Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Avg antivirus mi javlja potentially unwanted tool tool.ax a u details mi stoji svchost.exe?

[es] :: Zaštita :: Avg antivirus mi javlja potentially unwanted tool tool.ax a u details mi stoji svchost.exe?

[ Pregleda: 1919 | Odgovora: 7 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

asdffdsa32
Operater, Telekom Srbija

Član broj: 168122
Poruke: 24
*.i02-6.onvol.net.



Profil

icon Avg antivirus mi javlja potentially unwanted tool tool.ax a u details mi stoji svchost.exe?23.10.2008. u 12:49 - pre 173 meseci
Logfile of HijackThis v1.99.1
Scan saved at 13:45:30, on 23/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\connx32\CONNXJDBC\BIN\CNXJDBC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\system32\cmd.exe
R:\DF31d\BIN\DFRUNCON.EXE
C:\Documents and Settings\User3\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: CONNX JDBC SERVER (CommandLine).lnk = C:\connx32\CONNXJDBC\BIN\CNXJDBC.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1224254143796
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C92EA9-858F-44A4-A8DC-769798B4B526}: NameServer = 212.56.128.132,212.56.128.196
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CONNX JDBC Server Service (CONNXJDBC) - Unknown owner - C:\CONNX32\CONNXJDBC\bin\CNXJDBC.exe"-imbed (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Avg antivirus mi javlja potentially unwanted tool tool.ax a u details mi stoji svchost.exe?23.10.2008. u 13:53 - pre 173 meseci
1. privremeno iskljuci anti virus program..ovako
desni klik na AVG ikonicu u donjem desnom uglu ekrana.
Kada se pokrene AVG Control Center
dvoklikni na
AVG Resident Shield
komponentu.
u prozoru koji se otvori, destikliraj opciju
Turn on AVG Resident Shield i klikni OK

2. Skini ComboFix sa ovog linka na Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
neklikci misem i nediraj tastaturu dok skripta radi! znaci pusti je da odradi svoje..
sledi uputstva na ekranu.
Kada zavrsi pojavice se log
lokacija C:\ComboFix.txt
-postavi CF log
-kao i svez HjT log

 
Odgovor na temu

asdffdsa32
Operater, Telekom Srbija

Član broj: 168122
Poruke: 24
*.i02-6.onvol.net.



Profil

icon Re: Avg antivirus mi javlja potentially unwanted tool tool.ax a u details mi stoji svchost.exe?24.10.2008. u 12:00 - pre 173 meseci
Ok u medjuvremenu sam zamenio AVG sa NOD32 i evo najsvezijeg hijack-a:

Logfile of HijackThis v1.99.1
Scan saved at 12:59:19, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Outlook Express\msimn.exe
R:\DF31d\BIN\DFRUNCON.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User3\My Documents\marthy\My marthy\firefox.exe
C:\Documents and Settings\User3\My Documents\marthy\utorrent.exe
C:\Documents and Settings\User3\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: CONNX JDBC SERVER (CommandLine).lnk = C:\connx32\CONNXJDBC\BIN\CNXJDBC.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1224254143796
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C92EA9-858F-44A4-A8DC-769798B4B526}: NameServer = 212.56.128.132,212.56.128.196
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CONNX JDBC Server Service (CONNXJDBC) - Unknown owner - C:\CONNX32\CONNXJDBC\bin\CNXJDBC.exe"-imbed (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

A tu je i ovaj Combo Fix Log:


ComboFix 08-10-23.08 - User3 2008-10-24 12:52:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1231 [GMT 2:00]
Running from: C:\Documents and Settings\User3\Desktop\ComboFix.exe
* Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
Error: Cfiles.dat

((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.

2008-10-23 13:59 . 2008-10-23 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-23 13:59 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-10-23 13:57 . 2008-10-23 13:57 <DIR> d-------- C:\Program Files\ESET
2008-10-23 13:57 . 2008-10-23 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-10-22 11:55 . 2008-10-22 11:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-22 11:55 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-10-22 11:50 . 2008-10-22 12:28 <DIR> d-------- C:\Program Files\Microsoft Games
2008-10-22 11:11 . 2008-10-22 11:11 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-21 16:47 . 2008-10-23 20:52 <DIR> d-------- C:\NLA
2008-10-21 16:36 . 2008-10-23 20:31 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-21 16:32 . 2008-10-21 16:32 <DIR> d-------- C:\Documents and Settings\User3\Application Data\Nero
2008-10-21 16:30 . 2008-10-21 16:30 <DIR> d-------- C:\Program Files\Nero
2008-10-21 16:30 . 2008-10-21 16:31 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-10-21 16:30 . 2008-10-21 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-10-21 09:30 . 2008-10-21 09:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-21 09:27 . 2008-10-24 12:51 <DIR> d-------- C:\Documents and Settings\User3\Application Data\uTorrent
2008-10-18 16:10 . 2008-10-18 16:10 488 --a------ C:\hpfr3420.xml
2008-10-17 17:24 . 2008-04-14 05:42 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-17 16:57 . 2008-10-03 19:41 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-17 16:57 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-17 16:57 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-17 16:57 . 2008-08-26 09:24 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-17 16:57 . 2008-08-26 09:24 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-17 16:57 . 2008-08-26 09:24 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-17 16:57 . 2008-08-26 09:24 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-17 16:57 . 2008-08-26 09:24 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-17 16:57 . 2008-08-25 10:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-17 16:50 . 2008-08-14 12:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-17 16:50 . 2008-08-14 12:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-17 16:50 . 2008-08-14 11:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-17 16:50 . 2008-08-14 11:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-17 16:50 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-17 16:49 . 2008-09-15 14:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-17 16:46 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-17 16:45 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-17 16:44 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-17 16:44 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-17 16:38 . 2008-10-18 18:07 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-17 16:36 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-17 16:36 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-10-17 16:36 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-17 16:36 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-17 16:36 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-17 16:35 . 2008-10-17 16:35 <DIR> d--hs---- C:\Documents and Settings\User3\UserData
2008-10-17 16:29 . 2008-10-17 16:29 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-17 16:28 . 2008-10-17 16:28 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-17 16:25 . 2008-10-17 16:25 <DIR> d-------- C:\Program Files\Google
2008-10-17 16:24 . 2008-10-17 17:02 <DIR> d-------- C:\Program Files\NOS
2008-10-17 16:24 . 2008-10-17 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-17 15:48 . 2008-10-17 15:56 <DIR> d-------- C:\connx32
2008-10-17 15:44 . 2008-10-17 15:44 <DIR> d-------- C:\WINDOWS\Sun
2008-10-17 15:44 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-17 15:43 . 2008-10-17 15:44 <DIR> d-------- C:\Program Files\Java
2008-10-17 15:40 . 2008-10-17 15:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-17 15:38 . 2008-10-17 15:57 <DIR> d-------- C:\cyberPOST2
2008-10-17 15:28 . 2008-04-13 22:05 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-10-17 15:28 . 2008-04-13 22:05 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-10-17 15:01 . 2008-10-17 15:01 <DIR> d-------- C:\Documents and Settings\User3\Application Data\Hewlett-Packard
2008-10-17 15:00 . 2004-10-08 03:16 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-10-17 14:57 . 2003-03-09 22:31 233,528 -ra------ C:\WINDOWS\system32\HPZidr12.dll
2008-10-17 14:57 . 2003-03-09 22:31 167,936 -ra------ C:\WINDOWS\system32\HPZipr12.dll
2008-10-17 14:57 . 2003-03-09 22:31 94,208 -ra------ C:\WINDOWS\system32\HPZipt12.dll
2008-10-17 14:57 . 2003-03-09 22:31 65,795 -ra------ C:\WINDOWS\system32\HPZipm12.exe
2008-10-17 14:57 . 2003-03-09 22:31 61,699 -ra------ C:\WINDOWS\system32\HPZinw12.exe
2008-10-17 14:57 . 2003-03-09 22:31 57,344 -ra------ C:\WINDOWS\system32\HPZisn12.dll
2008-10-17 14:57 . 2003-03-09 22:31 51,024 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-10-17 14:57 . 2003-03-09 22:31 21,456 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-17 14:57 . 2003-03-09 22:31 16,080 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-17 14:56 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-17 14:56 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-17 14:50 . 2008-10-17 14:50 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-10-17 14:48 . 2008-10-17 15:00 20,475 --a------ C:\WINDOWS\hpoins01.dat
2008-10-17 14:48 . 2003-04-06 06:33 16,622 --------- C:\WINDOWS\hpomdl01.dat
2008-10-17 14:37 . 2008-10-17 14:37 <DIR> d-------- C:\WINLABEL
2008-10-17 14:37 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-17 14:37 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-17 14:34 . 2008-10-17 14:34 <DIR> d-------- C:\Program Files\AvantGo Connect
2008-10-17 14:33 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-10-17 14:33 . 2008-10-17 14:34 2,510 --a------ C:\WINDOWS\Microsoft.MIF
2008-10-17 14:22 . 2008-10-17 14:22 <DIR> d-------- C:\Program Files\AVG
2008-10-17 13:58 . 2008-10-17 13:58 <DIR> d--h----- C:\Program Files\Zenographics
2008-10-17 13:58 . 2008-10-17 15:00 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-10-17 13:58 . 2005-03-18 13:18 574,100 -ra------ C:\WINDOWS\system32\hp1022n.img
2008-10-17 13:58 . 2005-03-18 13:18 397,312 -ra------ C:\WINDOWS\system32\zshp1020.exe
2008-10-17 13:58 . 2005-03-18 13:18 206,768 -ra------ C:\WINDOWS\system32\hp1022.img
2008-10-17 13:58 . 2005-03-18 13:18 143,360 -ra------ C:\WINDOWS\apptune1020.exe
2008-10-17 13:58 . 2005-03-18 13:18 128,612 -ra------ C:\WINDOWS\system32\hp1020.img
2008-10-17 13:58 . 2005-03-18 13:18 106,496 -ra------ C:\WINDOWS\system32\vshp1020.dll
2008-10-17 13:58 . 2005-03-18 13:18 86,016 -ra------ C:\WINDOWS\system32\ZSPOOL.DLL
2008-10-17 13:58 . 2005-03-18 13:18 86,016 -ra------ C:\WINDOWS\system32\ZLhp1020.dll
2008-10-17 13:58 . 2005-03-18 13:18 28,672 -ra------ C:\WINDOWS\system32\zlm.dll
2008-10-17 13:58 . 2005-03-18 13:18 28,672 -ra------ C:\WINDOWS\system32\IMF32.DLL
2008-10-17 13:58 . 2005-03-18 13:18 24,576 -ra------ C:\WINDOWS\system32\ZTAG32.DLL
2008-10-17 13:58 . 2005-03-18 13:18 7,294 -ra------ C:\WINDOWS\system32\ZSHP1020.HLP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-17 13:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-17 12:34 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-10-06 10:32 --------- d-----w C:\Program Files\Common Files\L&H
2008-10-06 10:31 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-06 10:29 --------- d-----w C:\Program Files\Microsoft Works
2008-10-06 10:21 --------- d-----w C:\Program Files\VIA
2008-10-06 10:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-12-20 7151616]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CONNX JDBC SERVER (CommandLine).lnk - C:\connx32\CONNXJDBC\BIN\CNXJDBC.EXE [2008-10-17 335934]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\connx32\\CONNXJDBC\\BIN\\CNXJDBC.EXE"=
"C:\\Documents and Settings\\User3\\My Documents\\marthy\\utorrent.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\system32\drivers\viahduaa.sys [2007-12-12 212992]
S2 CONNXJDBC;CONNX JDBC Server Service;C:\CONNX32\CONNXJDBC\bin\CNXJDBC.exe-imbed [ ]
S3 USB_RNDIS_51;USB Remote Ndis Cable Modem Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-14 12800]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-17 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1224248447.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User3\Application Data\Mozilla\Firefox\Profiles\hsczatik.default\
FF -: plugin - C:\Documents and Settings\User3\My Documents\marthy\My marthy\plugins\npnul32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 12:54:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-24 12:55:01
ComboFix-quarantined-files.txt 2008-10-24 10:54:58

Pre-Run: 77,769,949,184 bytes free
Post-Run: 78,783,905,792 bytes free

188 --- E O F --- 2008-10-22 18:41:46
 
Odgovor na temu

icobh
Igor Pejašinović
Network Admin
Navigo SC d.o.o.
Banja Luka

Član broj: 18738
Poruke: 1319
*.inecco.net.

Sajt: www.nsc.ba


+4 Profil

icon Re: Avg antivirus mi javlja potentially unwanted tool tool.ax a u details mi stoji svchost.exe?24.10.2008. u 12:26 - pre 173 meseci
Citat:
asdffdsa32: Ok u medjuvremenu sam zamenio AVG sa NOD32

Ala si se i usrećio, svaka ti čast. Pa besplatni AVG je bolji od NOD-a, a da ne kažem Pro verzija!

Nego, ja tebi predlažem da ti uzmeš RegEdit, pretražiš sve ključeve za tool.ax, i gdje god ga nađeš, izbriši taj ključ. Sledeće je da nađeš taj tool.ax, koji je sudeći po extenziji nekakvo đubre koje se predstavlja kao audio codec, vjerovatno si ga pokupio preko WMP-a, izbrišeš ga sa računara. Za pretraživanje nemoj koristiti standardni Windows Search, jer ga nećeš naći, već možeš npr. ovaj program u att.

Sretno!
I ♥ ♀

Ovaj post je zlata vrijedan!
Prikačeni fajlovi
 
Odgovor na temu

asdffdsa32
Operater, Telekom Srbija

Član broj: 168122
Poruke: 24
*.i02-6.onvol.net.



Profil

icon Re: Avg antivirus mi javlja potentially unwanted tool tool.ax a u details mi stoji svchost.exe?24.10.2008. u 14:27 - pre 173 meseci
Uradio sam kao sto si mi rekao. Obrisao sam taj tool.ax iz registrya. Uradio sam virus scan i nije nista nasao. Evo najsvezijeg hijackthis. Nadam se da je sad sve ok. Hvala puno.


Logfile of HijackThis v1.99.1
Scan saved at 15:24:29, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Outlook Express\msimn.exe
R:\DF31d\BIN\DFRUNCON.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User3\My Documents\marthy\utorrent.exe
C:\WINDOWS\system32\cmd.exe
R:\DF31d\BIN\DFRUNCON.EXE
C:\Documents and Settings\User3\My Documents\marthy\My marthy\firefox.exe
C:\Documents and Settings\User3\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: CONNX JDBC SERVER (CommandLine).lnk = C:\connx32\CONNXJDBC\BIN\CNXJDBC.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1224254143796
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C92EA9-858F-44A4-A8DC-769798B4B526}: NameServer = 212.56.128.132,212.56.128.196
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CONNX JDBC Server Service (CONNXJDBC) - Unknown owner - C:\CONNX32\CONNXJDBC\bin\CNXJDBC.exe"-imbed (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 
Odgovor na temu

icobh
Igor Pejašinović
Network Admin
Navigo SC d.o.o.
Banja Luka

Član broj: 18738
Poruke: 1319
*.inecco.net.

Sajt: www.nsc.ba


+4 Profil

icon Re: Avg antivirus mi javlja potentially unwanted tool tool.ax a u details mi stoji svchost.exe?24.10.2008. u 14:39 - pre 173 meseci
OK. Ja ti još predlažem da se ipak vratiš na AVG. Ipak je malo bolji od NOD-a...
I ♥ ♀

Ovaj post je zlata vrijedan!
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Avg antivirus mi javlja potentially unwanted tool tool.ax a u details mi stoji svchost.exe?24.10.2008. u 20:21 - pre 173 meseci
sorry sto kasnim...
imam pitanje za tebe:
Jel imas neku plavu petokraku pored sata?
razmisljam se..mozda te to zeza

1.
skini ovaj notepad sto sam okacio
ponovo iskljuci AV na kratko
samo prevuci notepad preko ComboFix-a
ostavi da CF odradi svoje
restartuj komp

2.pokreni HjT i fix ovu liniju

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)


*postavi svez HjT log




Prikačeni fajlovi
 
Odgovor na temu

asdffdsa32
Operater, Telekom Srbija

Član broj: 168122
Poruke: 24
*.i02-6.onvol.net.



Profil

icon Re: Avg antivirus mi javlja potentially unwanted tool tool.ax a u details mi stoji svchost.exe?25.10.2008. u 11:26 - pre 173 meseci
E hvala na odgovoru. Pogledao sam ovo sto si mi stavio u attach i to je ovaj connx32 bla bla i to ne smem da diram jer je to nesto ovde na sljaci...nesto njihovo. Inace otkad sam instalirao nod32 i skenirao komp on mi je nasao ovaj tool.ax i ja sam ga obrisao. zatim sam potrazio u registry-u i tamo ga izbrisao i sad vise nemam problema...bar ja mislim da nemam :)
 
Odgovor na temu

[es] :: Zaštita :: Avg antivirus mi javlja potentially unwanted tool tool.ax a u details mi stoji svchost.exe?

[ Pregleda: 1919 | Odgovora: 7 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.