Malware na kompu-Pomoc

1

Malware na kompu-Pomoc

offline
  • Aco62 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2009
  • Poruke: 13

Detektovan mi je malware.Komp je usporen kao i net.Molim za pomoc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:08, on 6.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Documents and Settings\ACO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\PhotoJoy\bin\PjApp.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Documents and Settings\ACO\Desktop\Pomoc\TR3.exe.exe

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoJoy] C:\Program Files\PhotoJoy\bin\PhotoJoy.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ACO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - incredimail.oberon-media.com/online/online2/luxor/mjolauncher.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 6987 bytes

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Citat:3. Ukoliko je vas slucaj takav da je vas antivirus prepoznao neku infekciju, ali ne uspeva da je skloni, obavezno zapisite puno ime infekcije, kao i punu putanju do fajla u kome je infekcija nadjena. Molimo vas da imena infekcija zapisujete tacno, svaki znak i slovo su bitni.

offline
  • Aco62 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2009
  • Poruke: 13

Skenirao sam komp sa avirom i evo izvestaja.Primetio sam da je nesto premesteno u karantin,medjutim prilikom paljenja kompa avira mi ponovo izbacuje da su detektovani virusi koji su smesteni u karantin.




Avira AntiVir Personal
Report file date: 6. april 2009 14:02

Scanning for 1341899 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ACOMP

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16.3.2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 27.11.2008 17:14:29
AVSCAN.DLL : 8.1.4.0 40705 Bytes 18.7.2008 16:39:06
LUKE.DLL : 8.1.4.5 164097 Bytes 18.7.2008 16:39:06
LUKERES.DLL : 8.1.4.0 12033 Bytes 18.7.2008 16:39:06
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 22:40:39
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.2.2009 18:09:25
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 1.4.2009 20:17:29
ANTIVIR3.VDF : 7.1.3.19 93696 Bytes 6.4.2009 11:36:14
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 1.2.2009 17:33:00
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 3.4.2009 20:08:47
AESCN.DLL : 8.1.1.10 127348 Bytes 3.4.2009 20:08:46
AERDL.DLL : 8.1.1.3 438645 Bytes 6.11.2008 20:25:27
AEPACK.DLL : 8.1.3.12 397687 Bytes 3.4.2009 20:08:46
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27.2.2009 20:04:11
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 3.4.2009 20:08:45
AEHELP.DLL : 8.1.2.2 119158 Bytes 27.2.2009 20:04:07
AEGEN.DLL : 8.1.1.33 340340 Bytes 3.4.2009 20:08:44
AEEMU.DLL : 8.1.0.9 393588 Bytes 17.10.2008 18:05:08
AECORE.DLL : 8.1.6.7 176502 Bytes 3.4.2009 20:08:43
AEBB.DLL : 8.1.0.3 53618 Bytes 17.10.2008 18:05:04
AVWINLL.DLL : 1.0.0.12 15105 Bytes 18.7.2008 16:39:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 18.7.2008 16:39:06
AVREP.DLL : 8.0.0.2 98344 Bytes 2.8.2008 18:15:20
AVREG.DLL : 8.0.0.1 33537 Bytes 18.7.2008 16:39:06
AVARKT.DLL : 1.0.0.23 307457 Bytes 15.4.2008 10:52:32
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18.7.2008 16:39:06
SQLITE3.DLL : 3.3.17.1 339968 Bytes 15.4.2008 10:52:32
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18.7.2008 16:39:06
NETNT.DLL : 8.0.0.1 7937 Bytes 15.4.2008 10:52:32
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18.7.2008 16:39:05
RCTEXT.DLL : 8.0.52.0 86273 Bytes 18.7.2008 16:39:05

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 6. april 2009 14:02

The scan of running processes will be started
Scan process 'avwsc.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ImApp.exe' - '1' Module(s) have been scanned
Scan process 'PjApp.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'x-lite.exe' - '1' Module(s) have been scanned
Scan process 'OrbTray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '48' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\dirt-bike-championship[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a4bf2e2.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\dirt-bike-championship[2].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a4bf2e6.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\flashtrackz[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a3af331.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\flashtrackz[2].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a3af338.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\flashtrackz[3].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a3af33b.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\run-jerry-run[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a47f3e1.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\run-jerry-run[2].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a47f3e5.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\scooby-doo-creepy-castle[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a48f3dc.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\scooby-doo-creepy-castle[2].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a48f3de.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\scooby-doo-creepy-castle[3].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a48f3e0.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\scooby-doo-neptunes-nest[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a48f3e4.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\shooting[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a48f3ff.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\spider-man-city-raid[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a42f426.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\spider-man-city-raid[2].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a42f428.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\swflash[1].cab
[0] Archive type: CAB (Microsoft)
--> FP_AX_CAB_INSTALLER.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\tails-nightmare[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a42f42e.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\0ZER2P6L\tom-and-jerry-refriger-raiders[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a46f446.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\2SXHZBZ3\n_b72890[1].VIR
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4a3bf55c.qua'!
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\BH0GK3FZ\smsx[1].cab
[0] Archive type: CAB (Microsoft)
--> ScriptX.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\BH0GK3FZ\smsx[2].cab
[0] Archive type: CAB (Microsoft)
--> ScriptX.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\CPMBW9AV\sw[1].cab
[0] Archive type: CAB (Microsoft)
--> installer.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\DI3A3MTW\jinstall-1_5-windows-i586[2].cab
[0] Archive type: CAB (Microsoft)
--> jinstall.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\ACO\Local Settings\Temporary Internet Files\Content.IE5\VYD0TJBN\FacebookPhotoUploader5[5].cab
[0] Archive type: CAB (Microsoft)
--> PhotoUploader5.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\ACO\My Documents\moon-player.v.3.200.exe
[0] Archive type: NSIS
--> ProgramFilesDir/jah32008.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a490fbb.qua'!
C:\Documents and Settings\ACO\My Documents\Downloads\SmileyCentralSetup2.3.50.26.ZSman000 (1).exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> mwsSetup.CommonCodebase.exe
[DETECTION] Contains recognition pattern of the DR/MyWebSearch.AU dropper
[NOTE] The file was moved to '4a430fbc.qua'!
C:\Documents and Settings\ACO\My Documents\Downloads\SmileyCentralSetup2.3.50.26.ZSman000 (2).exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> mwsSetup.CommonCodebase.exe
[DETECTION] Contains recognition pattern of the DR/MyWebSearch.AU dropper
[NOTE] The file was moved to '4b58b9ad.qua'!
C:\Documents and Settings\ACO\My Documents\Downloads\SmileyCentralSetup2.3.50.26.ZSman000.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> mwsSetup.CommonCodebase.exe
[DETECTION] Contains recognition pattern of the DR/MyWebSearch.AU dropper
[NOTE] The file was moved to '4a430fbd.qua'!
C:\Documents and Settings\Administrator\Local Settings\Temp\NeroDemo11237\Cab\28E70B86.cab
[0] Archive type: CAB (Microsoft)
--> NBCalendar50A8CC5A.ocx
[WARNING] The file could not be written!
--> NBDataBase0ADD264D.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Administrator\Local Settings\Temp\NeroDemo11237\Cab\A75C16D6.cab
[0] Archive type: CAB (Microsoft)
--> CDROM5C6B3477.dll
[WARNING] The file could not be written!
--> FATImporter1372122A.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Administrator\Local Settings\Temp\NeroDemo11237\Cab\B1EFF3E9.cab
[0] Archive type: CAB (Microsoft)
--> NMDataServicesFA9ABD74.dll
[WARNING] The file could not be written!
--> NMFirstStart4C0FBCE6.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Administrator\Local Settings\Temp\NeroDemo11237\Cab\C1447997.cab
[0] Archive type: CAB (Microsoft)
--> NMBCInterfacePSAE565723.dll
[WARNING] The file could not be written!
--> NMBCWriterDC0FE966.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Administrator\Local Settings\Temp\NeroDemo11237\Cab\D6C89E66.cab
[0] Archive type: CAB (Microsoft)
--> KARAOKE3DE180FF.DLL
[WARNING] The file could not be written!
--> nero920D0564.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Administrator\Local Settings\Temp\NeroDemo11237\Cab\DC682368.cab
[0] Archive type: CAB (Microsoft)
--> DXEnumD7927B84.exe
[WARNING] The file could not be written!
--> VSTBridge02A75A4C.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Administrator\Local Settings\Temp\NeroDemo11237\Cab\DD3AACFD.cab
[0] Archive type: CAB (Microsoft)
--> gaa87623F1A.bin
[WARNING] The file could not be written!
--> incd1252685369A4.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Administrator\Local Settings\Temp\NeroDemo11237\Cab\F006035A.cab
[0] Archive type: CAB (Microsoft)
--> NMDvdContentHandlerA37CEB83.dll
[WARNING] The file could not be written!
--> NMFileContentHandler8CAF2224.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\IncrediGames\Blood Ties\BloodTies.exe
[DETECTION] Is the TR/Agent.1531904.B Trojan
[NOTE] The file was moved to '4a491149.qua'!
C:\Program Files\IncrediGames\Treasures of Montezuma\TheTreasuresofMontezuma.exe
[DETECTION] Is the TR/Agent.1613824.D Trojan
[NOTE] The file was moved to '4a3f1182.qua'!
Begin scan in 'D:\'
D:\BACKUP\VICEVI\ZEZALICE\PUZBOBLE\LOADER.EXE
[DETECTION] Is the TR/Agent.351744.A Trojan
[NOTE] The file was moved to '4a1b1411.qua'!
D:\MUZIKA\Ray Charles - Gold\Nova fascikla\2M.Arcade.Bubbles.v1.5.WinALL.Incl.Keymaker-NiTROUS\2mbwe.exe
[DETECTION] Contains recognition pattern of the DR/NavExcel.A.6 dropper
[NOTE] The file was moved to '4a3c14b3.qua'!


End of the scan: 6. april 2009 16:42
Used time: 2:39:40 Hour(s)

The scan has been done completely.

5365 Scanning directories
604667 Files were scanned
9 viruses and/or unwanted programs were found
16 Files were classified as suspicious:
0 files were deleted
0 files were repaired
25 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
604641 Files not concerned
4607 Archives were scanned
23 Warnings
25 Notes

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi program ATF Cleaner i sačuvaj ga na Desktop.

Štikliraj Select All i nakon toga klikni na Empty Selected.
Kada se pojavi poruka Done Cleaning, zatvori program.


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).


Takođe, nakon svega, potrebno je postaviti i svež HijackThis logfile.

offline
  • Aco62 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2009
  • Poruke: 13

Skinuo sam ATF Cleaner medjutim posle selektovanja Select all program zablokira.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Isprati ostatak uputstva... Trebalo je da cekas da se vrati u normalu al nema veze...

offline
  • Aco62 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2009
  • Poruke: 13

Malwarebytes' Anti-Malware 1.35
Database version: 1945
Windows 5.1.2600 Service Pack 2

6.4.2009 19:09:36
mbam-log-2009-04-06 (19-09-36).txt

Scan type: Quick Scan
Objects scanned: 158475
Time elapsed: 39 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 5
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\ACO\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Dopuna: 06 Apr 2009 19:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:18, on 6.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Documents and Settings\ACO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PhotoJoy\bin\PjApp.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ACO\Desktop\Pomoc\TR3.exe.exe

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoJoy] C:\Program Files\PhotoJoy\bin\PhotoJoy.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ACO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - incredimail.oberon-media.com/online/online2/luxor/mjolauncher.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 6666 bytes

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Skini Ccleaner pocisti sa njim sistem pa onda pusti Aviru i javi kakvo je stanje...

http://www.ccleaner.com/

offline
  • Aco62 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2009
  • Poruke: 13

Sve odradio i ponovo skenirao komp sa avirom i za sada mi deluje da je sve ok. Samo me malo zbunjuje ovaj warning na dnu izvestaja:Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
da li je ovaj fajl neki problem? A evo poslednjeg izvestaja:



Avira AntiVir Personal
Report file date: 6. april 2009 21:09

Scanning for 1342193 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ACOMP

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16.3.2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 27.11.2008 17:14:29
AVSCAN.DLL : 8.1.4.0 40705 Bytes 18.7.2008 16:39:06
LUKE.DLL : 8.1.4.5 164097 Bytes 18.7.2008 16:39:06
LUKERES.DLL : 8.1.4.0 12033 Bytes 18.7.2008 16:39:06
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 22:40:39
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.2.2009 18:09:25
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 1.4.2009 20:17:29
ANTIVIR3.VDF : 7.1.3.21 99328 Bytes 6.4.2009 19:08:38
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 1.2.2009 17:33:00
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 3.4.2009 20:08:47
AESCN.DLL : 8.1.1.10 127348 Bytes 3.4.2009 20:08:46
AERDL.DLL : 8.1.1.3 438645 Bytes 6.11.2008 20:25:27
AEPACK.DLL : 8.1.3.12 397687 Bytes 3.4.2009 20:08:46
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27.2.2009 20:04:11
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 3.4.2009 20:08:45
AEHELP.DLL : 8.1.2.2 119158 Bytes 27.2.2009 20:04:07
AEGEN.DLL : 8.1.1.33 340340 Bytes 3.4.2009 20:08:44
AEEMU.DLL : 8.1.0.9 393588 Bytes 17.10.2008 18:05:08
AECORE.DLL : 8.1.6.7 176502 Bytes 3.4.2009 20:08:43
AEBB.DLL : 8.1.0.3 53618 Bytes 17.10.2008 18:05:04
AVWINLL.DLL : 1.0.0.12 15105 Bytes 18.7.2008 16:39:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 18.7.2008 16:39:06
AVREP.DLL : 8.0.0.2 98344 Bytes 2.8.2008 18:15:20
AVREG.DLL : 8.0.0.1 33537 Bytes 18.7.2008 16:39:06
AVARKT.DLL : 1.0.0.23 307457 Bytes 15.4.2008 10:52:32
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18.7.2008 16:39:06
SQLITE3.DLL : 3.3.17.1 339968 Bytes 15.4.2008 10:52:32
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18.7.2008 16:39:06
NETNT.DLL : 8.0.0.1 7937 Bytes 15.4.2008 10:52:32
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18.7.2008 16:39:05
RCTEXT.DLL : 8.0.52.0 86273 Bytes 18.7.2008 16:39:05

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 6. april 2009 21:09

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ImApp.exe' - '1' Module(s) have been scanned
Scan process 'PjApp.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'x-lite.exe' - '1' Module(s) have been scanned
Scan process 'OrbTray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '47' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'


End of the scan: 6. april 2009 21:38
Used time: 29:46 Minute(s)

The scan has been done completely.

4721 Scanning directories
252415 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
252414 Files not concerned
2901 Archives were scanned
1 Warnings
0 Notes

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ok.. sad je sve u redu.. Taj warning nema potrebe da te brine... taj fajl je sistemski i on je u upotrebi..zato Avira nije mogla da ga skenira....

To bi bilo to..PozZz

Ko je trenutno na forumu
 

Ukupno su 721 korisnika na forumu :: 30 registrovanih, 4 sakrivenih i 687 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ALBION101, bankulen, cikadeda, DENIRO, DH, Doctor NO, havoc995, HrcAk47, Insan, jaeger, Joja, KS, kybonacci, lukac, Mixelotti, nemkea71, ostoja, pein, Reddot, rodoljub, Snorks, sokars, sombrero, Taso, Toni, vathra, VJ, Vlada1389, VladaKG1980, Živković