Tema za korisnike koji imaju zaražen računar

[Borac za prava zivotinja]

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NFAgent - Unknown owner - C:\Program Files\system\smss.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[111111]

A dok ne postaviš taj log, možeš u međuvremenu probati jednu express varijantu:

1. Isključi System restore (desni klik na My Comp > Properties > kartica System Restore > i čekiraš Turn of system restore...​

2. Skini ovo programče (ako možeš) Remove MS Antispyware 2009 i sa njim pročešljaj komp, pa onda postavi log od HijackThis-a, da vidimo da nije nešto zaostalo. Ovako će biti bar malo brže. ​

Borka ovaj program ti je odlichan za chiscenje.

 

[Borac za prava zivotinja]

Jeste, skinuo je ono čudo.
Međutim, i dalje mi ne otvara Internet explorer i nešto brljavi.

 

[111111]

Jeste, skinuo je ono čudo.
Međutim, i dalje mi ne otvara Internet exlorer i nešto brljavi.

Ja ne znam zashto koristite internet explorer, kad ima opera i firefox.

Deinstaliraj norton ili Aviru, ne valja 2 av-a da imash na kompu.

 

[Baba???]

Međutim, i dalje mi ne otvara Internet explorer i nešto brljavi.

Znaš, svi baš voleDu kad se ovako slikovito objasne komplikacije,
jerBo to daje mogućnost da se koristi oprobana metoda, gledanja u suljpa !!

A eternal ti lepo reče, skini jedan AVP, a moja preporuka je da to bude Avira,
jer ako kreneš na Norton bRez posebnog removal tools-a, biT Če problema...

Sem ako to nisu sredili !!?

A izgleda nisu !!
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
.
.

 

[111111]

Chuvajte se Vundo H trojanca....danas sam ga zakachio, ali je Mallwarebytes ochistio to za nekih 5 minuta.

 

[lanmi1983]

Posto nisam expert za ove stvari oko virusa,imam jedan problem,pa molim nekog za pomoc:
Koristim AVG antivirus i prilikom zavrsetka skeniranja pojavilo mi se sledece:
1) u prozoru Shield detection- Infection:runtime packed fsg, Object: C:\system volume information\_restore{068DC646-5C23-458A-BB46-578ADFC77AC1}\RP81\10007007.dll, Result:add to pup exceptions, Proces: C:\windows\system32\svchost.exe
2) u prozoru Web shield findings- Infection:Exploit web attacker, Process: C:\program files\internet explorer\iexplorer.exe.

Prilikom skeniranja kompa malwarebytes ant-malware-om,ne prijavljuje nista, ali s vremena na vreme AVG mi izbaci da je detektovano ovo iznad.

Interesuje me sta je u pitanju i sta da uradim?

 

[Baba???]

Interesuje me sta je u pitanju i sta da uradim?

Ništa više od onoga što ti je veČ rečeno na MyCity!!

Eventualno da napraviš novu tačku povratka (System Restore) i da isprazniš temp folder.

 

[/una/]

Koristim Sophos antivirus program. Juce je identifikovao sledece probleme(viruse)
Viruse/spyware Mal/Emogen I
Viruse/spyware Mal/Emogen G
Viruse/spyware Mal/Packer

Viruse/spyware Mal/Droper

Isla sam na sophosov sajt i preporucena akcije je delete sto sam i ucinila. Ali, ne lezi vraze, sedim za kompjuterom a iznad sophosove ikonice izviru isti virusi iznova i iznova i iznova........ U pitanju je Windows xp. Molim za koristan savet. Unapred hvala

 

[GostM]

@/una/

Pokupila si tzv. XPAntivirus !

Skini program Malwarebytes' Anti-Malware, instaliraj, ažuriraj mu bazu i skeniraj komp. On bi trebao da te reši te napasti. Ukoliko pak ne možeš da ga instaliraš (iz nekog razloga), na sledećem linku http://forum.krstarica.com/threads/167305 ćeš naći (pored još nekih sličnih programa) i uputstvo kako postaviti HijackThis log (pomoću istoimenog programa) ovde na forumu, iz koga će se tačno videti šta je sve zaraženo na kompu. Isprati proceduru i postavi log čak i ako uspeš da iskeniraš komp sa Malwarebytes'om.

 

[REVELIN]

Mozes li meni pomoci nekako...imala sam problema sa Trojan hors generic 12 BMRK i 10 ALAL.Back door...ocisceni su avastom...ili mozda i nisu,jer mi od tada obara sistem ,danas evo vec 5-6 puta.Ima li to veze sa tim virusima?...i kako da proverim da li su jos prisutni,jer avast cuti.

 

[GostM]

Postavi i ti HijackThis log ovde, na osnovu uputstva iz prethodnog posta.

 

[/una/]

Skinuh Malwarebytes, skenirah i napisa mi da neki fajlovi ne mogu biti uklonjeni i da bi proces bio gotov treba restartovati racunar. To i ucinih i nakon toga sistem vise nije mogao da se, da prostite, digne. Dosao majstor, propisno se namucio i ode on, kad opet ne lezi vraze, sophos izbacuje razne viroze i bakterije nove, ne one od juce. Opet pokrenuh gorepomenuti Malwarebytes i on opet nakon visecasovnog skeniranja kaze isto sto i juce. Razumete moj strah od restartovanja mog voljenog racunara koji mi u srcu zauzima mesto koje je kod nekih rezervisano za vernog covekovog prijatelja, kucnog ljubimca(citaj psa). Instalirah HijackThis i nadenoh mu majcino ime, skenirah i prilazem log fajl.
Logfile of HijackThis v1.99.1
Scan saved at 9:33:01 PM, on 3/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\vecna\vecna.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

Molim za pomoc unapred sam zahvalna. Sifra GRRRRRRRRRRRRRRRR

 

[Boki]

Kako ja to provjerih...mislim uz pomoc pojedinih Software-a samo ovo ti je oznaceno kao nepoznat proces : D:\vecna\vecna.exe
ali uz to nije oznacen kao OPASAN.

 

[/una/]

U nedostatku kreacije druge vrste, prilazem i log fajl MalwarebytesA

Malwarebytes' Anti-Malware 1.34
Database version: 1845
Windows 5.1.2600 Service Pack 2

3/13/2009 9:30:59 PM
mbam-log-2009-03-13 (21-30-59).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 92558
Time elapsed: 2 hour(s), 43 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\vcmgcd32.dll (Virus.Sality) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\vcmgcd32.dll (Virus.Sality) -> Delete on reboot.
C:\System Volume Information\_restore{061F9441-A6C0-4BCE-BE0A-AB9EBBDAE4CB}\RP14\A0000526.dll (Virus.Sality) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{061F9441-A6C0-4BCE-BE0A-AB9EBBDAE4CB}\RP14\A0000541.dll (Virus.Sality) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{061F9441-A6C0-4BCE-BE0A-AB9EBBDAE4CB}\RP14\A0000542.dll (Virus.Sality) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{061F9441-A6C0-4BCE-BE0A-AB9EBBDAE4CB}\RP14\A0000553.dll (Virus.Sality) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{061F9441-A6C0-4BCE-BE0A-AB9EBBDAE4CB}\RP14\A0000554.dll (Virus.Sality) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcmgcd32.dl_ (Virus.Sality) -> Quarantined and deleted successfully.

 

[Boki]

Ovo je to sto je ostalo
: C:\WINDOWS\system32\vcmgcd32.dll (Virus.Sality) -> Delete on reboot.

Ajde na ovaj LINK,pusti da ti se Scann-ira racunar...prepisi izvjestaj ovde.

 

[/una/]

Kako ja to provjerih...mislim uz pomoc pojedinih Software-a samo ovo ti je oznaceno kao nepoznat proces : D:\vecna\vecna.exe
ali uz to nije oznacen kao OPASAN.

Jes ta vecna nezgodna

 

[/una/]

Ovo je to sto je ostalo
: C:\WINDOWS\system32\vcmgcd32.dll (Virus.Sality) -> Delete on reboot.

Ajde na ovaj LINK,pusti da ti se Scann-ira racunar...prepisi izvjestaj ovde.

Isla sam na ovaj link ali se prvo muvale plave linije pa ondak se pojavio crveni krug sa krsticem, ali ic ne razumem jer je na nemackom, ali pretpostavljam da tu nesto ne stima.

 

[GostM]

D:\vecna\vecna.exe

Ma to je HijackThis, samo preimenovan.

Ovako, log je čist ko što reče @Boris 1.
Uradi sledeće: isključi System Restore (desni klik na My Comp > Properties > kartica System Restore > i čekiraš Turn of system restore...
Restartuj kompjuter u Safe Modu i iskeniraj ga AV programom. Nakon toga podigni sistem u Normal Mode, uključi System Restore i uradi još jedan scan. Možeš i Malwarebyte's-om, pa javi ima li kakvih promena. Malwarebyt's ne bi trebao da ti sruši sistem nakon brisanja nekih fajlova! To prvi put čujem.

 

[Boki]

Nisam to skontao.
Posto pored njega nije nista pisalo.

 

[/una/]

Mnogo vam hvala decaci. Divni ste Cak je i WinFast proradio.

 

[GostM]

Nema na čemu.
Pozzz

 

[Boki]

Mnogo vam hvala decaci. Divni ste Cak je i WinFast proradio.

Nema na cemu

 

[/una/]

Znam da vec postajem dosadna, ali sta cu kad su i virusi dosadni. Naime, sedim veceras za kompjuterom kucam u wordu i odjednom mi Avg javlja New treath found(valjda je tako pisalo) na C system32 Sality, tako nesto. Isla sam na opciju heal, izleciti, valjda. Skenirala opet i nije bilo nista. Skenirala sa Malwarebytes i nema nista, ali za svaki slucaj mecem ovde log iz Hijack This da ga vi sto se razumete u te stvari proverite. Unapred hvala.

Logfile of HijackThis v1.99.1
Scan saved at 9:31:56 PM, on 3/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\vecna\vecna.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

 

[GostM]

Ovako, log je čist, nema malicioznih stavki, osim par nepotrebnih. Možeš ih čekirati za popravku:

• O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

• O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

• O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)