MyCity » Ambulanta -> Arhiva Ambulante » verovatno virus

verovatno virus

Napisano na dan: 8.6.2008

verovatno virus

Sledeća strana

Pagination

Odgovori

vasa.93 Poslao: 08 Jun 2008 15:37 Idi na vrh
offline vasa.93 Moderator foruma Milan Pridružio: 17 Dec 2007 Poruke: 14822 Gde živiš: Niš	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Avira mi prijavljuje neki, valjda, virus, ali ne moze da ga izbrise... Molim pomoc. Evo loga Logfile of HijackThis v1.99.1 Scan saved at 15:35:19, on 8.6.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\WINDOWS\explorer.exe C:\Program Files\AlienGUIse\wbload.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avscan.exe C:\Documents and Settings\Vasa\Desktop\New Folder\TR3.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'avsda.dll' missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: ,wbsys.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: hgGwVNdD - C:\WINDOWS\SYSTEM32\hgGwVNdD.dll O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Profil

dr_Bora Poslao: 08 Jun 2008 15:53 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

vasa.93 Poslao: 08 Jun 2008 16:03 Idi na vrh
offline vasa.93 Moderator foruma Milan Pridružio: 17 Dec 2007 Poruke: 14822 Gde živiš: Niš	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-06-07.3 - Vasa 2008-06-08 15:56:22.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1491 [GMT 2:00] Running from: C:\Documents and Settings\Vasa\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\hgGwVNdD.dll . ((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 ))))))))))))))))))))))))))))))) . 2008-06-08 15:27 . 2008-06-08 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-08 12:36 . 2008-06-08 12:36 <DIR> d-------- C:\Program Files\Hamachi 2008-06-08 12:36 . 2008-06-08 15:31 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\Hamachi 2008-06-08 12:36 . 2008-06-08 12:36 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-06-01 15:35 . 2008-06-01 15:35 <DIR> d-------- C:\Program Files\RegDoctor 2008-06-01 15:35 . 2005-02-12 16:43 245,760 --a------ C:\WINDOWS\system32\vbalColumnTreeView6.ocx 2008-06-01 15:35 . 1999-08-02 17:11 57,344 --a------ C:\WINDOWS\system32\CGZipLibrary.DLL 2008-06-01 15:35 . 2003-01-26 14:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll 2008-06-01 15:35 . 1999-03-12 02:20 18,728 --a------ C:\WINDOWS\system32\ISHF_Ex.tlb 2008-06-01 15:35 . 1998-03-18 17:45 8,096 --a------ C:\WINDOWS\system32\OLEGUIDS.TLB 2008-06-01 15:31 . 2008-06-01 15:31 <DIR> d-------- C:\Program Files\Common Files\DiskTrix 2008-05-28 20:55 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2008-05-28 20:55 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys 2008-05-23 16:57 . 2008-06-01 15:18 <DIR> d-------- C:\Program Files\Chicken Invaders 2008-05-21 19:16 . 2008-05-21 19:16 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\TuneUp Software 2008-05-20 22:19 . 2008-05-20 22:19 32 --a------ C:\WINDOWS\system32\thxcfg.ini 2008-05-20 20:53 . 2008-05-20 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acronis 2008-05-20 16:40 . 2008-05-20 21:49 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2008-05-20 16:39 . 2008-05-20 16:39 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-05-16 09:56 . 2008-04-14 05:42 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-16 09:51 . 2008-05-16 09:51 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-05-16 09:49 . 2008-05-16 09:52 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-16 09:48 . 2008-04-14 05:42 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe 2008-05-16 09:45 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003189_.tmp 2008-05-16 00:21 . 2008-05-16 00:21 <DIR> d-------- C:\Program Files\Orbitdownloader 2008-05-16 00:21 . 2008-06-01 10:00 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\Orbit 2008-05-15 23:50 . 2008-05-15 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-15 12:48 . 2008-05-15 12:48 <DIR> d-------- C:\Program Files\SweetIM 2008-05-15 12:48 . 2008-05-15 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM 2008-05-12 21:43 . 2008-06-08 14:00 <DIR> d-------- C:\Program Files\Weather Watcher 2008-05-12 21:43 . 2008-06-08 12:51 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\WeatherWatcher 2008-05-12 21:43 . 2004-05-27 02:32 102,400 --a------ C:\WINDOWS\system32\unzip32.dll 2008-05-09 22:11 . 2008-05-09 22:11 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\Avira . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-20 21:09 --------- d-----w C:\Program Files\RegScrubXP 2008-05-15 21:47 --------- d-----w C:\Program Files\Windows Live 2008-05-14 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-09 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-05-06 11:50 --------- d-----w C:\Documents and Settings\Vasa\Application Data\DeskSoft 2008-05-05 21:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-05 21:19 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-05 19:36 --------- d-----w C:\Program Files\Avira 2008-04-22 20:16 --------- d-----w C:\Documents and Settings\Vasa\Application Data\fltk.org 2008-04-22 19:51 --------- d-----w C:\Program Files\Winamp 2008-04-22 19:51 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Winamp 2008-04-18 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-04-18 10:01 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-04-18 10:01 --------- d-----w C:\Documents and Settings\Vasa\Application Data\skypePM 2008-04-17 20:36 --------- d-----w C:\Documents and Settings\Vasa\Application Data\DeskDrive 2008-04-14 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2008-04-14 03:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 03:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 03:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 03:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 03:42 69,120 ----a-w C:\WINDOWS\notepad.exe 2008-04-14 03:42 50,688 ----a-w C:\WINDOWS\twain_32.dll 2008-04-14 03:42 32,866 ------w C:\WINDOWS\slrundll.exe 2008-04-14 03:42 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll 2008-04-14 03:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 03:42 146,432 ----a-w C:\WINDOWS\regedit.exe 2008-04-14 03:42 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll 2008-04-14 03:42 10,752 ----a-w C:\WINDOWS\hh.exe 2008-04-14 03:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe 2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 22:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 22:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 22:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 22:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 22:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 22:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 22:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 22:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 22:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 22:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-13 22:16 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys 2008-04-13 22:16 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys 2008-04-13 22:16 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys 2008-04-13 22:16 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-13 22:16 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-13 22:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys 2008-04-13 22:16 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys 2008-04-13 22:16 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys 2008-04-13 22:16 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys 2008-04-13 22:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-13 22:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-13 22:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-04-13 22:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-13 22:13 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys 2008-04-13 22:13 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys 2008-04-13 22:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-13 22:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys 2008-04-13 22:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] 2007-12-17 12:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 01:43 8466432] "nwiz"="nwiz.exe" [2007-06-29 01:43 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 01:43 81920] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-05-08 22:50 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= ,wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Vasa^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] --a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] --a------ 2007-12-17 12:12 243240 C:\Program Files\Windows Live\Family Safety\fssui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor] --a------ 2008-05-23 22:56 178688 C:\Program Files\RegDoctor\RegDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2008-03-27 19:31 111928 C:\Program Files\SweetIM\Messenger\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\SIERRA\\Half-Life\\hl.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\Program Files\\Warcraft III\\Warcraft III.exe"= "C:\\Program Files\\Warcraft III\\War3.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "D:\\Igre\\NFS Underground 2\\speed2.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"= R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-08 22:50] R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-05-08 22:50] R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-05-08 22:50] R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53] R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 12:13] R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-02-01 10:01] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34] S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] . Contents of the 'Scheduled Tasks' folder "2008-06-08 14:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-03-17 21:56:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-08 13:58:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-08 16:00:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AlienGUIse\wbload.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-06-08 16:02:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-08 14:02:21 Pre-Run: 6,893,895,680 bytes free Post-Run: 6,908,342,272 bytes free 271 --- E O F --- 2008-05-16 08:30:10

Profil

dr_Bora Poslao: 08 Jun 2008 16:24 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! I, kakvo je sada stanje? Detektuje li Avira nešto?

Profil

vasa.93 Poslao: 08 Jun 2008 16:36 Idi na vrh
offline vasa.93 Moderator foruma Milan Pridružio: 17 Dec 2007 Poruke: 14822 Gde živiš: Niš	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vise ne detektuje nista. Imam samo jedno pitanje. Da li mi je potreban removal tool kako bih uklonio Aviru?

Profil

dr_Bora Poslao: 08 Jun 2008 16:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

vasa.93 Poslao: 08 Jun 2008 16:59 Idi na vrh
offline vasa.93 Moderator foruma Milan Pridružio: 17 Dec 2007 Poruke: 14822 Gde živiš: Niš	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok! Hvala puno!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » verovatno virus

Ko je trenutno na forumu

Ukupno su 1111 korisnika na forumu :: 31 registrovanih, 7 sakrivenih i 1073 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Bane san, Bobrock1, bozo13, cuculo, dragan_mig31, draganca, Džordžino, elenemste, FileFinder, grenadir, Kazablankasrb, kolle.the.kid, Kubovac, Lieutenant, Millennium, MiroslavD, mkukoleca, Parker, raptorsi, Srle993, stagezin, styg, Tila Painen, tmanda323, Tvrtko I, vandrej, Vlada78, vladaa012, voja64, vukdra, Živković

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by