verovatno virus

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Avira mi prijavljuje neki, valjda, virus, ali ne moze da ga izbrise...

Molim pomoc. Evo loga

Logfile of HijackThis v1.99.1
Scan saved at 15:35:19, on 8.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avscan.exe
C:\Documents and Settings\Vasa\Desktop\New Folder\TR3.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: hgGwVNdD - C:\WINDOWS\SYSTEM32\hgGwVNdD.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...



Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-06-07.3 - Vasa 2008-06-08 15:56:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1491 [GMT 2:00]
Running from: C:\Documents and Settings\Vasa\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\hgGwVNdD.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-08 15:27 . 2008-06-08 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-08 12:36 . 2008-06-08 12:36 <DIR> d-------- C:\Program Files\Hamachi
2008-06-08 12:36 . 2008-06-08 15:31 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\Hamachi
2008-06-08 12:36 . 2008-06-08 12:36 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-01 15:35 . 2008-06-01 15:35 <DIR> d-------- C:\Program Files\RegDoctor
2008-06-01 15:35 . 2005-02-12 16:43 245,760 --a------ C:\WINDOWS\system32\vbalColumnTreeView6.ocx
2008-06-01 15:35 . 1999-08-02 17:11 57,344 --a------ C:\WINDOWS\system32\CGZipLibrary.DLL
2008-06-01 15:35 . 2003-01-26 14:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-06-01 15:35 . 1999-03-12 02:20 18,728 --a------ C:\WINDOWS\system32\ISHF_Ex.tlb
2008-06-01 15:35 . 1998-03-18 17:45 8,096 --a------ C:\WINDOWS\system32\OLEGUIDS.TLB
2008-06-01 15:31 . 2008-06-01 15:31 <DIR> d-------- C:\Program Files\Common Files\DiskTrix
2008-05-28 20:55 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-05-28 20:55 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-05-23 16:57 . 2008-06-01 15:18 <DIR> d-------- C:\Program Files\Chicken Invaders
2008-05-21 19:16 . 2008-05-21 19:16 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\TuneUp Software
2008-05-20 22:19 . 2008-05-20 22:19 32 --a------ C:\WINDOWS\system32\thxcfg.ini
2008-05-20 20:53 . 2008-05-20 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2008-05-20 16:40 . 2008-05-20 21:49 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-05-20 16:39 . 2008-05-20 16:39 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-16 09:56 . 2008-04-14 05:42 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-16 09:51 . 2008-05-16 09:51 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-16 09:49 . 2008-05-16 09:52 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-16 09:48 . 2008-04-14 05:42 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-05-16 09:45 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003189_.tmp
2008-05-16 00:21 . 2008-05-16 00:21 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-05-16 00:21 . 2008-06-01 10:00 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\Orbit
2008-05-15 23:50 . 2008-05-15 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-15 12:48 . 2008-05-15 12:48 <DIR> d-------- C:\Program Files\SweetIM
2008-05-15 12:48 . 2008-05-15 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-05-12 21:43 . 2008-06-08 14:00 <DIR> d-------- C:\Program Files\Weather Watcher
2008-05-12 21:43 . 2008-06-08 12:51 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\WeatherWatcher
2008-05-12 21:43 . 2004-05-27 02:32 102,400 --a------ C:\WINDOWS\system32\unzip32.dll
2008-05-09 22:11 . 2008-05-09 22:11 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 21:09 --------- d-----w C:\Program Files\RegScrubXP
2008-05-15 21:47 --------- d-----w C:\Program Files\Windows Live
2008-05-14 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-06 11:50 --------- d-----w C:\Documents and Settings\Vasa\Application Data\DeskSoft
2008-05-05 21:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 21:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-05 19:36 --------- d-----w C:\Program Files\Avira
2008-04-22 20:16 --------- d-----w C:\Documents and Settings\Vasa\Application Data\fltk.org
2008-04-22 19:51 --------- d-----w C:\Program Files\Winamp
2008-04-22 19:51 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Winamp
2008-04-18 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-18 10:01 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-18 10:01 --------- d-----w C:\Documents and Settings\Vasa\Application Data\skypePM
2008-04-17 20:36 --------- d-----w C:\Documents and Settings\Vasa\Application Data\DeskDrive
2008-04-14 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-04-14 03:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 03:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 03:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 03:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 03:42 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 03:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 03:42 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 03:42 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 03:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 03:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 03:42 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 03:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 03:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 22:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 22:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 22:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 22:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 22:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 22:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 22:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 22:16 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 22:16 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 22:16 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 22:16 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 22:16 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 22:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 22:16 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 22:16 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 22:16 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 22:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 22:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 22:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 22:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 22:13 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 22:13 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 22:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 22:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
2008-04-13 22:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 12:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 01:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 01:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 01:43 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-05-08 22:50 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Vasa^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2007-12-17 12:12 243240 C:\Program Files\Windows Live\Family Safety\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor]
--a------ 2008-05-23 22:56 178688 C:\Program Files\RegDoctor\RegDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-03-27 19:31 111928 C:\Program Files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherWatcher]
C:\Program Files\Weather Watcher\ww.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\SIERRA\\Half-Life\\hl.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Igre\\NFS Underground 2\\speed2.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=

R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-08 22:50]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-05-08 22:50]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-05-08 22:50]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 12:13]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-02-01 10:01]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 14:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-03-17 21:56:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-08 13:58:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 16:00:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-08 16:02:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-08 14:02:21

Pre-Run: 6,893,895,680 bytes free
Post-Run: 6,908,342,272 bytes free

271 --- E O F --- 2008-05-16 08:30:10

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I, kakvo je sada stanje? Detektuje li Avira nešto?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Vise ne detektuje nista. Imam samo jedno pitanje. Da li mi je potreban removal tool kako bih uklonio Aviru?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok! Hvala puno!