Wgatray.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK Svitac mi rece da ovde postujem ovu temu pa cu samo copy past... tu je i hijackthis log..
Wgatray.exe na kompijuteru moje sestre pojavio se taj proces i pravi joj probleme,dize se sa winom i smara sa nekim glupostima kolko sam shvatio to je winov proces,da li neko moze da mi kaze nesto vishe o tom procesu i kako da ga iskljucim?
tnx
Btw sada vidim da se exe zove Wga a ne Vga ko sto je meni sestra prenela...i vidim da je ovo win proces ali u svakom slucaju treba mi pomoc da to iskljucim..
Logfile of HijackThis v1.99.1
Scan saved at 20:49:34, on 23.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MSI\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Administrator\My Documents\ME,MYSELF AND I\SVASTARA\Games\Sandra\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\system32\ATPART~1.DLL (file missing)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll (file missing)
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\COMETS~1\bin\autosearch_5.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: CSBHO Class - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRA~1\COMETS~1\Platform\Bin\csbho.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Starware - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRA~1\COMETS~1\Platform\Bin\csietb.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Grip.com - [Link mogu videti samo ulogovani korisnici]\Program Files\GRIPCZ28\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Get More Games - {120CC99A-8016-42d4-93AF-8C5FE64FE4E3} - [Link mogu videti samo ulogovani korisnici] (file missing)
O9 - Extra 'Tools' menuitem: Get More Games - {120CC99A-8016-42d4-93AF-8C5FE64FE4E3} - [Link mogu videti samo ulogovani korisnici] (file missing)
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Search razbijacs at RazbijacSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - [Link mogu videti samo ulogovani korisnici] (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Search razbijacs at RazbijacSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - [Link mogu videti samo ulogovani korisnici] (file missing) (HKCU)
O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {9DD6A49C-CF35-4544-BF13-34DF413BCF7A} ({9DD6A49C-CF35-4544-BF13-34DF413BCF7A}) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - [Link mogu videti samo ulogovani korisnici]
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sto pises vgatray kada je u pitanju wgatray?
To je deo Windowsa koji je zaduzen za proveru legalnosti tvoje kopije Windowsa.

Sto se zarazenosti racunara tice - pun je k'o pas buva.

Skini Ewido micro (150kb + 8Mb za skidanje kada se program prvi put pokrene) :
[Link mogu videti samo ulogovani korisnici]

Kako se radi sa Ewido micro:
- na prvom ekranu odaberi sve particije (štikliraj polja ispred njih)
- klikni na dugme Start Scan
- nakon završenog skeniranja klikni na Save Report i snimi log fajl na sigurno mesto
- klikni na Remove Infections
- iskopiraj nam ovde sadržaj log fajla koji je malopre snimljen

Nakon skeniranja sa Ewidom i postavljanja log fajla, postavi nam i svez log programa HijackThis.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Huh sry za ovo ali ja nisam pored tog kompijutera naime to nije moj racunar nego sestrin i ja takodje nisam znao da je WGA a ne VGA sad sam tek video,uglavnom reshio sam problem sa time i tnx za pomoc i volju da mi pomognete
anyway thing is my sister dont want to reinstal win or clean it up,,,y i know she is little crazy...and i cant help it,she dont want to tuch anything in system so if she dont care about that no one should..one more time ty for help hf

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

As she wish... ali barem pokusaj da joj objasnis da je komp strava zarazen. ima tu i dialera, i adwarea, i spywarea...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

bobby ::As she wish... ali barem pokusaj da joj objasnis da je komp strava zarazen. ima tu i dialera, i adwarea, i spywarea...
Prosto nisam verovao svojim ushima kada mi je rekla da zeli da joj ocistim system haha 4-5 god ima 1 isti win totalno pokocen ubagovan i prljav (nikad sredjivan,dodushe ima KAV ali nemoze to samo tako...mora to da se odrzava a ona to neradi,njoj je samo vazna njena muzika,filmovi,slike,par programa ostalo je ne zanima)tolko puta sam je molio da mi da da joj ocistim to i nije htela i sad oce,oticicu ovih dana do nje da joj sredim to.
Ty again for everything