Ah, šta sad?
Pa ništa, moraćeš da instaliraš neki AV i još po neki alat da to ukloniš

Skini DrWeb ili ESET NOD32 Antivirus 4 trial pa preskeniraj računar.

Usput nije zgoreg da skineš i Malwarebytes

Ako posle toga imaš problema, postavićeš nam HJT log

Kad to očistiš, odluči se za neki AV i isključi Autorun na Windowsu

Eto toliko, za početak

Mozes li uci u Safe mode? Ako ne, onda lici na Sality / Conficker virus, ali da ne nagadjam...

Ne znam za safe mode, provericu. Skidam kaspersky posto ionako imam besplatnu pretplatu na 1 godinu. Ali izgleda da nece raditi. Instalirao sam malo stariju verziju ali nece da se pokrene. Izgleda da cu morati da instaliram jos jedan sistem :(
Posto ce mi se do sutra skidati kaspersky evo sad hijack this loga:

Milose, skini Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe na desktop
Ugasi AV i pokreni CF sa desktopa
Yes\ok za sve sto te pita.
Kad zavrsi skeniranje izbacice ti log fajl, koji ces iskopirati ovde.

edit. jesi ti instalirao keylogger?

Kaspersky ne radi. Na zarazeni sistem ne mogu da ga instaliram jer izbacuje gresku, na drugom sistemu imam vec instaliran ali se uvek restartuje. Combofix ne moze da se pokrene jer prijavljuje dont send gresku. Avast takodje ne radi. Safe mode ne radil. Kaspersky.com ne radi... Jbg.
Ja sam instalirao keylogger...

Najverovatnije si naleteo na fajl infektor, on prvo sto zarazi je antivirus, kasnije se siri na sve particije. Kod tebe je situacija takva da ti je sistem maltene pao. I da moze da se ocisti, ne verujem da bi mogao da podignes windows. Jedino resenje je da formatiras C, nikako da ne otvaras druge particije. Odmah instaliraj neki AV i pusti komplet sken.
Iz HJT loga ne moze nista da se vidi, to je stari program koji nije godinama doradjivan, tako da je ovo samo moja pretpostavka po onome sto si napisao.
Kako si zarazio oba sistema ne znam, moguce preko fleske, tako da i nju moras da formatiras.

Kakva je to "don't send" greska? Ocigledno ti neki trojanac blokira rad AV programa, pa je mozda najbolje da pokusas da ubacis "komandose" poput Dr.Web CureIt! ili da probas da instaliras Malwarebytes' Anti-Malware ili SuperAnitSpyware. Kreni od Dr.Weba jer se on ne instalira, i ima najvece sanse da zaobidje tu blokadu, pa ako nista ne uspe svakako javi pa da probamo dalje.

Stiklirajte sledece objekte i kliknite “Fix checked”
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - F:\Program Files\BPK\bpkwb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {80F1B0D1-9425-4197-8B12-3FA84C28F7F7} - (no file)
O2 - BHO: (no name) - {F60E0A4F-7DDD-4345-A0F3-29FC1F088D6D} - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - Winlogon Notify: khfEUoOi - khfEUoOi.dll (file missing)

Combofix mi je na novom sistemu obrisao neke fajlove ali nije hteo da napavi log.
Valjan ne mogu da formatiram c jer mi je hard pun a nemam backup. Mislio sam na onaj prozor koji windows izbaci kad dodje do neke greske kad sam rekao da mi izbacuje dont send gresku. Ono send error report i dont send.
Posto mi je sve zarazeno(dve particije(za druge dve ne znam)) da instaliram sistem na neki matori hard koji imam zajedno sa ovim antivirusima pa da onda sa njega cistim ovaj hard? Tako ne bih morao da formatiram ove particije.
Dashkes ne mogu da pokrenem HijackThis.

Mozes li uopste da podignes windows i da pristupis recimo C:\Combofix.txt. Tu bi trebalo da se nalazi log ukoliko si pustao CF.
Ako nikako ne mozes da startujes windows, skini Live CD ftp://ftp.drweb.com/pub/drweb/livecd/20091016042001/
Narezi da bude bootabilan i skeniraj komplet sistem.

Mogu da pristupim windows-u. Samo nisam mogao da pokrenem neke programe i da uradim sve ostalo sto je gore napisano. Dr web nece da radi izbaci gresku koja se nalazi na slici koja je prikacena i koj se zove drweb(ne znam kako da postavim thumbnail). Instalirao sam malwarebytes' anti malware (slika malware.jpg) i on mi je obrisao par virusa, registry unosa i ponovo mi je "ukljucio" task manager. Sad radim full scan pa cu onda izmenjati 2-3 antivirusa da vidim da li ce oni jos nesto naci.

Probaj i ovo: http://www.free-av.com/en/tool...ira_antivir_rescue_system.html

Hvala na linku ali nema potreba :) Imam sality.aa virus, sad ga kasperski ubija :D Nasao je 206 virusa i jos trazi. Najgore je sto mi je sality zarazio sve exe fajlove(vecinu)...
Ako nekoga zanima evo opisa virusa:

jos jedan file infektor..? pa sta je ovo.. :S

u zadnjih nedelju dana ovde se pojavilo nekoliko file infektora

Najzad sam sve ocistio :D Hvala svima za pomoc :)

kako ja da ocisti......menogu a pokrenem DR web......nemogu Kaspvski......nemogu nod 32 - 4.....cim probam da aktiviram odma mi zatvara....pomozite molim vas poludecu vise

memi je skoro isti problem
izlazi mi
Microsoft visual c++
runtime library
runtime error
R 6002
floating point support




to izadje i cim idem ok ili na iks odma mi zatvara i ne pokerne mi

Skinite program HijackThis.
Kada ga preuzmete, preimenujte fajl u bilo sta, npr. “destruct0.exe”. Pokrenite ga i kliknite “Do a system scan and save a logfile”. Taj log iskopirajte ovde.

P.S. Mozda bi najbolje bilo da skinete Dr.Web LiveCD, narezete na CD i da skenirate racunar.

kako ja brate da izbrisem....isto se i meni desava....neki lud virus

nemogu da skinem dr web cim probam odma mi zatvara prozor

v_oj-kan, a HijackThis? Rootkit je najverovatnije u pitanju, najbolje je skinuti LiveCD kod nekoga i onda skenirati racunar.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:10 PM, on 12/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AI Booster\OverClk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\TELNET.EXE
C:\WINDOWS\system32\TELNET.EXE
C:\WINDOWS\system32\TELNET.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vojkan\My Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\AirLiveUI.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8146A04-8855-41C5-8279-0A4E9BE0F126}: NameServer = 10.20.31.253 10.20.0.254
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 6183 bytes

ovo mi izadje za log ................

Stiklirajte sledece objekte i kliknite “Fix checked”
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
Posle toga restartujte racunar.

Ako moze log RootRepeal-a
1. Skinite sa http://rootrepeal.googlepages.com/RootRepeal.rar
2. Odradite sve kao na slici prateci postupke po broju

ee a zaboravio sam da kazem....hard mi je brisam skroz i opet sam ins windovs i swe se opet desava dal je to moguce?????????odg please

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/12/09 15:23
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA2F1000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A5A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hqijog.sys
Image Path: C:\WINDOWS\system32\drivers\hqijog.sys
Address: 0xF8A66000 Size: 5024 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7A23000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Status: Invisible to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa5081a5

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa5079cc

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa5040b0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa507013

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa506e90

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa50754a

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa508225

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa5044e1

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa504574

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\khips.sys" at address 0xaa3338b0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\drivers\khips.sys" at address 0xaa333a20

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa507c97

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa504307

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa5075d6

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa507f99

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa50467d

#: 274 Function Name: NtWriteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa507ef6

==EOF==




ovo izadje za log na rootRepeal

U RootRepeal-u idite na Tools > Wipe, Copy and Delete pa u prazno polje ubacite
C:\WINDOWS\system32\drivers\hqijog.sys
i zatim oznacite "Copy File" pa "Do Operation". Iskopirani fajl zapakujete u ".rar"/".zip" sa password-om "virus", upload-ujte na Rapidshare i posaljite mi link preko PP.

nema brate ovo kod mene u windovsu.......

Moguće, ako koristiš neku neispitanu instalaciju XP-a, skinutu sa torenta pod nekim čudnim nazivom, tipa Black Edition ... i slično.
Da nije to u pitanju?

Ili, ako je instalacija XP-a u redu, da onda dovlačiš malware sa nekog instalacionog diska gde ti se nalaze ostale instalacije.




Koristi Total commander i uključi opciju Show Hidden files

A postoje i mesta na disku (MBR) gde se malware moze sakriti i preziveti format - vec smo pisali o tome nekoliko puta ovde na zastiti...

a dao sam disk da ga kill hdd.....obrisan je skroz......pa sta bi trebao da uradim?

ukljucio sam total commander

i ukljucio sakrivene foldere.....a sta sad

Ne znam kome si ga dao i kako ga je taj ubijao, i ne znam sta znaci "obrisan je skroz", ali recimo formatiranje diska ne brise MBR sektor, vec je potrebno odraditi najmanje FIXMBR iz Windowsove Recovery konzole, ili low-level format odgovarajucim alatom proizvodjaca HDD-a...

OK ljudi pošto imam identičan problem, samo ja nemamigrice nego mi prilikom pokretanja CCleanera izbaci taj famozni

R6002 - floating point support not load.

Pratio sam vaše upute, instalirao HijachThis i evo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:41, on 28.1.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Computer\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunOnce: [WinSATRestorePower] powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 3475 bytes



Molim vas ako mi neko može pomoći, jer ovo polako dovodi do nervnog rastrojstva. ništa ne pomaže. Ima tu čitava priča da se ispriča! Ovako:
Ovo mi se pojavilo prije 3 - 4 mjeseca na računaru, ali sam mislio da je neki "kvar" u registriju pa nisam puno obraćao pažnju. Ali kad je počelo ići na živce formatirao sam c particiju nadajući se da je stvar riješena. Poslije par dana stvar se ponovila i ja otad hodam ko bez glave. Poslije par dana na sve to crkne mi računar, te sam bio prinuđen da uzmem drugi. Instalirao sam XP više ne razmišljajući o tome jer sam imao drugi komp sa drugom matičnom, drugim procesrorom, ramom, sve drugo.... Možete zamisliti moj šok kad se sve ponovo se vratilo. Užas. Napokon, neki dan instaliram Windows 7 i pogađate... Ljudi, proganja me... Neko se urotio protiv mene.
Ima još. Od tad ne mogu da otvorim ni Google Earth, ne mogu da "okinem" capture na Logithecovoj web kameri, kad pokrenem SuperAnti Spywer nakon skeniranja isto izbaci, pa se ugasi... to je ono što mi trenutno pada napamet.
Inače sam računar je brz, radi stvarno dobro, jedino taj problem...

Molim vas, ljudi, pomozite. Ovo ide do nervnog rastrojstva. Ubija. Očajan sam....

* Skini Combofix program
Poseti ovu stranicu za download link i Uputstvo za koriscenje Combofix programa:
http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix

* Privremeno iskljuci svoj AntiVirus program.
Poseti ovu stranicu za uputstvo:
http://www.bleepingcomputer.com/forums/topic114351.html

* Pokreni Combofix!
Kad alat zavrsi skeniranje otvorice notepad sa izvestajem (log).
Kopiraj taj izvestaj ovde. (tipicna lokacija loga: C:\ComboFix.txt)

učinio sve kako je objašnjeno, i na kraju je izbacio ovo:



ComboFix 10-02-05.04 - computer 06.02.2010 17:19:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.703.504 [GMT 1:00]
Running from: c:\documents and settings\computer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\computer\LOCALS~1\Temp\kga3.tmp
c:\documents and settings\computer\Local Settings\Temp\kga3.tmp
c:\windows\kb913800.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\systeminfo.dll
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-06 11:49 . 2010-02-06 11:49 -------- d-----w- c:\program files\CCleaner
2010-02-05 23:53 . 2010-02-05 23:53 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\ACD Systems
2010-02-05 23:53 . 2010-02-05 23:53 -------- d-----w- c:\documents and settings\computer\Application Data\ACD Systems
2010-02-05 23:53 . 2010-02-05 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-02-05 23:53 . 2010-02-05 23:53 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-02-05 23:53 . 2010-02-05 23:53 -------- d-----w- c:\program files\ACD Systems
2010-02-05 23:51 . 2010-02-05 23:51 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Downloaded Installations
2010-02-05 23:04 . 2010-02-05 23:08 -------- d-----w- c:\program files\ApexDC++
2010-02-05 22:57 . 2010-02-05 22:57 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Readon_Technology
2010-02-05 22:53 . 2010-02-05 22:53 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-05 22:52 . 2010-02-05 22:52 -------- d-----w- c:\program files\Xvid
2010-02-05 22:52 . 2010-02-05 22:52 -------- d-----w- c:\program files\ffdshow
2010-02-05 22:52 . 2010-02-05 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-05 22:52 . 2010-02-05 22:52 -------- d-----w- c:\documents and settings\computer\Application Data\Winamp
2010-02-05 22:52 . 2010-02-05 22:52 -------- d-----w- c:\program files\Winamp
2010-02-05 16:05 . 2010-02-05 22:51 -------- d-----w- c:\program files\K-Lite Codec Pack(2)
2010-02-05 16:01 . 2010-02-05 22:52 -------- d-----w- c:\program files\Winamp(2)
2010-02-05 16:01 . 2010-02-05 22:52 -------- d-----w- c:\documents and settings\computer\Application Data\Winamp(2)
2010-02-05 02:29 . 2010-02-06 15:42 -------- d-----w- c:\documents and settings\computer\Application Data\vlc
2010-02-05 02:00 . 2010-02-05 22:52 -------- d-----w- c:\program files\DivX
2010-02-05 01:21 . 2010-02-05 01:21 -------- d-----w- c:\program files\Readon Technology
2010-02-05 00:18 . 2010-02-05 00:52 -------- d-----w- c:\documents and settings\computer\Application Data\foobar2000
2010-02-04 23:42 . 2010-02-04 23:42 -------- d-----w- c:\documents and settings\computer\Application Data\JLC's Software
2010-02-04 23:42 . 2010-02-04 23:58 -------- d-----w- c:\program files\JLC's Software
2010-02-04 23:15 . 2010-02-04 23:15 -------- d-----w- c:\program files\Common Files\NSV
2010-02-04 21:57 . 2010-02-04 21:57 -------- d-----w- c:\windows\Sun
2010-02-04 21:57 . 2010-02-04 21:57 503808 ----a-w- c:\documents and settings\computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-535091dd-n\msvcp71.dll
2010-02-04 21:57 . 2010-02-04 21:57 499712 ----a-w- c:\documents and settings\computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-535091dd-n\jmc.dll
2010-02-04 21:57 . 2010-02-04 21:57 348160 ----a-w- c:\documents and settings\computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-535091dd-n\msvcr71.dll
2010-02-04 21:56 . 2010-02-04 21:56 -------- d-----w- c:\program files\Common Files\Java
2010-02-04 21:56 . 2010-02-04 21:56 61440 ----a-w- c:\documents and settings\computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42b3eea0-n\decora-sse.dll
2010-02-04 21:56 . 2010-02-04 21:56 12800 ----a-w- c:\documents and settings\computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42b3eea0-n\decora-d3d.dll
2010-02-04 21:56 . 2010-02-04 21:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-04 21:56 . 2010-02-04 21:56 -------- d-----w- c:\program files\Java
2010-02-04 21:38 . 2010-02-04 21:38 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-02-04 20:46 . 2004-08-03 22:56 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-02-04 20:39 . 2010-02-04 20:39 -------- d-----w- c:\documents and settings\computer\Application Data\FDRLab
2010-02-04 20:20 . 2010-02-04 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\BlazeVideo
2010-02-04 20:19 . 2005-03-25 22:42 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-02-04 20:19 . 2005-03-25 22:42 363520 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-03 16:13 . 2010-02-03 16:13 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Identities
2010-02-03 11:24 . 2010-02-03 11:24 -------- d-----w- c:\program files\IrfanView
2010-02-02 23:07 . 2010-02-02 23:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-02 23:02 . 2010-02-02 23:05 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Temp
2010-02-02 23:02 . 2010-02-02 23:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-02 16:15 . 2010-02-02 16:15 -------- d-----w- c:\program files\QuickTorrentMaker
2010-02-02 10:04 . 2010-02-02 10:04 -------- d-----w- c:\program files\Microsoft
2010-02-02 09:56 . 2010-02-02 10:04 12912 ----a-w- c:\documents and settings\computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-01 12:32 . 2010-02-01 12:32 -------- d--h--w- c:\windows\PIF
2010-02-01 12:28 . 2010-02-01 12:28 5293538 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-01 12:24 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 12:24 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 12:04 . 2010-02-04 19:52 52224 ----a-w- c:\documents and settings\computer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-01 12:03 . 2010-02-04 20:35 117760 ----a-w- c:\documents and settings\computer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-01 12:02 . 2010-02-01 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-01 12:01 . 2010-02-02 09:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-01 12:01 . 2010-02-01 12:01 -------- d-----w- c:\documents and settings\computer\Application Data\SUPERAntiSpyware.com
2010-02-01 12:01 . 2010-02-01 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-01 11:24 . 2010-02-04 20:07 -------- d-----w- c:\program files\Google
2010-02-01 01:38 . 2010-02-01 01:38 -------- d-----w- c:\program files\uTorrent
2010-02-01 01:37 . 2010-02-01 20:45 -------- d-----w- c:\documents and settings\computer\Application Data\uTorrent
2010-02-01 00:42 . 2010-02-01 00:42 -------- d-----w- c:\documents and settings\computer\Application Data\Malwarebytes
2010-02-01 00:42 . 2010-02-01 12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 00:42 . 2010-02-01 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-31 23:49 . 2010-01-31 23:49 -------- d-----w- c:\program files\Foxit Software
2010-01-31 23:49 . 2010-01-31 23:49 -------- d-----w- c:\documents and settings\computer\Application Data\Foxit
2010-01-31 20:55 . 2010-01-31 20:55 -------- d-----w- c:\program files\Screamer Radio
2010-01-31 20:40 . 2010-01-31 20:40 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\LogiShrd
2010-01-31 20:39 . 2010-01-31 20:39 -------- d-----w- c:\documents and settings\computer\Application Data\Leadertech
2010-01-31 20:38 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-01-31 20:38 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
2010-01-31 20:38 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\LVCodec2.dll
2010-01-31 20:38 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2010-01-31 20:38 . 2009-04-30 22:56 495768 ----a-w- c:\windows\system32\drivers\LV561AV.SYS
2010-01-31 20:38 . 2010-01-31 20:39 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-31 20:38 . 2010-01-31 20:39 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-31 20:38 . 2010-01-31 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-31 19:58 . 2010-01-31 19:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-31 18:22 . 2010-01-31 23:36 -------- d-----w- c:\program files\Logitech
2010-01-31 09:36 . 2010-01-31 09:36 -------- d-----w- c:\documents and settings\computer\Application Data\MSNInstaller
2010-01-30 23:52 . 2010-02-06 11:13 -------- d-----w- c:\documents and settings\computer\Tracing
2010-01-30 23:47 . 2010-02-02 10:03 -------- d-----w- c:\program files\Windows Live
2010-01-30 23:40 . 2010-01-30 23:40 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-30 22:05 . 2010-01-30 22:05 -------- d-----w- c:\documents and settings\computer\Application Data\Thinstall
2010-01-30 21:57 . 2010-01-30 21:57 -------- d-----w- c:\documents and settings\computer\Application Data\Nero
2010-01-30 21:54 . 2010-01-31 21:05 -------- d-----w- c:\program files\Nero
2010-01-30 21:54 . 2010-01-30 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-01-30 21:54 . 2010-01-30 21:54 -------- d-----w- c:\program files\Common Files\Nero
2010-01-30 19:46 . 2010-02-02 23:05 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Google
2010-01-30 19:06 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-01-30 19:06 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-30 19:05 . 2010-01-28 11:14 85504 ----a-w- c:\windows\system32\ff_vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 16:04 . 2010-01-30 18:06 -------- d-----w- c:\documents and settings\computer\Application Data\Skype
2010-02-01 11:58 . 2010-01-30 17:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-31 20:38 . 2010-01-30 18:16 -------- d-----w- c:\program files\Common Files\Logitech
2010-01-31 20:26 . 2010-01-30 17:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-30 19:17 . 2010-01-30 17:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-30 18:44 . 2010-01-30 18:23 -------- d-----w- c:\program files\MV2Player
2010-01-30 18:26 . 2010-01-30 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-30 18:26 . 2010-01-30 18:26 -------- d-----w- c:\program files\CyberLink
2010-01-30 18:26 . 2010-01-30 18:26 -------- d-----w- c:\program files\ASUSTek
2010-01-30 18:22 . 2010-01-30 18:05 -------- d-----r- c:\program files\Skype
2010-01-30 18:05 . 2010-01-30 18:05 -------- d-----w- c:\program files\Common Files\Skype
2010-01-30 18:05 . 2010-01-30 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-30 17:49 . 2010-01-30 17:49 0 ----a-w- c:\windows\nsreg.dat
2010-01-30 17:38 . 2010-01-30 17:38 -------- d-----w- c:\program files\Realtek AC97
2010-01-30 17:35 . 2010-01-30 17:35 -------- d-----w- c:\program files\S3
2010-01-30 17:26 . 2010-01-30 17:26 -------- d-----w- c:\program files\microsoft frontpage
2010-01-30 17:21 . 2010-01-30 17:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-30 17:21 . 2010-01-30 17:21 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-22 21:49 . 2003-08-08 10:53 323584 ----a-w- c:\windows\system32\VTovrlay.dll
2010-01-22 21:49 . 2003-05-07 15:32 214488 ----a-w- c:\windows\system32\VTTimer.exe
2010-01-22 21:49 . 2003-01-07 05:26 251360 ----a-w- c:\windows\system32\VTuninst.exe
2010-01-22 21:49 . 2003-08-11 13:09 265344 ----a-w- c:\windows\system32\drivers\vtmini.sys
2010-01-22 21:49 . 2003-07-31 01:45 225280 ----a-w- c:\windows\system32\VTInfo2.dll
2010-01-22 21:49 . 2003-08-11 13:10 1720320 ----a-w- c:\windows\system32\vticd.dll
2010-01-22 21:49 . 2003-06-18 14:42 290816 ----a-w- c:\windows\system32\VTGamma2.dll
2010-01-22 21:49 . 2003-08-11 13:08 1851904 ----a-w- c:\windows\system32\vtdisp.dll
2010-01-22 21:49 . 2003-08-08 01:41 438272 ----a-w- c:\windows\system32\VTDisply.dll
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^Logitech . Registracija proizvoda.lnk]
path=c:\documents and settings\computer\Start Menu\Programs\Startup\Logitech . Registracija proizvoda.lnk
backup=c:\windows\pss\Logitech . Registracija proizvoda.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3917272 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2971104 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-01-07 15:07 607192 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 4061666 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 210396 ----a-w- c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 755160 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 424410 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-07-28 09:53 2008538 ------w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2010-01-22 21:49 214488 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 215512 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.7.2009 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.7.2009 10:53 72944]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.2.2010 13:24 236368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1.2.2010 13:24 19160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.7.2009 10:53 7408]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\computer\Application Data\Mozilla\Firefox\Profiles\dlj6e97x.default\
FF - prefs.js: browser.startup.homepage - www.google.com/ncr
FF - plugin: c:\program files\Java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\npjpi160_18.dll
FF - plugin: c:\program files\Java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
MSConfigStartUp-CamWizard - c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
MSConfigStartUp-LVCOMSX - c:\windows\system32\LVCOMSX.EXE
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 17:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\COMRes.dll
.
Completion time: 2010-02-06 17:23:31
ComboFix-quarantined-files.txt 2010-02-06 16:23

Pre-Run: 22.660.866.048 bytes free
Post-Run: 22.642.909.184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\wubildr.mbr = "Ubuntu"

- - End Of File - - 925BCCE4422CE3821A2C7AC1F4921731

Ovo sad deluje cisto. Reci mi ima li sad poboljsanja?

PS: Instaliraj neki Antivirus.
free: avira,avg,avast5
komercijalne: Kaspersky,BitDefender,Nod32 ...etc

_{[Ovu poruku je menjao magna86 dana 06.02.2010. u 18:15 GMT+1]}

Pa, sad ne znam, stvano koliko je čisto. Možda uopšte nije virus.
Upozorenje se i dalje pojavljuje. Evo primjeri sa dva programa:

ApexDC++



CCleaner



A, što se tiče antivirusa, ne znam stvarno. ne vjerujem nijednom, koji god sam imao virusi su ipak ulijetali..
Koji preporučuješ?

Ajde isprati ovu putanju i posalji ovaj file na analizu na http://www.virustotal.com/

C:\Qoobox\Quarantine\c:\windows\system32\dumphive.exe.vir

Zatim postavi link sa izvestajem sa sajta

OK. Evo ga:

http://www.virustotal.com/anal...4d26c1703e041d080e3-1265490832

Izgleda da su ti .exe fajlovi inficirani Parite b virusom. Neophodno ti je neko antivirusno resenje!

Dobro. Ja sam već bezbroj puta skenirao sistem sa raznim altima. Antimalware, Spybot, Sapetantispyware, i sve što je pronađeno je ili izbrisano ili stavljeno u karantin. Čak i ovi .exe fajlovi što si rekao. Skinuću AVG. Ali pesimista sam. Jer ovo je već 5. put da mi se ovaj problem vraća. Čak i kad formatiram disk, nakon sat ili dva od podizanja desi se isto, za šta je vrlo mala vjerovatnoća. A pogotovo da se toliko često ponavlja isto i tako stalno u krug.

Da se citiram:
Ovo mi se pojavilo prije 3 - 4 mjeseca na računaru, ali sam mislio da je neki "kvar" u registriju pa nisam puno obraćao pažnju. Ali kad je počelo ići na živce formatirao sam c particiju nadajući se da je stvar riješena. Poslije par dana stvar se ponovila i ja otad hodam ko bez glave. Poslije par dana na sve to crkne mi računar, te sam bio prinuđen da uzmem drugi. Instalirao sam XP više ne razmišljajući o tome jer sam imao drugi komp sa drugom matičnom, drugim procesrorom, ramom, sve drugo.... Možete zamisliti moj šok kad se sve ponovo se vratilo. Užas. Napokon, neki dan instaliram Windows 7 i pogađate isti problem.... Ljudi, proganja me... Neko se urotio protiv mene.
Ima još. Od tad ne mogu da otvorim ni Google Earth, ne mogu da "okinem" capture na Logithecovoj web kameri, kad pokrenem SuperAnti Spywer nakon skeniranja isto izbaci, pa se ugasi... to je ono što mi trenutno pada napamet.
Inače sam računar je brz, radi stvarno dobro, jedino taj problem...

Suština je u tome da mi se ovaj problem javio na dva različita računara, sa potpuno različitim konfiguracijama i na dva različita operativna sistema. Šta god da uradim VRAĆA SE!

Na tvom PC-ju vise nema tragova malware-a. PC je cist.
Kristi je proveravao nesto drugo a to je Combofix vec eleminisao.


Idemo dalje:
Odradi dodatno skeniranje mada neverujem da cemo ista naci.
.................................
Skini Gmer saovog linka na Desktop
http://www2.gmer.net/download.php

pokreni Gmer,sacekaj da se zavrsi uvodno skeniranje (ako se pojavi nekakva poruka idi na No)
idi na Scan i sacekaj da skeniranje bude zavrseno...klikni Save ...sacuvaj to kao GmerLog1

Klikni desnim tasterom na prozor programa Gmer i odaberi Options >> Only non MS files i klikni Scan
..napravice se novi log...taj log sacuvaj kao GmerLog2

Klikni taster >>> i izaberi Autostart karticu.
po zavrsetku skeniranja izaberi Copy,otvori novi notepad,izaberi Paste i taj log sacuvaj kao GmerLog3.



*Uz poruku prikaci GmerLog1,GmerLog2,GmerLog3.
*Ponovo pokreni Combofix i kopiraj mi log koji dobijes na forum.
...................................
Mogao bi odraditi i popravku fajlova pomocu SFC scannow komande

*Start > Run i kucaj sledece:

idi na OK.
* Mozda ce ti zatrebati Windows XP CD zato ga pripremi.
* Dopusti da se skeniranje zavrsi,a kad se zavrsi restartuj racunar.

................................

Inace...AntiVirus ti je neophodan.Inace sve ovo je uzalud.
Koji? Bilo koji..napisao sam vec koje preporucujem.
Opet...moras da znas da nijedan AntiVirus ne moze da ti pruzi stopostotnu zastitu.

I pitanje. Da li ti je mozda kojim slucajem racunar umrezen? Koja je mreza u pitanju?
Zelim da privedemo ovo kraju,da bi mogao savete da trazis na drugom mestu ( mislim na Windows desktop forumu )

Najverovatnije ga prenosis preko fleske. jedino resenje je formatiranje C particije, skidanje nekog antivirusa iskljucivo na desktop i kompletno skeniranje sistema. Kao sto si mogao da vidis ovde se radi o Parite virusu, koji ti je zarazio sve exe fajlove na masini. Ovde smo dosta pricali o takvim virusima, mozes da nadjes temu o Sality (pretraga) gde mozes da procitas kako se cisti.
Znaci kod tebe je sve unisteno i nema popravki, svaki pokusaj ciscenja iz aktivnog windowsa je gubljenje vremena, upravo iz razloga sto je sistem potpuno unisten.
Inace dosta dugo ovaj fajl infektor nije bio aktivan, bar ga ja nisam sretao, gde si ga zakacio ne znam. Ili je mozda ponovo u akciji, zato obratite paznju sta skidate ili instalirate.

Magna je napravio gresku u koracima
Ili je spavao na casu, ili mu je devojka smetala pre ce biti ovo drugo

dopuna.



Zato sto je on zarazio sve particije i kad kliknes na D ili E ako imas, automatski si zarazio sistem. Zato posle formatiranja skini Avast (preporuka) na desktop i skeniraj komletan sistem (boot scan), pa tek posle nastavi sa instalacijom programa. Inace sve instalacije koje imas, exe fajlovi su ti unisteni tako da znas.
Sad vidis zasto je neophodno imati AV na kompu, svi trojanci, crvi, spyware-i zajedno nisu opasni kao jedan virus.







_{[Ovu poruku je menjao kristi1 dana 07.02.2010. u 11:32 GMT+1]}

Nekad davno sam imao parite b u kompu i kasperski je uspesno dezinfekovao vecinu zarazenih fajlova. Preko 2000 fajlova je bilo zarazeno.

Evo ovako. Gmer logovi:

GmerLog1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-07 12:55:18
Windows 5.1.2600 Service Pack 2
Running: lft1w0kp.exe; Driver: C:\DOCUME~1\computer\LOCALS~1\Temp\kftdrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----



GmerLog2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-07 12:56:17
Windows 5.1.2600 Service Pack 2
Running: lft1w0kp.exe; Driver: C:\DOCUME~1\computer\LOCALS~1\Temp\kftdrpow.sys


---- Modules - GMER 1.0.15 ----

Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F837E000-F8380000 (8192 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7EEA000-F7EF4000 (40960 bytes)
Module avgrkx86.sys (AVG Anti-Rootkit Driver/AVG Technologies CZ, s.r.o.) F7C7B000-F7CA1000 (155648 bytes)
Module AVGIDSxx.sys (IDS Application Activity Monitor Helper Driver./AVG Technologies ) F7F0A000-F7F13000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\vtmini.sys (VIA/S3G Miniport Driver/Copyright (C) VIA/S3 Graphics, Inc.) F76CD000-F770E000 (266240 bytes)
Module \SystemRoot\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) F7284000-F7673000 (4124672 bytes)
Module \SystemRoot\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) F818A000-F8191000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\avgfwdx.sys (AVG Firewall intermediate miniport driver/AVG Technologies CZ, s.r.o.) F81A2000-F81A9000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F81BA000-F81BF000 (20480 bytes)
Module \SystemRoot\System32\Drivers\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) F5ADD000-F5B34000 (356352 bytes)
Module \??\C:\Program_Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) F5A6E000-F5A93000 (151552 bytes)
Module \??\C:\Program_Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) F8202000-F8208000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\LV561AV.SYS (Logitech Video Driver/Logitech Inc.) F5872000-F58EA000 (491520 bytes)
Module \SystemRoot\System32\Drivers\avgmfx86.sys (AVG Resident Shield Minifilter Driver/AVG Technologies CZ, s.r.o.) F822A000-F8230000 (24576 bytes)
Module \SystemRoot\System32\Drivers\avgldx86.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.) F5822000-F5872000 (327680 bytes)
Module \SystemRoot\System32\vtdisp.dll (VIA/S3G Graphics Driver/VIA/S3 Graphics, Inc.) BF9D4000-BFB99000 (1855488 bytes)
Module \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) F57E2000-F57E6000 (16384 bytes)
Module \??\C:\Program_Files\AVG\AVG9\Identity_Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) F815A000-F815F000 (20480 bytes)
Module \??\C:\Program_Files\AVG\AVG9\Identity_Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies ) B69A8000-B69B2000 (40960 bytes)
Module \??\C:\Program_Files\AVG\AVG9\Identity_Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (IDS Application Activity Monitor Driver./AVG Technologies ) B67D0000-B67F8000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) B6217000-B623F000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\LVPr2Mon.sys F8162000-F8167000 (20480 bytes)
Module \??\C:\DOCUME~1\computer\LOCALS~1\Temp\kftdrpow.sys (GMER) B4928000-B493F000 (94208 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech LVPrcSrv Module./Logitech Inc.) 260
Library C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech LVPrcSrv Module./Logitech Inc.) 0x00400000

Process C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 320
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x00400000

Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 348
Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x00D30000
Library C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (ShellExecuteHook/SuperAdBlocker.com) 0x10000000
Library C:\WINDOWS\system32\msdmo.dll 0x736B0000

Process C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG IDS application/AVG Technologies CZ, s.r.o.) 536
Library C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG IDS application/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll 0x10000000
Library C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll 0x00380000

Process C:\Program Files\AVG\AVG9\avgam.exe (AVG Alert Manager/AVG Technologies CZ, s.r.o.) 820
Library C:\Program Files\AVG\AVG9\avgam.exe (AVG Alert Manager/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\Program Files\AVG\AVG9\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000
Library C:\Program Files\AVG\AVG9\avgidpsdkx.dll (AVG Identity Protection Library/AVG Technologies CZ, s.r.o.) 0x10000000
Library C:\Program Files\AVG\AVG9\avgameh.dll (AVG Alert Manager Library/AVG Technologies CZ, s.r.o.) 0x6A520000
Library C:\Program Files\AVG\AVG9\avgamnot.dll (AVG Event Notification Library/AVG Technologies CZ, s.r.o.) 0x6A5B0000

Process C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Tray Monitor/AVG Technologies CZ, s.r.o.) 984
Library C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Tray Monitor/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\Program Files\AVG\AVG9\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000
Library C:\Program Files\AVG\AVG9\avguires.dll (AVG User Interface Resource Library/AVG Technologies CZ, s.r.o.) 0x6D0B0000
Library C:\Program Files\AVG\AVG9\avgidpsdkx.dll (AVG Identity Protection Library/AVG Technologies CZ, s.r.o.) 0x10000000

Process C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe (AVG IDS application/AVG Technologies CZ, s.r.o.) 1068
Library C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe (AVG IDS application/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll 0x10000000
Library C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll 0x00380000

Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 1136
Library C:\WINDOWS\system32\avgrsstx.dll (AVG Resident Shield Starter/AVG Technologies CZ, s.r.o.) 0x6C1B0000

Process C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) 1360
Library C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgwd.dll (AVG Watchdog Module/AVG Technologies CZ, s.r.o.) 0x6D740000
Library C:\Program Files\AVG\AVG9\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\Program Files\AVG\AVG9\avgidpsdkx.dll (AVG Identity Protection Library/AVG Technologies CZ, s.r.o.) 0x10000000
Library C:\Program Files\AVG\AVG9\avgaspmx.dll (AVG Antispam Module/AVG Technologies CZ, s.r.o.) 0x6A7F0000
Library C:\Program Files\AVG\AVG9\avgsched.dll (AVG Scheduler Module/AVG Technologies CZ, s.r.o.) 0x6C250000
Library C:\Program Files\AVG\AVG9\avgwdwsc.dll (AVG Windows Security Center Module/AVG Technologies CZ, s.r.o.) 0x6D930000
Library C:\Program Files\AVG\AVG9\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000

Process C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Firewall Service/AVG Technologies CZ, s.r.o.) 1496
Library C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Firewall Service/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\avgcertx.dll (AVG Cert SDK/AVG Technologies CZ, s.r.o.) 0x6E780000
Library C:\Program Files\AVG\AVG9\avgclitx.dll (AVG Scanning Core Module - Lite Version/AVG Technologies CZ, s.r.o.) 0x6AA70000
Library C:\Program Files\AVG\AVG9\avgchclx.dll (AVG Cache Manager Module - Client Part/AVG Technologies CZ, s.r.o.) 0x6E700000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\Program Files\AVG\AVG9\avgidpsdkx.dll (AVG Identity Protection Library/AVG Technologies CZ, s.r.o.) 0x10000000
Library C:\Program Files\AVG\AVG9\avgmtrapx.dll (AVG M-TRAP Reporting Library/AVG Technologies CZ, s.r.o.) 0x02230000

Process C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Cache Server/AVG Technologies CZ, s.r.o.) 1736
Library C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Cache Server/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgchjwx.dll (AVG Scanning Cache Module/AVG Technologies CZ, s.r.o.) 0x6E870000
Library C:\Program Files\AVG\AVG9\avgcertx.dll (AVG Cert SDK/AVG Technologies CZ, s.r.o.) 0x6E780000
Library C:\Program Files\AVG\AVG9\avgclitx.dll (AVG Scanning Core Module - Lite Version/AVG Technologies CZ, s.r.o.) 0x6AA70000

Process C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Resident Shield Service/AVG Technologies CZ, s.r.o.) 1744
Library C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Resident Shield Service/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgcclix.dll (AVG Scanning Core Module - Client Part/AVG Technologies CZ, s.r.o.) 0x6A870000

Process C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 1760
Library C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000

Process C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 1956
Library C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgcorex.dll (AVG Scanning Core Module/AVG Technologies CZ, s.r.o.) 0x6AB10000
Library C:\Program Files\AVG\AVG9\avgcrlpx.dll (AVG Core RLP Module/AVG Technologies CZ, s.r.o.) 0x6B1F0000
Library C:\Program Files\AVG\AVG9\avgcertx.dll (AVG Cert SDK/AVG Technologies CZ, s.r.o.) 0x6E780000
Library C:\Program Files\AVG\AVG9\avgchclx.dll (AVG Cache Manager Module - Client Part/AVG Technologies CZ, s.r.o.) 0x6E700000

Process C:\Program Files\AVG\AVG9\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) 2012
Library C:\Program Files\AVG\AVG9\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\libsasl.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DD70000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgapix.dll (AVG API Module/AVG Technologies CZ, s.r.o.) 0x6A630000
Library C:\Program Files\AVG\AVG9\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\Program Files\AVG\AVG9\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000
Library C:\Program Files\AVG\AVG9\avgscanx.dll (AVG Scanning Module/AVG Technologies CZ, s.r.o.) 0x6C1C0000
Library C:\Program Files\AVG\AVG9\avgsrmx.dll (AVG Scan Result Manager Module/AVG Technologies CZ, s.r.o.) 0x6C550000
Library C:\Program Files\AVG\AVG9\avgvvx.dll (AVG Virus Vault Module/AVG Technologies CZ, s.r.o.) 0x6D670000
Library C:\Program Files\AVG\AVG9\avgmvflx.dll (AVG Move File Library/AVG Technologies CZ, s.r.o.) 0x6BD30000
Library C:\Program Files\AVG\AVG9\avgcclix.dll (AVG Scanning Core Module - Client Part/AVG Technologies CZ, s.r.o.) 0x6A870000
Library C:\Program Files\AVG\AVG9\saslcrammd5.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DDB0000
Library C:\Program Files\AVG\AVG9\sasldigestmd5.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DDC0000
Library C:\Program Files\AVG\AVG9\sasllogin.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DDA0000
Library C:\Program Files\AVG\AVG9\saslplain.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DD90000
Library C:\Program Files\AVG\AVG9\avgaspmx.dll (AVG Antispam Module/AVG Technologies CZ, s.r.o.) 0x02120000
Library C:\Program Files\AVG\AVG9\winspamcatcher.dll (Mailshell Anti-Spam SDK/Mailshell) 0x10000000

Process C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Network scanner Service/AVG Technologies CZ, s.r.o.) 2064
Library C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Network scanner Service/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\Program Files\AVG\AVG9\imsdk32.dll (IMFilter SDK/Winco Sistemas) 0x6DCF0000
Library C:\Program Files\AVG\AVG9\avgxpl.dll (LinkScanner SDK/AVG Technologies CZ, s.r.o.) 0x6DB90000
Library C:\Program Files\AVG\AVG9\avglvex.dll (AVG Prevalence Reporting Library/AVG Technologies CZ, s.r.o.) 0x10000000
Library C:\Program Files\AVG\AVG9\avgcclix.dll (AVG Scanning Core Module - Client Part/AVG Technologies CZ, s.r.o.) 0x6A870000

Process C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 2412
Library C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgcorex.dll (AVG Scanning Core Module/AVG Technologies CZ, s.r.o.) 0x6AB10000
Library C:\Program Files\AVG\AVG9\avgcrlpx.dll (AVG Core RLP Module/AVG Technologies CZ, s.r.o.) 0x6B1F0000
Library C:\Program Files\AVG\AVG9\avgcertx.dll (AVG Cert SDK/AVG Technologies CZ, s.r.o.) 0x6E780000
Library C:\Program Files\AVG\AVG9\avgchclx.dll (AVG Cache Manager Module - Client Part/AVG Technologies CZ, s.r.o.) 0x6E700000

Process C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 2668
Library C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x00400000
Library C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x10000000
Library C:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x002D0000
Library C:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x78130000
Library C:\Program Files\Mozilla Firefox\js3250.dll (Netscape 32-bit JavaScript Module/Netscape Communications Corporation) 0x004E0000
Library C:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x00350000
Library C:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x00380000
Library C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x005D0000
Library C:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x003A0000
Library C:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x003C0000
Library C:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x003D0000
Library C:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x003E0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x00670000
Library C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll (Mozilla Foundation) 0x012F0000
Library C:\Program Files\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x01860000
Library C:\Program Files\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x01890000
Library C:\Program Files\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x018B0000
Library C:\Program Files\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x01C00000
Library C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll (Mozilla Foundation) 0x01E50000
Library C:\Program Files\AVG\AVG9\Firefox\components\avgssff.dll (Safe Search for Firefox/AVG Technologies CZ, s.r.o.) 0x6C660000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgxpl.dll (LinkScanner SDK/AVG Technologies CZ, s.r.o.) 0x6DB90000
Library C:\Program Files\AVG\AVG9\avglvex.dll (AVG Prevalence Reporting Library/AVG Technologies CZ, s.r.o.) 0x03380000
Library C:\Program Files\AVG\AVG9\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 0x06000000

Process C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 3108
Library C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG9\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG9\avgcorex.dll (AVG Scanning Core Module/AVG Technologies CZ, s.r.o.) 0x6AB10000
Library C:\Program Files\AVG\AVG9\avgcrlpx.dll (AVG Core RLP Module/AVG Technologies CZ, s.r.o.) 0x6B1F0000
Library C:\Program Files\AVG\AVG9\avgcertx.dll (AVG Cert SDK/AVG Technologies CZ, s.r.o.) 0x6E780000
Library C:\Program Files\AVG\AVG9\avgchclx.dll (AVG Cache Manager Module - Client Part/AVG Technologies CZ, s.r.o.) 0x6E700000

Process C:\Documents and Settings\computer\Desktop\lft1w0kp.exe 3932
Library C:\Documents and Settings\computer\Desktop\lft1w0kp.exe 0x00400000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) [MANUAL] ALCXWDM
Service AVG
Service C:\Program Files\AVG\AVG9\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) [AUTO] avg9emc
Service C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) [AUTO] avg9wd
Service C:\WINDOWS\system32\DRIVERS\avgfwdx.sys (AVG Firewall intermediate miniport driver/AVG Technologies CZ, s.r.o.) [MANUAL] Avgfwdx
Service C:\WINDOWS\system32\DRIVERS\avgfwdx.sys (AVG Firewall intermediate miniport driver/AVG Technologies CZ, s.r.o.) [MANUAL] Avgfwfd
Service C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Firewall Service/AVG Technologies CZ, s.r.o.) [AUTO] avgfws9
Service C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG IDS application/AVG Technologies CZ, s.r.o.) [AUTO] AVGIDSAgent
Service C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (IDS Application Activity Monitor Driver./AVG Technologies ) [MANUAL] AVGIDSDriverxpx
Service C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (IDS Application Activity Monitor Helper Driver./AVG Technologies ) [BOOT] AVGIDSErHrxpx
Service C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies ) [MANUAL] AVGIDSFilterxpx
Service C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) [MANUAL] AVGIDSShimxpx
Service C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.) [SYSTEM] AvgLdx86
Service C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Resident Shield Minifilter Driver/AVG Technologies CZ, s.r.o.) [SYSTEM] AvgMfx86
Service C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Anti-Rootkit Driver/AVG Technologies CZ, s.r.o.) [BOOT] AvgRkx86
Service C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) [SYSTEM] AvgTdiX
Service C:\DOCUME~1\computer\LOCALS~1\Temp\catchme.sys [MANUAL] catchme
Service C:\WINDOWS\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) [MANUAL] FETNDIS
Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Acresso Software Inc.) [MANUAL] FLEXnet Licensing Service
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\drivers\Lvckap.sys [MANUAL] Lvckap
Service C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [MANUAL] LVPr2Mon
Service C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech LVPrcSrv Module./Logitech Inc.) [AUTO] LVPrcSrv
Service C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMProtector
Service C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [AUTO] MBAMService
Service C:\WINDOWS\system32\DRIVERS\LV561AV.SYS (Logitech Video Driver/Logitech Inc.) [MANUAL] PID_0928
Service PQNTDrv
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASDIFSV
Service C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASENUM.SYS/ SUPERAdBlocker.com and SUPERAntiSpyware.com) [MANUAL] SASENUM
Service C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASKUTIL
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] Secdrv
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\system32\DRIVERS\vtmini.sys (VIA/S3G Miniport Driver/Copyright (C) VIA/S3 Graphics, Inc.) [MANUAL] viagfx
Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde

---- EOF - GMER 1.0.15 ----


GmerLog3

GMER 1.0.15.15281 - http://www.gmer.net
Autostart scan 2010-02-07 12:57:06
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter@DLLName = avgrsstx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
avg9emc@ = "C:\Program Files\AVG\AVG9\avgemc.exe"
avg9wd@ = "C:\Program Files\AVG\AVG9\avgwdsvc.exe"
avgfws9@ = "C:\Program Files\AVG\AVG9\avgfws9.exe"
AVGIDSAgent@ = "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LVPrcSrv@ = "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
MBAMService@ = "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run@AVG9_TRAY = C:\PROGRA~1\AVG\AVG9\avgtray.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\msonsext.dll = C:\Program Files\Common Files\Microsoft Shared\Web Folders\msonsext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG Shell Extension*/C:\Program Files\AVG\AVG9\avgse.dll = C:\Program Files\AVG\AVG9\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG Find Extension*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG9 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG9\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG9 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG9\avgse.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}C:\Program Files\AVG\AVG9\avgssie.dll = C:\Program Files\AVG\AVG9\avgssie.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKCU\Control Panel\[email protected] = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.microsoft.com/isapi...mp;pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi...mp;pver={SUB_PVER}&ar=home
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi...d=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi...d=ie&pver=6&ar=msnhome
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
linkscanner@CLSID = C:\Program Files\AVG\AVG9\avgpp.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.15 ----


kristi1, predlažeš mi dakle da ponovo formatiram c particiju i kad podignem sistem ništa ne diram ni instaliram,
nego da antivirusom detaljno prečešljam sve particije. pretpostavio sam i sam dase jedino natakav način prenosi jer d particiju nikada ne diram, a virusi ne idu isključivo na c jel tako?
Uh i veoma s me ohrabrio sa onim "da mi je sve uništeno"... Možda ne bi bilo loše da formatiram sve hdd-ove na kompu?

Vidi, kako hoces, mozes da formatiras sve a mozes i onako kako sam ti napisao, znaci jedino antivirus moze da ukloni tu infekciju, nista drugo. Znaci kad podignes sistem prvo instaliras av, skines na desktop, ne diras druge particije i skeniras sistem. Uspesno ce ga ukloniti sigurno.
To sto je neko uspeo da ocisti ne znaci da i ti mozes u ovom trenutku, sve zavisi koliko je ostecen windows.

Da...nisam pazljivo pogledao link...
ljudski je gresiti
ti imas file infektor...itd...Kristi je napisao sve sto treba,to i objasnjava zasto ti se problem stalno vraca.

Dobro ljudi, hvala stvano, svima puno na pomoći. Ne vjerujem da ću stići ovih dana, danas, sutra, prekostutra, jer imam nekih obaveza, ali čim sve odradim svakako ću javiti!!

Da, ljudi. Svaka čast. Problem je čini se riješen. Mašina radi ko švicarski satić. I već treći dan se ništa sumnjivo ne dešava što mi daje nadu, jer se prije vraćalo ekspresnom brzinom. A uradio sam obe varijante. Prvo formatirao sve particije na HDD-ovima, a onda ponovo podigao sistem. nako toga sam na desktop instalirao Kasperski, iako možda nije bilo potrebe, te skenirao sve, kompletno. Pa, onako kako ste i govorili.
I sad je OK. Ubio sam više muha. Obnovio sistem, Riješio se raznoraznog nagomilanog smeća na dsikovima za koje sam bio nepotrebno vezan, i ono najbitnije riješio se problema.

Vjerujem da za vas nema veće satisfakcije kada se javi ovako zadovoljan forumaš... Hvala!