam kako a radio je u task Manageru...Dok je radio radio sam skeniranje s Combo Fix-om!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje racunara...? Sto se tice AV-a sredicemo

• 1Ovo se svidja korisniku: ThePhilosopher
  
  Registruj se da bi pohvalio/la poruku!

Napisano: 13 Dec 2010 1:15

Obrisai sam ja AV ono sto je moglu u TComanderu, a neki fajlovi nisu hteli! Pa sam butovao sa miniXP i obrisao sve osatlo! Inace, sa racunarom je OK, mada mi je pre dizao sistem sa 6 vozica, sada mu treba 10! Ne znam mozda mi je vratio ona difolt podesaavanja po registriju, jer sam mu radio ono friziranje, prebacivanje onih brojeva iz 0 u 1 i tako, da bi se brze dizao, a na listi podizanja, ne dize neki program pride, pa da znam zasto je produzio to dizanje sistema, mnada nije strasno, to je to!

Jeino neka pri radu, al to ima vise od godinu dana, nekad zacrni se ekran, ono 2-3 sec, i to prodje i nastavi da radi bez problema! Mislimda to nema veze s virusima!

Sad mali OFF, kako se brisu datoteke iz kante u miniXP-u, tj koji je folder tamo kanta recaycle bin, jer recaycler? Nekad na desktopu, mi u ikonici za kantu stoji kao da imam neki fajl unutra, a unutra ja sve pobrisah, pa reko daubijem sve u njoj

Dopuna: 13 Dec 2010 1:20

Inace ne koristim AV to me nervira, ne znam zasto, ma nikad mi se nista ne desava, sem sada sa Malvarom, ali se nadam da sam ih pobio do sada, a kod Vas je uzorak sada na analizu!!!

Samo ako posumnjam na nesto, ja instaliram AV, to ubijem ako je sumnjivo i teraj...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Dobro sad, necu ja da ti pametujem, al bolje spreciti nego leciti

Da zove se recycler, a imena fajlova su tipa dc1,dc2 i sl.



I nema potrebe da zbog toga dizes minixp i sl ilegalne tvorevine, kad ccleaner ima opciju empty recycle bin.

No, to bi bilo to Uradi jos ovo :



Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

Pozzz

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok. odradicu !