Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
recomandare smartwatch copil

Viata traita asa cum vrei tu vs v...

Melodie dance veche

RIP Shifty Shellshock
 Daca nu ar conta salariul, ce mes...

Racordare la apa termosemineu

Mi-am luat 4x4 si vreau sa-l testez

Recomandare laptop cu luminozitat...
 Cautarea pe google android nu merge

Caut serviciu serios de captura v...

Frauda magazin online

AC Woods Venezia Smart - nu races...
 podea ciment denivelata

Îndepartare bule folie reflectoriz...

Revista imobiliara cu poze... cir...

Recomandare soundbar pentru laptop
 

HijackThis - Corupt

- - - - -
Last Updated: Jan 10 2014 16:53, Started by Corupt , May 25 2010 17:24  
  ·  
  • Please log in to reply
35 replies to this topic

#1
Corupt
Posted 25 May 2010 - 17:24

Corupt

    Parazit nebun

  • Grup: Senior Members
  • Posts: 7,312
  • Înscris: 03.02.2010
Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 18:20:27, on 25.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Robyz\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{984BF421-6BD9-49D9-B108-D33438831E9E}: NameServer = 194.105.21.230 193.231.252.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll  C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 7773 bytes

Pe scurt, imi este frica sa nu fi fost infestat cu un keylogger.

Edited by Corupt, 25 May 2010 - 17:25.

#2
rootkit
Posted 25 May 2010 - 17:29

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
1. Upgrade la AVG 9.0 sau schimba-l cu alt antivirus.
2.

Descarca

Malwarebytes Anti-Malware 1.46

si salveaza-l pe Desktop.

Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.

Posted Image

Dupa lansarea programului, click pe tab-ul Update si apasa butonul Check for Updates pentru a verifica daca definitiile descarcate sunt ultimele.

Database version: 4XXX

Posted Image

Click pe tab-ul Scanner, selecteaza Perform full scan si apoi apasa pe Scan.

Posted Image

La terminarea scanarii apasa OK si apoi Show Results.

Posted Image

Posted Image

Asigura-te ca e totul bifat si apoi apasa Remove Selected.

Posted Image

Posted Image

La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.

Posted Image

Daca ai dat restart pentru indepartare malware din PC, log-ul il gasesti in fereastra principala in cadrul tab-ului Logs. Verifica sa fie ultimul(dupa data din numele fisierului .txt.)

Posted Image

#3
Corupt
Posted 25 May 2010 - 19:50

Corupt

    Parazit nebun

  • Grup: Senior Members
  • Posts: 7,312
  • Înscris: 03.02.2010

Quote

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versiunea bazei de date: 4142

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

25.05.2010 20:47:51
mbam-log-2010-05-25 (20-47-51).txt

Modul de scanare: Scanare completa (C:\|D:\|)
Obiecte scanate: 321721
Timp trecut: 1 ore, 23 minute, 40 secunde

Procese din Memorie Infectate: 0
Module de Memorie Infectate: 0
Chei de Registru Infectate: 0
Valori de Registru Infectate: 0
Date din Registru Infectate: 0
Foldere Infectate: 0
Fisiere Infectate: 0

Procese din Memorie Infectate:
(Nu au fost detectate obiecte malicioase)

Module de Memorie Infectate:
(Nu au fost detectate obiecte malicioase)

Chei de Registru Infectate:
(Nu au fost detectate obiecte malicioase)

Valori de Registru Infectate:
(Nu au fost detectate obiecte malicioase)

Date din Registru Infectate:
(Nu au fost detectate obiecte malicioase)

Foldere Infectate:
(Nu au fost detectate obiecte malicioase)

Fisiere Infectate:
(Nu au fost detectate obiecte malicioase)

Sa inteleg ca ii totul bine? Desi nu inteleg de ce de multe ori se blocheaza unele programe si daca vreau sa dau restart sau sa il inchid (dupa ce se blocheaza acele programe) nu se intampla nimic. (Ramane blocat in acea imagine de la vista cu Logging off)

Si inca ceva, daca puteti careva sa imi recomandati un program/antivirus bun impotriva keylogger-urilo.

Edited by Corupt, 25 May 2010 - 19:52.

#4
MhG_51
Posted 25 May 2010 - 20:07

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,325
  • Înscris: 04.05.2009
In HiJackThis Bifeaza si da fix la:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Vezi aici cum:
http://forum.softped...t...t&p=5002807

Dupa care,
Descarca

Dr.Web CureIt!5.00.10
Scoate cablul de Internet, opreste protectia real-time(scutul)
a antivirus-ului instalat pe PC si scaneaza full cu acest utilitar.
Initial, la rulare, Dr.Web CureIt! incepe un Express Scan.
Apasa butonul Stop in dreapta cand acesta are culoarea verde.
Posted Image

Bifeaza apoi in stanga Complete Scan si asa in dreapta pe butonul verde Play.

Posted Image
La terminarea scanarii dezinfecteaza/sterge toate fisierele detectate.

Restart, activeaza protectia antivirus, conecteaza cablul de internet.

Edited by MhG_40, 25 May 2010 - 20:24.

#5
Corupt
Posted 13 March 2012 - 21:52

Corupt

    Parazit nebun

  • Grup: Senior Members
  • Posts: 7,312
  • Înscris: 03.02.2010
Salut!

In seara aceasta am intrat pe un site (ebacalaureat) si imediat mi-a aparut o alerta de la comodo (firewall) cum ca s-a downloadat in PC un fisier numit mor.exe.  Am dat sa il curete, dar inca se gaseste in users/nume/.../temp.

Am scanat fisierul cu malware/avg/antispyware si ziceau ca nu are nimic. Am incercat sa-l urc pe virustotal sau sa-i dau delete si nu ma lasa, zice ca nu am drepturi de administrator (:eek: pe propriul PC). Nu ma lasa nici sa "imi dau" drepturi asupra fisierului.

Cum sa fac sa-l sterg ?

Mersi.

EDIT: Am dat un log off si l-a depistat AVG -> l-a sters si m-a pus sa dau restart dupa care a zis ca l-a eliminat, dar cand intru in temp e tot acolo. :mellow:

Edited by Corupt, 13 March 2012 - 22:02.

#6
rootkit
Posted 18 March 2012 - 15:11

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
Ai dat clear cache si temp files din browser?

#7
Corupt
Posted 20 March 2012 - 22:54

Corupt

    Parazit nebun

  • Grup: Senior Members
  • Posts: 7,312
  • Înscris: 03.02.2010
Am dat si tot a ramas acolo (atunci).
Pe urma mi-am dat seama ca nu-l poate sterge deoarece este folosit in acel moment asa ca am intrat in safe mode si l-am sters.

Intre-timp nu a mai aparut.
De asemenea am scanat pc cu malware bytes si pe urma cu SUPERAntiSpyware. Doar antispyware a gasit ceva cookies (mediafax, cinemagia etc) sau cum le zice pe care le-a sters.

#8
rootkit
Posted 25 March 2012 - 17:30

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
Daca mai sunt probleme, revino aici.

#9
Corupt
Posted 01 May 2013 - 11:57

Corupt

    Parazit nebun

  • Grup: Senior Members
  • Posts: 7,312
  • Înscris: 03.02.2010

Quote

Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 12:47:57, on 01.05.2013
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\NUME\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{00619A4C-B77D-40C9-9DAC-AD7B38577142}: NameServer = 194.24.235.1,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{00619A4C-B77D-40C9-9DAC-AD7B38577142}: NameServer = 194.24.235.1,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{00619A4C-B77D-40C9-9DAC-AD7B38577142}: NameServer = 194.24.235.1,8.8.8.8
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviciul Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviciul Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: OpenVPN Access Client (OpenVPNAccessClient) - Unknown owner - C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: vToolbarUpdater15.0.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
--
End of file - 6888 bytes

Scanarea si cu hijack am facut-o din cauza problemei prezentate aici: http://forum.softped.../#entry13112929

Edited by Corupt, 01 May 2013 - 11:58.

#10
MhG_51
Posted 01 May 2013 - 14:44

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,325
  • Înscris: 04.05.2009
Buna.

1. Ruleaza di nou HiJackThis.
Bifeaza si da fix la:

Quote

R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe (file missing)
O23 - Service: vToolbarUpdater15.0.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe

2. Descarca si salveaza pe Desktop, RogueKiller sau de aici.
Inchide toate programele care ruleaza.
Scoate tot din porturile USB(Memory Stick, Hard Extern).
Dublu click pe RogueKiller.exe, pentru a rula.
Pentru Windows Vista sau Windows 7,
click dreapta, selecteaza Run as administrator.
Asteapta pana Prescan-ul a terminat.
Click pe "Scan".
Asteapta pana ce in Status box apare "Scan Finished".
Click pe "Report" si copy/paste aici.
Pe imaginea de mai jos ignora pasul 3!
[ http://s9.postimage.org/q04cnvji7/image.jpg - Pentru incarcare in pagina (embed) Click aici ]

3. Descarca AdwCleaner by Xplode pe Desktop.
Dublu click pe AdwCleaner.exe pentru al rula.
Pentru Windows Vista sau Windows7,
click dreapta, selecteaza Run as administrator.
Click pe Search.
Asteapta sa termine de cautat.
Dupa click pe Delete.
Un fisier log se va deschide dupa ce va termina de scanat.
Posteaza continutul lui aici.
Logul se gaseste in C:\AdwCleaner[Sn].txt (n este un numar).
[ http://s8.postimage.org/q3trcenth/ADW1.jpg - Pentru incarcare in pagina (embed) Click aici ]

#11
Corupt
Posted 01 May 2013 - 16:04

Corupt

    Parazit nebun

  • Grup: Senior Members
  • Posts: 7,312
  • Înscris: 03.02.2010

Quote

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : NUME [Admin rights]
Mode : Scan -- Date : 05/01/2013 16:50:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤


¤¤¤ Registry Entries : 7 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{00619A4C-B77D-40C9-9DAC-AD7B38577142} : NameServer (194.24.235.1,8.8.8.8) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{00619A4C-B77D-40C9-9DAC-AD7B38577142} : NameServer (194.24.235.1,8.8.8.8) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] 0ff703d154f94c8ef26c38d2d8ec42b8
[BSP] edd42d651a2a6f92b7a59ebc1ab7398d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 81920 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167979008 | Size: 223223 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_05012013_02d1650.txt >>
RKreport[1]_S_05012013_02d1650.txt

___

Quote

# Adwcleaner v2.300 - Logfile created 05/01/2013 at 16:51:58
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate  (32 bits)
# User : NUME
# Boot Mode : Normal
# Running from : C:\Users\NUME\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\NUME\AppData\Local\AVG Secure Search
Folder Found : C:\Users\NUME\AppData\Local\Babylon
Folder Found : C:\Users\NUME\AppData\Local\Conduit
Folder Found : C:\Users\NUME\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\NUME\AppData\LocalLow\Conduit
Folder Found : C:\Users\NUME\AppData\Roaming\Babylon
Folder Found : C:\Users\NUME\AppData\Roaming\Mozilla\Firefox\Profiles\rmniu5yq.default\Smartbar

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\PIP
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (ro)

File : C:\Users\NUME\AppData\Roaming\Mozilla\Firefox\Profiles\rmniu5yq.default\prefs.js

Found : user_pref("CT3220468.BT_Stats", "{\"last_log\":1350766978,\"uuid\":873139184534310,\"seq_id\":1,\"ss[...]
Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3220468.FirstTime", "true");
Found : user_pref("CT3220468.FirstTimeFF3", "true");
Found : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Found : user_pref("CT3220468.UserID", "UN37894788427673530");
Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3220468.autoDisableScopes", -1);
Found : user_pref("CT3220468.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3220468.cbcountry_001", "RO");
Found : user_pref("CT3220468.cbfirsttime", "Sun Oct 21 2012 00:02:57 GMT+0300 (GTB Daylight Time)");
Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3220468.enableAlerts", "always");
Found : user_pref("CT3220468.enableSearchFromAddressBar", "true");
Found : user_pref("CT3220468.firstTimeDialogOpened", "true");
Found : user_pref("CT3220468.fixPageNotFoundError", "true");
Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3220468.fixUrls", true);
Found : user_pref("CT3220468.installId", "fftD8C2.tmp.exe");
Found : user_pref("CT3220468.installType", "XPE");
Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.isNewTabEnabled", true);
Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3220468.keyword", true);
Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Found : user_pref("CT3220468.openThankYouPage", "true");
Found : user_pref("CT3220468.openUninstallPage", "FALSE");
Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Found : user_pref("CT3220468.search.searchCount", "0");
Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350766975650");
Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1350767217204");
Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350766977046");
Found : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1350766977420");
Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350766976723");
Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1350766974927");
Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1350766973769");
Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350766976105");
Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1350767217177");
Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1350766975741");
Found : user_pref("CT3220468.settingsINI", true);
Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Found : user_pref("CT3220468.smartbar.Uninstall", "0");
Found : user_pref("CT3220468.smartbar.homepage", true);
Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Found : user_pref("CT3220468.startPage", "TRUE");
Found : user_pref("CT3220468.toolbarBornServerTime", "21-10-2012");
Found : user_pref("CT3220468.toolbarCurrentServerTime", "21-10-2012");
Found : user_pref("CT3220468.toolbarDisabled", "true");
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.0.0.2");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\NUME\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9715 octets] - [01/05/2013 16:51:58]

########## EOF - C:\AdwCleaner[R1].txt - [9775 octets] ##########

__

Quote

# AdwCleaner v2.300 - Logfile created 05/01/2013 at 16:52:24
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate  (32 bits)
# User : NUME
# Boot Mode : Normal
# Running from : C:\Users\NUME\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\NUME\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\NUME\AppData\Local\Babylon
Folder Deleted : C:\Users\NUME\AppData\Local\Conduit
Folder Deleted : C:\Users\NUME\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\NUME\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\NUME\AppData\Roaming\Babylon
Folder Deleted : C:\Users\NUME\AppData\Roaming\Mozilla\Firefox\Profiles\rmniu5yq.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (ro)

File : C:\Users\NUME\AppData\Roaming\Mozilla\Firefox\Profiles\rmniu5yq.default\prefs.js

Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1350766978,\"uuid\":873139184534310,\"seq_id\":1,\"ss[...]
Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Deleted : user_pref("CT3220468.UserID", "UN37894788427673530");
Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3220468.cbcountry_001", "RO");
Deleted : user_pref("CT3220468.cbfirsttime", "Sun Oct 21 2012 00:02:57 GMT+0300 (GTB Daylight Time)");
Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3220468.enableAlerts", "always");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.installId", "fftD8C2.tmp.exe");
Deleted : user_pref("CT3220468.installType", "XPE");
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.keyword", true);
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Deleted : user_pref("CT3220468.search.searchCount", "0");
Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350766975650");
Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1350767217204");
Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350766977046");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1350766977420");
Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350766976723");
Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1350766974927");
Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1350766973769");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350766976105");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1350767217177");
Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1350766975741");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220468.smartbar.homepage", true);
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.startPage", "TRUE");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "21-10-2012");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "21-10-2012");
Deleted : user_pref("CT3220468.toolbarDisabled", "true");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.0.0.2");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\NUME\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9844 octets] - [01/05/2013 16:51:58]
AdwCleaner[S1].txt - [10010 octets] - [01/05/2013 16:52:24]

########## EOF - C:\AdwCleaner[S1].txt - [10071 octets] ##########

#12
MhG_51
Posted 01 May 2013 - 18:17

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,325
  • Înscris: 04.05.2009
Descarca: ComboFix si salveaza-l pe Desktop.
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix.
Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data.
Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii.
Salveaza acel fisier si posteaza continutul AICI.

#13
Corupt
Posted 01 May 2013 - 19:31

Corupt

    Parazit nebun

  • Grup: Senior Members
  • Posts: 7,312
  • Înscris: 03.02.2010
Inchid si antivirusul si firewallul ?

#14
MhG_51
Posted 01 May 2013 - 19:39

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,325
  • Înscris: 04.05.2009
Da, se pot dezactiva provizoriu!

#15
Corupt
Posted 01 May 2013 - 19:56

Corupt

    Parazit nebun

  • Grup: Senior Members
  • Posts: 7,312
  • Înscris: 03.02.2010

Quote

ComboFix 13-05-01.03 - Barna 01.05.2013  20:40:58.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.40.1033.18.1789.1084 [GMT 3:00]
Running from: c:\users\NUME\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-01 to 2013-05-01  )))))))))))))))))))))))))))))))
.
.
2013-05-01 17:46 . 2013-05-01 17:46    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-01 13:53 . 2013-05-01 13:53    115    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-04-30 21:34 . 2013-04-30 21:34    --------    d-----w-    c:\programdata\ATI
2013-04-30 21:34 . 2013-04-30 21:34    --------    d-----w-    c:\program files\AMD AVT
2013-04-29 15:58 . 2013-04-29 15:58    --------    d-----w-    c:\users\Barna\AppData\Roaming\OpenVPN Technologies
2013-04-29 15:58 . 2013-04-29 15:58    --------    d-----w-    c:\users\NUME\AppData\Local\OpenVPN Technologies
2013-04-29 15:55 . 2013-04-29 15:55    --------    d-----w-    c:\program files\OpenVPN Technologies
2013-04-29 14:21 . 2013-04-29 14:21    26520    ----a-w-    c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-04-03 11:58 . 2013-04-03 11:58    --------    d-----w-    c:\users\NUME\AppData\Local\Wondershare
2013-04-03 11:58 . 2013-04-03 11:58    --------    d-----w-    c:\program files\Common Files\Wondershare
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-29 14:19 . 2012-10-05 17:32    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-29 14:19 . 2012-10-05 17:32    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-03-31 17:09 . 2013-03-31 17:09    33624    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-02-07 20:51 . 2013-02-07 20:51    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-02-07 20:51 . 2012-10-25 19:00    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-02-07 20:51 . 2012-10-25 19:00    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-04-29 14:21 . 2013-03-15 16:00    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk
backup=c:\windows\pss\OpenVPN Client.lnk.Commonstartup
backupExtension=.Commonstartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35    946352    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 06:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2012-10-25 18:33    270336    ----a-w-    c:\program files\A4Tech\Mouse\Amoumain.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-24 11:14    1642448    ----a-w-    c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 14:19]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-14 14:32]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-14 14:32]
.
2013-05-01 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-10-25 11:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ro/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{00619A4C-B77D-40C9-9DAC-AD7B38577142}: NameServer = 194.24.235.1,8.8.8.8
TCP: Interfaces\{4BD95D65-1ADB-4604-B10E-49F323C4B6A7}\27F62696: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{4BD95D65-1ADB-4604-B10E-49F323C4B6A7}\C696E6B6379737: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\NUME\AppData\Roaming\Mozilla\Firefox\Profiles\rmniu5yq.default\
FF - prefs.js: browser.search.selectedEngine - Google Images
FF - prefs.js: browser.startup.homepage - google.ro
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(568)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(4476)
c:\windows\system32\guard32.dll
c:\windows\System32\SyncCenter.dll
.
Completion time: 2013-05-01  20:48:08
ComboFix-quarantined-files.txt  2013-05-01 17:48
.
Pre-Run: 59.359.346.688 bytes free
Post-Run: 59.260.981.248 bytes free
.
- - End Of File - - FA2F9010A801ABAED169D469B81E391E

Desi le-am dezactivat, se pare ca la firewall inca apare in raport ca si activat.

#16
MhG_51
Posted 02 May 2013 - 05:04

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,325
  • Înscris: 04.05.2009
Buna.
AVG Internet Security 2013 are incorporat "Firewall", asa ca exista o incompatibilitate.
Dezinstaleaza AVG Internet Security(foloseate AVG Remover),
monitorizeaza calculatorul doua trei zile si vezi cum se comporta.
Te rog sa spui ce s-a intamplat pe parcursul testului.

#17
Corupt
Posted 02 May 2013 - 11:32

Corupt

    Parazit nebun

  • Grup: Senior Members
  • Posts: 7,312
  • Înscris: 03.02.2010

 MhG_40, on 02 mai 2013 - 05:04, said:

Buna.
AVG Internet Security 2013 are incorporat "Firewall", asa ca exista o incompatibilitate.
In mod normal are, dar l-am debifat la instalare deoarece stiam ca o sa folosesc in schimb Comodo.
Attached File  Untitled.png   29.47K   7 downloads

 MhG_40, on 02 mai 2013 - 05:04, said:

Dezinstaleaza AVG Internet Security(foloseate AVG Remover),
monitorizeaza calculatorul doua trei zile si vezi cum se comporta.
Te rog sa spui ce s-a intamplat pe parcursul testului.
O sa incep testul in vreo trei-patru zile. In perioada aceasta trebuie sa lucrez la niste prezentari si primesc tot felul de fisiere de la colegi si nu as vrea sa imi faca unul vreo surpriza. :D

Revin cu un raspuns dupa ce fac si etapa asta.

Multumesc pt ajutor.

#18
MhG_51
Posted 02 May 2013 - 18:11

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,325
  • Înscris: 04.05.2009
Buna.
Daca ai timp, posteaza te rog, log-ul(Reports).
C:\ProgramData\AVG13\Log

Anunturi

Second Opinion Second Opinion

Folosind serviciul second opinion ne puteți trimite RMN-uri, CT -uri, angiografii, fișiere .pdf, documente medicale.

Astfel vă vom putea da o opinie neurochirurgicală, fără ca aceasta să poată înlocui un consult de specialitate. Răspunsurile vor fi date prin e-mail în cel mai scurt timp posibil (de obicei în mai putin de 24 de ore, dar nu mai mult de 48 de ore). Second opinion – Neurohope este un serviciu gratuit.

www.neurohope.ro
Back to Devirusare & raportare virusi/malware

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Forumul Softpedia
  2. Soft Related / OS
  3. Antivirus & Security
  4. Devirusare & raportare virusi/malware
Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate