Second Opinion
Folosind serviciul second opinion ne puteți trimite RMN-uri, CT -uri, angiografii, fișiere .pdf, documente medicale. Astfel vă vom putea da o opinie neurochirurgicală, fără ca aceasta să poată înlocui un consult de specialitate. Răspunsurile vor fi date prin e-mail în cel mai scurt timp posibil (de obicei în mai putin de 24 de ore, dar nu mai mult de 48 de ore). Second opinion – Neurohope este un serviciu gratuit. www.neurohope.ro |
HijackThis - Corupt
Last Updated: Jan 10 2014 16:53, Started by
Corupt
, May 25 2010 17:24
·
0
#1
Posted 25 May 2010 - 17:24
Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 18:20:27, on 25.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Robyz\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{984BF421-6BD9-49D9-B108-D33438831E9E}: NameServer = 194.105.21.230 193.231.252.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 7773 bytes Pe scurt, imi este frica sa nu fi fost infestat cu un keylogger. Edited by Corupt, 25 May 2010 - 17:25. |
#2
Posted 25 May 2010 - 17:29
1. Upgrade la AVG 9.0 sau schimba-l cu alt antivirus.
2. Descarca Malwarebytes Anti-Malware 1.46 si salveaza-l pe Desktop. Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish. Dupa lansarea programului, click pe tab-ul Update si apasa butonul Check for Updates pentru a verifica daca definitiile descarcate sunt ultimele. Database version: 4XXX Click pe tab-ul Scanner, selecteaza Perform full scan si apoi apasa pe Scan. La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected. La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici. Daca ai dat restart pentru indepartare malware din PC, log-ul il gasesti in fereastra principala in cadrul tab-ului Logs. Verifica sa fie ultimul(dupa data din numele fisierului .txt.) |
#3
Posted 25 May 2010 - 19:50
Quote Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versiunea bazei de date: 4142 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 25.05.2010 20:47:51 mbam-log-2010-05-25 (20-47-51).txt Modul de scanare: Scanare completa (C:\|D:\|) Obiecte scanate: 321721 Timp trecut: 1 ore, 23 minute, 40 secunde Procese din Memorie Infectate: 0 Module de Memorie Infectate: 0 Chei de Registru Infectate: 0 Valori de Registru Infectate: 0 Date din Registru Infectate: 0 Foldere Infectate: 0 Fisiere Infectate: 0 Procese din Memorie Infectate: (Nu au fost detectate obiecte malicioase) Module de Memorie Infectate: (Nu au fost detectate obiecte malicioase) Chei de Registru Infectate: (Nu au fost detectate obiecte malicioase) Valori de Registru Infectate: (Nu au fost detectate obiecte malicioase) Date din Registru Infectate: (Nu au fost detectate obiecte malicioase) Foldere Infectate: (Nu au fost detectate obiecte malicioase) Fisiere Infectate: (Nu au fost detectate obiecte malicioase) Sa inteleg ca ii totul bine? Desi nu inteleg de ce de multe ori se blocheaza unele programe si daca vreau sa dau restart sau sa il inchid (dupa ce se blocheaza acele programe) nu se intampla nimic. (Ramane blocat in acea imagine de la vista cu Logging off) Si inca ceva, daca puteti careva sa imi recomandati un program/antivirus bun impotriva keylogger-urilo. Edited by Corupt, 25 May 2010 - 19:52. |
#4
Posted 25 May 2010 - 20:07
In HiJackThis Bifeaza si da fix la:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) Vezi aici cum: http://forum.softped...t...t&p=5002807 Dupa care, Descarca Dr.Web CureIt!5.00.10 Scoate cablul de Internet, opreste protectia real-time(scutul) a antivirus-ului instalat pe PC si scaneaza full cu acest utilitar. Initial, la rulare, Dr.Web CureIt! incepe un Express Scan. Apasa butonul Stop in dreapta cand acesta are culoarea verde. Bifeaza apoi in stanga Complete Scan si asa in dreapta pe butonul verde Play. La terminarea scanarii dezinfecteaza/sterge toate fisierele detectate. Restart, activeaza protectia antivirus, conecteaza cablul de internet. Edited by MhG_40, 25 May 2010 - 20:24. |
#5
Posted 13 March 2012 - 21:52
Salut!
In seara aceasta am intrat pe un site (ebacalaureat) si imediat mi-a aparut o alerta de la comodo (firewall) cum ca s-a downloadat in PC un fisier numit mor.exe. Am dat sa il curete, dar inca se gaseste in users/nume/.../temp. Am scanat fisierul cu malware/avg/antispyware si ziceau ca nu are nimic. Am incercat sa-l urc pe virustotal sau sa-i dau delete si nu ma lasa, zice ca nu am drepturi de administrator ( pe propriul PC). Nu ma lasa nici sa "imi dau" drepturi asupra fisierului. Cum sa fac sa-l sterg ? Mersi. EDIT: Am dat un log off si l-a depistat AVG -> l-a sters si m-a pus sa dau restart dupa care a zis ca l-a eliminat, dar cand intru in temp e tot acolo. Edited by Corupt, 13 March 2012 - 22:02. |
#7
Posted 20 March 2012 - 22:54
Am dat si tot a ramas acolo (atunci).
Pe urma mi-am dat seama ca nu-l poate sterge deoarece este folosit in acel moment asa ca am intrat in safe mode si l-am sters. Intre-timp nu a mai aparut. De asemenea am scanat pc cu malware bytes si pe urma cu SUPERAntiSpyware. Doar antispyware a gasit ceva cookies (mediafax, cinemagia etc) sau cum le zice pe care le-a sters. |
#9
Posted 01 May 2013 - 11:57
Quote
Logfile of Trend Micro HiJackThis v2.0.4 Scan saved at 12:47:57, on 01.05.2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\NUME\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{00619A4C-B77D-40C9-9DAC-AD7B38577142}: NameServer = 194.24.235.1,8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{00619A4C-B77D-40C9-9DAC-AD7B38577142}: NameServer = 194.24.235.1,8.8.8.8 O17 - HKLM\System\CS2\Services\Tcpip\..\{00619A4C-B77D-40C9-9DAC-AD7B38577142}: NameServer = 194.24.235.1,8.8.8.8 O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Serviciul Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviciul Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: OpenVPN Access Client (OpenVPNAccessClient) - Unknown owner - C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: vToolbarUpdater15.0.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe -- End of file - 6888 bytes Scanarea si cu hijack am facut-o din cauza problemei prezentate aici: http://forum.softped.../#entry13112929 Edited by Corupt, 01 May 2013 - 11:58. |
#10
Posted 01 May 2013 - 14:44
Buna.
1. Ruleaza di nou HiJackThis. Bifeaza si da fix la: Quote
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file) O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe (file missing) O23 - Service: vToolbarUpdater15.0.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe 2. Descarca si salveaza pe Desktop, RogueKiller sau de aici. Inchide toate programele care ruleaza. Scoate tot din porturile USB(Memory Stick, Hard Extern). Dublu click pe RogueKiller.exe, pentru a rula. Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Asteapta pana Prescan-ul a terminat. Click pe "Scan". Asteapta pana ce in Status box apare "Scan Finished". Click pe "Report" si copy/paste aici. Pe imaginea de mai jos ignora pasul 3! [ http://s9.postimage.org/q04cnvji7/image.jpg - Pentru incarcare in pagina (embed) Click aici ] 3. Descarca AdwCleaner by Xplode pe Desktop. Dublu click pe AdwCleaner.exe pentru al rula. Pentru Windows Vista sau Windows7, click dreapta, selecteaza Run as administrator. Click pe Search. Asteapta sa termine de cautat. Dupa click pe Delete. Un fisier log se va deschide dupa ce va termina de scanat. Posteaza continutul lui aici. Logul se gaseste in C:\AdwCleaner[Sn].txt (n este un numar). [ http://s8.postimage.org/q3trcenth/ADW1.jpg - Pentru incarcare in pagina (embed) Click aici ] |
|
#11
Posted 01 May 2013 - 16:04
Quote
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : NUME [Admin rights] Mode : Scan -- Date : 05/01/2013 16:50:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{00619A4C-B77D-40C9-9DAC-AD7B38577142} : NameServer (194.24.235.1,8.8.8.8) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{00619A4C-B77D-40C9-9DAC-AD7B38577142} : NameServer (194.24.235.1,8.8.8.8) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9320325AS ATA Device +++++ --- User --- [MBR] 0ff703d154f94c8ef26c38d2d8ec42b8 [BSP] edd42d651a2a6f92b7a59ebc1ab7398d : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 81920 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167979008 | Size: 223223 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05012013_02d1650.txt >> RKreport[1]_S_05012013_02d1650.txt ___ Quote # Adwcleaner v2.300 - Logfile created 05/01/2013 at 16:51:58 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Ultimate (32 bits) # User : NUME # Boot Mode : Normal # Running from : C:\Users\NUME\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Folder Found : C:\Program Files\AVG Secure Search Folder Found : C:\Program Files\Common Files\AVG Secure Search Folder Found : C:\Program Files\Conduit Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\Babylon Folder Found : C:\Users\NUME\AppData\Local\AVG Secure Search Folder Found : C:\Users\NUME\AppData\Local\Babylon Folder Found : C:\Users\NUME\AppData\Local\Conduit Folder Found : C:\Users\NUME\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\NUME\AppData\LocalLow\Conduit Folder Found : C:\Users\NUME\AppData\Roaming\Babylon Folder Found : C:\Users\NUME\AppData\Roaming\Mozilla\Firefox\Profiles\rmniu5yq.default\Smartbar ***** [Registry] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Softonic Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\Software\PIP Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (ro) File : C:\Users\NUME\AppData\Roaming\Mozilla\Firefox\Profiles\rmniu5yq.default\prefs.js Found : user_pref("CT3220468.BT_Stats", "{\"last_log\":1350766978,\"uuid\":873139184534310,\"seq_id\":1,\"ss[...] Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Found : user_pref("CT3220468.FirstTime", "true"); Found : user_pref("CT3220468.FirstTimeFF3", "true"); Found : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...] Found : user_pref("CT3220468.UserID", "UN37894788427673530"); Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true"); Found : user_pref("CT3220468.autoDisableScopes", -1); Found : user_pref("CT3220468.browser.search.defaultthis.engineName", true); Found : user_pref("CT3220468.cbcountry_001", "RO"); Found : user_pref("CT3220468.cbfirsttime", "Sun Oct 21 2012 00:02:57 GMT+0300 (GTB Daylight Time)"); Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...] Found : user_pref("CT3220468.enableAlerts", "always"); Found : user_pref("CT3220468.enableSearchFromAddressBar", "true"); Found : user_pref("CT3220468.firstTimeDialogOpened", "true"); Found : user_pref("CT3220468.fixPageNotFoundError", "true"); Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true"); Found : user_pref("CT3220468.fixUrls", true); Found : user_pref("CT3220468.installId", "fftD8C2.tmp.exe"); Found : user_pref("CT3220468.installType", "XPE"); Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Found : user_pref("CT3220468.isNewTabEnabled", true); Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true"); Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Found : user_pref("CT3220468.keyword", true); Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...] Found : user_pref("CT3220468.openThankYouPage", "true"); Found : user_pref("CT3220468.openUninstallPage", "FALSE"); Found : user_pref("CT3220468.search.searchAppId", "129813684258939747"); Found : user_pref("CT3220468.search.searchCount", "0"); Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true"); Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Found : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...] Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350766975650"); Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1350767217204"); Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350766977046"); Found : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1350766977420"); Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350766976723"); Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1350766974927"); Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1350766973769"); Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350766976105"); Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1350767217177"); Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1350766975741"); Found : user_pref("CT3220468.settingsINI", true); Found : user_pref("CT3220468.shouldFirstTimeDialog", "false"); Found : user_pref("CT3220468.smartbar.CTID", "CT3220468"); Found : user_pref("CT3220468.smartbar.Uninstall", "0"); Found : user_pref("CT3220468.smartbar.homepage", true); Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 "); Found : user_pref("CT3220468.startPage", "TRUE"); Found : user_pref("CT3220468.toolbarBornServerTime", "21-10-2012"); Found : user_pref("CT3220468.toolbarCurrentServerTime", "21-10-2012"); Found : user_pref("CT3220468.toolbarDisabled", "true"); Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=1[...] Found : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search"); Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468[...] Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468"); Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.0.0.2"); Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=[...] -\\ Google Chrome v26.0.1410.64 File : C:\Users\NUME\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [9715 octets] - [01/05/2013 16:51:58] ########## EOF - C:\AdwCleaner[R1].txt - [9775 octets] ########## __ Quote # AdwCleaner v2.300 - Logfile created 05/01/2013 at 16:52:24 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Ultimate (32 bits) # User : NUME # Boot Mode : Normal # Running from : C:\Users\NUME\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Folder Deleted : C:\Program Files\AVG Secure Search Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Users\NUME\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\NUME\AppData\Local\Babylon Folder Deleted : C:\Users\NUME\AppData\Local\Conduit Folder Deleted : C:\Users\NUME\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\NUME\AppData\LocalLow\Conduit Folder Deleted : C:\Users\NUME\AppData\Roaming\Babylon Folder Deleted : C:\Users\NUME\AppData\Roaming\Mozilla\Firefox\Profiles\rmniu5yq.default\Smartbar ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\Software\PIP Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (ro) File : C:\Users\NUME\AppData\Roaming\Mozilla\Firefox\Profiles\rmniu5yq.default\prefs.js Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1350766978,\"uuid\":873139184534310,\"seq_id\":1,\"ss[...] Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Deleted : user_pref("CT3220468.FirstTime", "true"); Deleted : user_pref("CT3220468.FirstTimeFF3", "true"); Deleted : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...] Deleted : user_pref("CT3220468.UserID", "UN37894788427673530"); Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true"); Deleted : user_pref("CT3220468.autoDisableScopes", -1); Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true); Deleted : user_pref("CT3220468.cbcountry_001", "RO"); Deleted : user_pref("CT3220468.cbfirsttime", "Sun Oct 21 2012 00:02:57 GMT+0300 (GTB Daylight Time)"); Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...] Deleted : user_pref("CT3220468.enableAlerts", "always"); Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true"); Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundError", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true"); Deleted : user_pref("CT3220468.fixUrls", true); Deleted : user_pref("CT3220468.installId", "fftD8C2.tmp.exe"); Deleted : user_pref("CT3220468.installType", "XPE"); Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.isNewTabEnabled", true); Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true"); Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.keyword", true); Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...] Deleted : user_pref("CT3220468.openThankYouPage", "true"); Deleted : user_pref("CT3220468.openUninstallPage", "FALSE"); Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747"); Deleted : user_pref("CT3220468.search.searchCount", "0"); Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true"); Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...] Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350766975650"); Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1350767217204"); Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350766977046"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1350766977420"); Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350766976723"); Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1350766974927"); Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1350766973769"); Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350766976105"); Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1350767217177"); Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1350766975741"); Deleted : user_pref("CT3220468.settingsINI", true); Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false"); Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468"); Deleted : user_pref("CT3220468.smartbar.Uninstall", "0"); Deleted : user_pref("CT3220468.smartbar.homepage", true); Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 "); Deleted : user_pref("CT3220468.startPage", "TRUE"); Deleted : user_pref("CT3220468.toolbarBornServerTime", "21-10-2012"); Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "21-10-2012"); Deleted : user_pref("CT3220468.toolbarDisabled", "true"); Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=1[...] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search"); Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468[...] Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468"); Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.0.0.2"); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=[...] -\\ Google Chrome v26.0.1410.64 File : C:\Users\NUME\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [9844 octets] - [01/05/2013 16:51:58] AdwCleaner[S1].txt - [10010 octets] - [01/05/2013 16:52:24] ########## EOF - C:\AdwCleaner[S1].txt - [10071 octets] ########## |
#12
Posted 01 May 2013 - 18:17
Descarca: ComboFix si salveaza-l pe Desktop.
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI. |
#15
Posted 01 May 2013 - 19:56
Quote ComboFix 13-05-01.03 - Barna 01.05.2013 20:40:58.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.40.1033.18.1789.1084 [GMT 3:00] Running from: c:\users\NUME\Desktop\ComboFix.exe AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 ))))))))))))))))))))))))))))))) . . 2013-05-01 17:46 . 2013-05-01 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-01 13:53 . 2013-05-01 13:53 115 ----a-w- c:\windows\DeleteOnReboot.bat 2013-04-30 21:34 . 2013-04-30 21:34 -------- d-----w- c:\programdata\ATI 2013-04-30 21:34 . 2013-04-30 21:34 -------- d-----w- c:\program files\AMD AVT 2013-04-29 15:58 . 2013-04-29 15:58 -------- d-----w- c:\users\Barna\AppData\Roaming\OpenVPN Technologies 2013-04-29 15:58 . 2013-04-29 15:58 -------- d-----w- c:\users\NUME\AppData\Local\OpenVPN Technologies 2013-04-29 15:55 . 2013-04-29 15:55 -------- d-----w- c:\program files\OpenVPN Technologies 2013-04-29 14:21 . 2013-04-29 14:21 26520 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe 2013-04-03 11:58 . 2013-04-03 11:58 -------- d-----w- c:\users\NUME\AppData\Local\Wondershare 2013-04-03 11:58 . 2013-04-03 11:58 -------- d-----w- c:\program files\Common Files\Wondershare . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-29 14:19 . 2012-10-05 17:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-29 14:19 . 2012-10-05 17:32 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-31 17:09 . 2013-03-31 17:09 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-02-07 20:51 . 2013-02-07 20:51 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-07 20:51 . 2012-10-25 19:00 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-07 20:51 . 2012-10-25 19:00 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-29 14:21 . 2013-03-15 16:00 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk backup=c:\windows\pss\OpenVPN Client.lnk.Commonstartup backupExtension=.Commonstartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 06:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] 2012-10-25 18:33 270336 ----a-w- c:\program files\A4Tech\Mouse\Amoumain.exe . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x] R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x] R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x] S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [x] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x] S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [x] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-24 11:14 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 14:19] . 2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-14 14:32] . 2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-14 14:32] . 2013-05-01 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-10-25 11:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ro/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{00619A4C-B77D-40C9-9DAC-AD7B38577142}: NameServer = 194.24.235.1,8.8.8.8 TCP: Interfaces\{4BD95D65-1ADB-4604-B10E-49F323C4B6A7}\27F62696: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{4BD95D65-1ADB-4604-B10E-49F323C4B6A7}\C696E6B6379737: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\users\NUME\AppData\Roaming\Mozilla\Firefox\Profiles\rmniu5yq.default\ FF - prefs.js: browser.search.selectedEngine - Google Images FF - prefs.js: browser.startup.homepage - google.ro FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\guard32.dll . - - - - - - - > 'lsass.exe'(568) c:\windows\system32\guard32.dll . - - - - - - - > 'Explorer.exe'(4476) c:\windows\system32\guard32.dll c:\windows\System32\SyncCenter.dll . Completion time: 2013-05-01 20:48:08 ComboFix-quarantined-files.txt 2013-05-01 17:48 . Pre-Run: 59.359.346.688 bytes free Post-Run: 59.260.981.248 bytes free . - - End Of File - - FA2F9010A801ABAED169D469B81E391E Desi le-am dezactivat, se pare ca la firewall inca apare in raport ca si activat. |
|
#16
Posted 02 May 2013 - 05:04
Buna.
AVG Internet Security 2013 are incorporat "Firewall", asa ca exista o incompatibilitate. Dezinstaleaza AVG Internet Security(foloseate AVG Remover), monitorizeaza calculatorul doua trei zile si vezi cum se comporta. Te rog sa spui ce s-a intamplat pe parcursul testului. |
#17
Posted 02 May 2013 - 11:32
MhG_40, on 02 mai 2013 - 05:04, said:
Buna. AVG Internet Security 2013 are incorporat "Firewall", asa ca exista o incompatibilitate. Untitled.png 29.47K 7 downloads MhG_40, on 02 mai 2013 - 05:04, said:
Dezinstaleaza AVG Internet Security(foloseate AVG Remover), monitorizeaza calculatorul doua trei zile si vezi cum se comporta. Te rog sa spui ce s-a intamplat pe parcursul testului. Revin cu un raspuns dupa ce fac si etapa asta. Multumesc pt ajutor. |
#18
Posted 02 May 2013 - 18:11
Buna.
Daca ai timp, posteaza te rog, log-ul(Reports). C:\ProgramData\AVG13\Log |
Anunturi
▶ 1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users