Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Firewall i AVG 8.0

[es] :: Zaštita :: Firewall i AVG 8.0

Strane: 1 2

[ Pregleda: 5886 | Odgovora: 24 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

beza

Član broj: 87049
Poruke: 41
*.adsl.net.t-com.hr.



Profil

icon Firewall i AVG 8.028.12.2008. u 08:24 - pre 186 meseci
Imam instaliran AVG 8.0. Prilikom startanja windowsa neče da se uključi firewall pa stoga ne mogu uspostaviti internet konekciju preko Zyxel-a. Moram deinstalirati AVG par puta restartat računalo da bi se spojio na internet. Poslije kad ponovo instaliram AVG sve je OK do sljedećeg gašenja računala.
Ima l tko kakvu ideju šta raditi.?
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Firewall i AVG 8.028.12.2008. u 08:43 - pre 186 meseci
Nisam te bas najbolje razumeo ovo oko firewall-a. Da li si imao neki drugi AV pre nego di instalirao AVG?
 
Odgovor na temu

beza

Član broj: 87049
Poruke: 41
*.adsl.net.t-com.hr.



Profil

icon Re: Firewall i AVG 8.028.12.2008. u 08:51 - pre 186 meseci
AVG 7 i nije bilo nikakvih problema. Neznam zašto se firewall prilikom start windowsa ne uključi. Kada bi ga išao uključiti ručno ne ide.
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Firewall i AVG 8.028.12.2008. u 09:03 - pre 186 meseci
Ajde da izvrsimo jednu proveru

Skini HiJackThis program sa sledeceg linka:
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Stavi ga u zaseban folder na Desktop
Promeni naziv foldera u GT3 i programa u GT3.exe

* Pokreni HijackThis
* Izaberi opciju "Do a system scan and save the logfile"
* Na kraju skeniranja program ce izbaciti tekstualni log.
* taj log kopiraj ovde ( opcije copy / paste)
 
Odgovor na temu

beza

Član broj: 87049
Poruke: 41
*.adsl.net.t-com.hr.



Profil

icon Re: Firewall i AVG 8.028.12.2008. u 09:26 - pre 186 meseci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:11, on 28.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WIN\System32\smss.exe
C:\WIN\system32\winlogon.exe
C:\WIN\system32\services.exe
C:\WIN\system32\lsass.exe
C:\WIN\system32\Ati2evxx.exe
C:\WIN\system32\svchost.exe
C:\WIN\System32\svchost.exe
C:\WIN\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WIN\system32\Ati2evxx.exe
C:\WIN\Explorer.EXE
C:\WIN\system32\wscntfy.exe
C:\WIN\System32\drivers\logman.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WIN\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WIN\system32\G-VGA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WIN\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jo\Desktop\GT3\GT3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/Smart.../ResultsMasterHomeLeftPane.htm
R3 - URLSearchHook: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
F3 - REG:win.ini: load=C:\DOCUME~1\jo\APPLIC~1\mstsc.exe
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\WIN\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WIN\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WIN\system32\G-VGA.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MAXadsl - Provjera prometa] C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\WIN\System32\drivers\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\jo\APPLIC~1\MICROS~1\esentutl.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\WIN\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\WIN\cisvc.exe /waitservice (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1218489719000
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{58888CAB-936C-42EA-B676-5F607B22B514}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WIN\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WIN\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7284 bytes
 
Odgovor na temu

beza

Član broj: 87049
Poruke: 41
*.adsl.net.t-com.hr.



Profil

icon Re: Firewall i AVG 8.028.12.2008. u 09:42 - pre 186 meseci
Sa AVG-om !


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:27, on 28.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WIN\System32\smss.exe
C:\WIN\system32\winlogon.exe
C:\WIN\system32\services.exe
C:\WIN\system32\lsass.exe
C:\WIN\system32\Ati2evxx.exe
C:\WIN\system32\svchost.exe
C:\WIN\System32\svchost.exe
C:\WIN\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WIN\system32\Ati2evxx.exe
C:\WIN\Explorer.EXE
C:\WIN\System32\drivers\logman.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WIN\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WIN\system32\G-VGA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WIN\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
C:\WIN\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\jo\Desktop\GT3\GT3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/Smart.../ResultsMasterHomeLeftPane.htm
R3 - URLSearchHook: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
F3 - REG:win.ini: load=C:\DOCUME~1\jo\APPLIC~1\mstsc.exe
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\WIN\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WIN\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WIN\system32\G-VGA.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MAXadsl - Provjera prometa] C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\WIN\System32\drivers\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\jo\APPLIC~1\MICROS~1\esentutl.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\WIN\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\WIN\cisvc.exe /waitservice (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1218489719000
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{58888CAB-936C-42EA-B676-5F607B22B514}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WIN\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WIN\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8164 bytes
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Firewall i AVG 8.028.12.2008. u 09:49 - pre 186 meseci
Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

note: Ako vec imas ComboFix u kompjuteru,obrisi tu i skini noviju verziju sa datih linkova radi update-a


Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu.
Ne diraj Mis i nediraj tastaturu dok skripta radi!
Kada zavrsi,pojavice se log (C:\ComboFix.txt)

*postavi ComboFix logfile
*postavi svez HijackThis log

edit:

Ja sam gledao onaj prvi log, samo da dodam da pre pokretanja Combofixa iskljucis AV.

[Ovu poruku je menjao kristi1 dana 28.12.2008. u 11:47 GMT+1]
 
Odgovor na temu

beza

Član broj: 87049
Poruke: 41
*.adsl.net.t-com.hr.



Profil

icon Re: Firewall i AVG 8.028.12.2008. u 11:31 - pre 186 meseci
ComboFix 08-12-26.03 - jo 2008-12-28 12:27:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.267 [GMT 1:00]
Running from: c:\documents and settings\jo\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\gogo\Application Data\Hotbar_Icons
c:\documents and settings\gogo\Application Data\Hotbar_Icons\Fix-PC-Registry-Errors.ico
c:\documents and settings\gogo\Application Data\Hotbar_Icons\games2.ico
c:\documents and settings\gogo\Application Data\ShoppingReport
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\gogo\Application Data\WeatherDPA
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\Weather_XML\Default
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\Weather_XML\Genera1
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\Weather_XML\General
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Links
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Display
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Error
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Loading
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\screen2
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\screen3
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Version
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\WeatherPreferences
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\Goran\Start Menu\programs\plug&play.lnk
c:\documents and settings\jo\Application Data\comrepl.exe
c:\documents and settings\jo\Application Data\dllhst3g.exe
c:\documents and settings\jo\Application Data\ShoppingReport
c:\documents and settings\jo\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\jo\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\jo\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\jo\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\jo\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\jo\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\jo\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\TEMP\Application Data\m
c:\documents and settings\TEMP\Favorites\plug&play.lnk
c:\documents and settings\TEMP\Local Settings\Application Data\ccgaeui.dat
c:\documents and settings\TEMP\Local Settings\Application Data\ccgaeui.exe
c:\documents and settings\TEMP\Local Settings\Application Data\ccgaeui_nav.dat
c:\documents and settings\TEMP\Local Settings\Application Data\ccgaeui_navps.dat
c:\program files\FunWebProducts
c:\program files\INSTALL.LOG
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.htm
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-28 12:22 . 2008-12-28 12:22 <DIR> d-------- c:\documents and settings\All Users.WIN\Application Data\Avg8
2008-12-25 11:22 . 2008-12-25 20:14 <DIR> d-------- c:\documents and settings\jo\Application Data\BSplayer PRO
2008-12-23 18:15 . 2008-10-18 17:37 81,920 --a------ c:\win\system32\drivers\rsvp.exe
2008-12-23 16:43 . 2008-12-23 16:43 <DIR> d-------- c:\program files\GNU
2008-12-21 21:06 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\esentutl.exe
2008-12-19 19:49 . 2008-12-19 19:49 107,888 --a------ c:\win\system32\CmdLineExt.dll
2008-12-19 19:29 . 2008-12-19 19:29 <DIR> d-------- c:\program files\EA Sports
2008-12-19 19:29 . 2007-10-12 14:14 3,734,536 --a------ c:\win\system32\d3dx9_36.dll
2008-12-19 19:29 . 2007-07-19 17:14 3,727,720 --a------ c:\win\system32\d3dx9_35.dll
2008-12-19 19:29 . 2007-10-12 14:14 1,374,232 --a------ c:\win\system32\D3DCompiler_36.dll
2008-12-19 19:29 . 2007-07-19 17:14 1,358,192 --a------ c:\win\system32\D3DCompiler_35.dll
2008-12-19 19:29 . 2007-10-02 08:56 444,776 --a------ c:\win\system32\d3dx10_36.dll
2008-12-19 19:29 . 2007-07-19 17:14 444,776 --a------ c:\win\system32\d3dx10_35.dll
2008-12-19 19:29 . 2007-10-22 02:39 267,272 --a------ c:\win\system32\xactengine2_10.dll
2008-12-19 19:29 . 2007-07-19 23:57 267,112 --a------ c:\win\system32\xactengine2_9.dll
2008-12-15 07:27 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\spoolsv.exe
2008-12-14 13:29 . 2008-12-14 13:29 <DIR> d-------- c:\program files\Relja
2008-12-13 19:32 . 2008-12-28 12:22 <DIR> d-------- c:\documents and settings\Administrator
2008-12-10 06:01 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\sessmgr.exe
2008-12-10 05:56 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\cmstp.exe
2008-12-09 22:29 . 2008-12-09 22:29 118 --a------ c:\win\system32\MRT.INI
2008-12-09 22:10 . 2008-12-18 17:05 <DIR> d--h----- c:\win\$hf_mig$
2008-12-04 19:11 . 2008-12-04 19:11 <DIR> d--h----- c:\win\system32\GroupPolicy
2008-12-03 21:38 . 2008-10-18 17:37 81,920 --a------ c:\win\system32\drivers\mstsc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 14:28 --------- d-----w c:\program files\eMule
2008-12-14 15:44 --------- d-----w c:\program files\KD
2008-12-05 21:47 --------- d-----w c:\documents and settings\jo\Application Data\GRETECH
2008-12-01 16:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 16:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-25 16:23 --------- d-----w c:\program files\IMSI
2008-11-23 12:12 --------- d-----w c:\documents and settings\jo\Application Data\eTeks
2008-11-20 17:43 --------- d-----w c:\program files\GRETECH
2008-11-20 17:43 --------- d-----w c:\program files\CoreAAC
2008-11-20 17:33 --------- d-----w c:\documents and settings\All Users.WIN\Application Data\GRETECH
2008-11-17 19:27 --------- d-----w c:\program files\RadarSyncBar2
2008-11-09 16:17 --------- d-----w c:\documents and settings\gogo\Application Data\AdobeUM
2008-10-28 19:44 --------- d-----w c:\documents and settings\jo\Application Data\BitTorrent
2008-10-28 19:35 --------- d-----w c:\documents and settings\All Users.WIN\Application Data\WLInstaller
2008-10-23 12:36 286,720 ----a-w c:\win\system32\gdi32.dll
2008-10-18 16:37 81,920 ----a-w c:\win\cisvc.exe
2008-10-18 16:37 81,920 ----a-w c:\documents and settings\jo\Application Data\mstsc.exe
2008-10-18 16:37 81,920 ----a-w c:\documents and settings\jo\Application Data\cisvc.exe
2008-10-16 20:38 826,368 ----a-w c:\win\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\win\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\win\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\win\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\win\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\win\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\win\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\win\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\win\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\win\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\win\system32\muweb.dll
2008-10-05 11:14 81,920 ----a-w c:\documents and settings\jo\Application Data\ezpinst.exe
2008-10-05 11:14 47,360 ----a-w c:\documents and settings\jo\Application Data\pcouffin.sys
2008-10-05 11:08 499,712 ----a-w c:\win\system32\msvcp71.dll
2008-10-05 11:08 348,160 ----a-w c:\win\system32\msvcr71.dll
2008-10-03 10:02 247,326 ----a-w c:\win\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\win\system32\msxml4.dll
2008-01-20 12:15 22,328 ----a-w c:\documents and settings\Goran\Application Data\PnkBstrK.sys
2007-10-31 21:10 2,293,712 ----a-w c:\program files\FLV PlayerFCSetup.exe
2007-10-31 21:09 3,655,488 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2007-10-31 21:08 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2007-09-10 17:41 81,920 ----a-w c:\documents and settings\Goran\Application Data\ezpinst.exe
2007-09-10 17:41 47,360 ----a-w c:\documents and settings\Goran\Application Data\pcouffin.sys
2007-04-19 16:15 75,576 ----a-w c:\documents and settings\Goran\Application Data\GDIPFONTCACHEV1.DAT
2006-07-28 08:30 88,102 ----a-w c:\program files\Aug2006_xinput_x64.cab
2006-07-28 08:30 47,018 ----a-w c:\program files\Aug2006_xinput_x86.cab
2006-07-28 08:30 41,995 ----a-w c:\program files\dxdllreg_x86.cab
2006-07-28 08:30 183,863 ----a-w c:\program files\Aug2006_XACT_x64.cab
2006-07-28 08:30 138,195 ----a-w c:\program files\Aug2006_XACT_x86.cab
2006-07-28 07:32 82,338 ----a-w c:\program files\dxupdate.cab
2006-07-28 07:32 2,248,984 ----a-w c:\program files\dsetup32.dll
2006-07-28 07:31 484,632 ----a-w c:\program files\DXSETUP.exe
2006-07-28 07:30 74,520 ----a-w c:\program files\DSETUP.dll
2006-05-31 05:39 181,745 ----a-w c:\program files\JUN2006_XACT_x64.cab
2006-05-31 05:39 134,631 ----a-w c:\program files\JUN2006_XACT_x86.cab
2006-03-31 11:56 917,318 ----a-w c:\program files\Apr2006_MDX1_x86.cab
2006-03-31 11:56 87,989 ----a-w c:\program files\Apr2006_xinput_x64.cab
2006-03-31 11:56 46,898 ----a-w c:\program files\Apr2006_xinput_x86.cab
2006-03-31 11:56 4,163,518 ----a-w c:\program files\Apr2006_MDX1_x86_Archive.cab
2006-03-31 11:56 180,021 ----a-w c:\program files\Apr2006_XACT_x64.cab
2006-03-31 11:56 133,991 ----a-w c:\program files\Apr2006_XACT_x86.cab
2006-03-31 11:56 1,398,718 ----a-w c:\program files\Apr2006_d3dx9_30_x64.cab
2006-03-31 11:56 1,116,109 ----a-w c:\program files\Apr2006_d3dx9_30_x86.cab
2006-02-03 08:00 179,247 ----a-w c:\program files\Feb2006_XACT_x64.cab
2006-02-03 08:00 133,297 ----a-w c:\program files\Feb2006_XACT_x86.cab
2006-02-03 08:00 1,363,684 ----a-w c:\program files\Feb2006_d3dx9_29_x64.cab
2006-02-03 08:00 1,085,608 ----a-w c:\program files\Feb2006_d3dx9_29_x86.cab
2005-12-05 17:31 86,925 ----a-w c:\program files\Oct2005_xinput_x64.cab
2005-12-05 17:31 46,247 ----a-w c:\program files\Oct2005_xinput_x86.cab
2005-12-05 17:31 1,358,864 ----a-w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-05 17:31 1,080,344 ----a-w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-07-22 18:14 1,351,430 ----a-w c:\program files\Aug2005_d3dx9_27_x64.cab
2005-07-22 18:14 1,078,532 ----a-w c:\program files\Aug2005_d3dx9_27_x86.cab
2005-05-26 13:49 1,336,890 ----a-w c:\program files\Jun2005_d3dx9_26_x64.cab
2005-05-26 13:49 1,065,813 ----a-w c:\program files\Jun2005_d3dx9_26_x86.cab
2005-03-18 16:40 1,348,242 ----a-w c:\program files\Apr2005_d3dx9_25_x64.cab
2005-03-18 16:40 1,079,850 ----a-w c:\program files\Apr2005_d3dx9_25_x86.cab
2005-02-05 19:03 1,248,387 ----a-w c:\program files\Feb2005_d3dx9_24_x64.cab
2005-02-05 19:03 1,014,113 ----a-w c:\program files\Feb2005_d3dx9_24_x86.cab
2004-09-27 10:29 976,020 ----a-w c:\program files\BDAXP.cab
2004-09-27 10:29 703,080 ----a-w c:\program files\BDA.cab
2004-09-27 10:29 15,493,481 ----a-w c:\program files\DirectX.cab
2004-09-27 10:29 13,265,040 ----a-w c:\program files\dxnt.cab
2004-09-27 10:29 1,156,363 ----a-w c:\program files\BDANT.cab
2004-05-30 17:09 1,568 ----a-w c:\documents and settings\Goran\Application Data\mpauth.dat
2003-08-17 19:07 10,457 ----a-w c:\program files\readme.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2008-11-17 1784856]

[HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
2008-11-17 20:27 1784856 --a------ c:\program files\RadarSyncBar2\tbRad1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2008-11-17 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3D708B11-B57C-4ABA-98F2-141DCF6C6FF8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2008-11-17 1784856]

[HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\win\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-16 68856]
"MAXadsl - Provjera prometa"="c:\program files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe" [2008-03-15 726016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]
"ATIPTA"="c:\win\atiptaxx.exe" [2003-06-05 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\win\system32\NeroCheck.exe" [2001-07-09 155648]
"VGAUtil"="c:\win\system32\G-VGA.exe" [2003-01-06 540672]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-05 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\win\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="c:\win\System32\drivers\logman.exe" [2008-10-18 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"="c:\docume~1\jo\APPLIC~1\MICROS~1\esentutl.exe" [2008-10-18 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Cisvc"="c:\win\cisvc.exe" [2008-10-18 81920]

c:\documents and settings\gogo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\docume~1\jo\LOCALS~1\Temp\sessmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WIN\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WIN\\system32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WIN\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA Sports\\UEFA EURO 2008\\EURO08.exe"=

R1 eusk2par;EUTRON SmartKey Parallel Driver;\??\c:\win\system32\Drivers\eusk2par.sys [2008-10-31 24786]
S1 Asapi;Asapi;c:\win\system32\drivers\Asapi.sys [2008-09-24 11264]
S3 eusk3usb;SmartKey 3 USB;c:\win\system32\Drivers\eusk3usb.sys [2008-11-03 45534]
S3 GemCCID;GemCCID;c:\win\system32\Drivers\GemCCID.sys [2008-04-04 87424]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\win\system32\drivers\nmwcdnsu.sys [2008-09-16 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\win\system32\drivers\nmwcdnsuc.sys [2008-09-16 8320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50f3a235-67c6-11dd-a720-806d6172696f}]
\Shell\AutoRun\command - e:\bin\Assetup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: {58888CAB-936C-42EA-B676-5F607B22B514} = 192.168.1.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 12:29:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\win\system32\Ati2evxx.dll
.
Completion time: 2008-12-28 12:30:05
ComboFix-quarantined-files.txt 2008-12-28 11:29:57

Pre-Run: 1.040.879.616 bytes free
Post-Run: 1,218,252,800 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=signature(3c373c36)disk(0)rdisk(0)partition(1)\WIN
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
signature(3c373c36)disk(0)rdisk(0)partition(1)\WIN="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin /safeboot:network

277 --- E O F --- 2008-12-18 16:05:33
 
Odgovor na temu

Stefan 93

Član broj: 178220
Poruke: 364
*.dynamic.sbb.rs.



Profil

icon Re: Firewall i AVG 8.028.12.2008. u 12:29 - pre 186 meseci
Bez potrebe paničite, komp mu je skroz u redu, imao sam isti problem. To se dešava kad uzme verziju koja nije besplatna i ubaci lošu licencu. Posle restarta računara vide da je to loša licenca i počinju da gase razne stvari da bi morao da ga uninstaliraš.
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Firewall i AVG 8.028.12.2008. u 13:49 - pre 186 meseci
Otvori Notepad (Start/Run >> kucaj notepad /OK)
i kopiraj tekst (copy/paste) koji se nalazi ispod:

Code:
File::
c:\program files\RadarSyncBar2\tbRad1.dll
c:\docume~1\jo\APPLIC~1\MICROS~1\esentutl.exe
c:\win\System32\drivers\logman.exe

Registry::
[-HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"=-
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"=-


Sacuvaj to kao CFScript i prebaci na Desktop



Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix automacki ,mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt)
Posalji ComboFix log kao i svez HijackThis log
 
Odgovor na temu

beza

Član broj: 87049
Poruke: 41
*.adsl.net.t-com.hr.



Profil

icon Re: Firewall i AVG 8.028.12.2008. u 14:31 - pre 186 meseci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:01, on 28.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WIN\System32\smss.exe
C:\WIN\system32\winlogon.exe
C:\WIN\system32\services.exe
C:\WIN\system32\lsass.exe
C:\WIN\system32\Ati2evxx.exe
C:\WIN\system32\svchost.exe
C:\WIN\System32\svchost.exe
C:\WIN\system32\spoolsv.exe
C:\WIN\system32\Ati2evxx.exe
C:\WIN\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WIN\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WIN\system32\G-VGA.exe
C:\DOCUME~1\jo\APPLIC~1\MICROS~1\comrepl.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WIN\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WIN\system32\wuauclt.exe
C:\Documents and Settings\jo\Desktop\GT3\GT3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
F3 - REG:win.ini: load=C:\DOCUME~1\jo\APPLIC~1\MICROS~1\comrepl.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\WIN\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WIN\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WIN\system32\G-VGA.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MAXadsl - Provjera prometa] C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\WIN\System32\drivers\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\jo\APPLIC~1\MICROS~1\esentutl.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\WIN\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\WIN\cisvc.exe /waitservice (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WIN\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1218489719000
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{58888CAB-936C-42EA-B676-5F607B22B514}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WIN\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WIN\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7461 bytes
 
Odgovor na temu

beza

Član broj: 87049
Poruke: 41
*.adsl.net.t-com.hr.



Profil

icon Re: Firewall i AVG 8.028.12.2008. u 14:32 - pre 186 meseci
ComboFix 08-12-26.03 - jo 2008-12-28 15:12:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.249 [GMT 1:00]
Running from: c:\documents and settings\jo\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-28 12:44 . 2008-12-28 12:44 90,632 --a------ c:\win\system32\drivers\avgtdix.sys
2008-12-28 12:44 . 2008-12-28 12:44 12,936 --a------ c:\win\system32\drivers\avgrkx86.sys
2008-12-28 12:44 . 2008-12-28 12:44 10,520 --a------ c:\win\system32\avgrsstx.dll
2008-12-28 12:43 . 2008-12-28 12:46 <DIR> d-------- c:\win\system32\drivers\Avg
2008-12-28 12:43 . 2008-12-28 12:46 <DIR> d-------- c:\documents and settings\jo\Application Data\AVGTOOLBAR
2008-12-28 12:43 . 2008-12-28 12:43 98,440 --a------ c:\win\system32\drivers\avgldx86.sys
2008-12-28 12:22 . 2008-12-28 15:08 <DIR> d-------- c:\documents and settings\All Users.WIN\Application Data\Avg8
2008-12-25 11:22 . 2008-12-25 20:14 <DIR> d-------- c:\documents and settings\jo\Application Data\BSplayer PRO
2008-12-23 18:15 . 2008-10-18 17:37 81,920 --a------ c:\win\system32\drivers\rsvp.exe
2008-12-23 16:43 . 2008-12-23 16:43 <DIR> d-------- c:\program files\GNU
2008-12-21 21:06 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\esentutl.exe
2008-12-19 19:49 . 2008-12-19 19:49 107,888 --a------ c:\win\system32\CmdLineExt.dll
2008-12-19 19:29 . 2008-12-19 19:29 <DIR> d-------- c:\program files\EA Sports
2008-12-19 19:29 . 2007-10-12 14:14 3,734,536 --a------ c:\win\system32\d3dx9_36.dll
2008-12-19 19:29 . 2007-07-19 17:14 3,727,720 --a------ c:\win\system32\d3dx9_35.dll
2008-12-19 19:29 . 2007-10-12 14:14 1,374,232 --a------ c:\win\system32\D3DCompiler_36.dll
2008-12-19 19:29 . 2007-07-19 17:14 1,358,192 --a------ c:\win\system32\D3DCompiler_35.dll
2008-12-19 19:29 . 2007-10-02 08:56 444,776 --a------ c:\win\system32\d3dx10_36.dll
2008-12-19 19:29 . 2007-07-19 17:14 444,776 --a------ c:\win\system32\d3dx10_35.dll
2008-12-19 19:29 . 2007-10-22 02:39 267,272 --a------ c:\win\system32\xactengine2_10.dll
2008-12-19 19:29 . 2007-07-19 23:57 267,112 --a------ c:\win\system32\xactengine2_9.dll
2008-12-15 07:27 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\spoolsv.exe
2008-12-14 13:29 . 2008-12-14 13:29 <DIR> d-------- c:\program files\Relja
2008-12-13 19:32 . 2008-12-28 12:44 <DIR> d-------- c:\documents and settings\Administrator
2008-12-10 06:01 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\sessmgr.exe
2008-12-10 05:56 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\cmstp.exe
2008-12-09 22:29 . 2008-12-09 22:29 118 --a------ c:\win\system32\MRT.INI
2008-12-09 22:10 . 2008-12-18 17:05 <DIR> d--h----- c:\win\$hf_mig$
2008-12-04 19:11 . 2008-12-04 19:11 <DIR> d--h----- c:\win\system32\GroupPolicy
2008-12-03 21:38 . 2008-10-18 17:37 81,920 --a------ c:\win\system32\drivers\mstsc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 14:28 --------- d-----w c:\program files\eMule
2008-12-14 15:44 --------- d-----w c:\program files\KD
2008-12-05 21:47 --------- d-----w c:\documents and settings\jo\Application Data\GRETECH
2008-12-01 16:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 16:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-25 16:23 --------- d-----w c:\program files\IMSI
2008-11-23 12:12 --------- d-----w c:\documents and settings\jo\Application Data\eTeks
2008-11-20 17:43 --------- d-----w c:\program files\GRETECH
2008-11-20 17:43 --------- d-----w c:\program files\CoreAAC
2008-11-20 17:33 --------- d-----w c:\documents and settings\All Users.WIN\Application Data\GRETECH
2008-11-17 19:27 --------- d-----w c:\program files\RadarSyncBar2
2008-11-09 16:17 --------- d-----w c:\documents and settings\gogo\Application Data\AdobeUM
2008-10-28 19:44 --------- d-----w c:\documents and settings\jo\Application Data\BitTorrent
2008-10-28 19:35 --------- d-----w c:\documents and settings\All Users.WIN\Application Data\WLInstaller
2008-10-23 12:36 286,720 ----a-w c:\win\system32\gdi32.dll
2008-10-18 16:37 81,920 ----a-w c:\win\cisvc.exe
2008-10-18 16:37 81,920 ----a-w c:\documents and settings\jo\Application Data\mstsc.exe
2008-10-18 16:37 81,920 ----a-w c:\documents and settings\jo\Application Data\cisvc.exe
2008-10-16 20:38 826,368 ----a-w c:\win\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\win\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\win\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\win\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\win\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\win\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\win\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\win\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\win\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\win\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\win\system32\muweb.dll
2008-10-05 11:14 81,920 ----a-w c:\documents and settings\jo\Application Data\ezpinst.exe
2008-10-05 11:14 47,360 ----a-w c:\documents and settings\jo\Application Data\pcouffin.sys
2008-10-05 11:08 499,712 ----a-w c:\win\system32\msvcp71.dll
2008-10-05 11:08 348,160 ----a-w c:\win\system32\msvcr71.dll
2008-10-03 10:02 247,326 ----a-w c:\win\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\win\system32\msxml4.dll
2008-01-20 12:15 22,328 ----a-w c:\documents and settings\Goran\Application Data\PnkBstrK.sys
2007-10-31 21:10 2,293,712 ----a-w c:\program files\FLV PlayerFCSetup.exe
2007-10-31 21:09 3,655,488 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2007-10-31 21:08 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2007-09-10 17:41 81,920 ----a-w c:\documents and settings\Goran\Application Data\ezpinst.exe
2007-09-10 17:41 47,360 ----a-w c:\documents and settings\Goran\Application Data\pcouffin.sys
2007-04-19 16:15 75,576 ----a-w c:\documents and settings\Goran\Application Data\GDIPFONTCACHEV1.DAT
2006-07-28 08:30 88,102 ----a-w c:\program files\Aug2006_xinput_x64.cab
2006-07-28 08:30 47,018 ----a-w c:\program files\Aug2006_xinput_x86.cab
2006-07-28 08:30 41,995 ----a-w c:\program files\dxdllreg_x86.cab
2006-07-28 08:30 183,863 ----a-w c:\program files\Aug2006_XACT_x64.cab
2006-07-28 08:30 138,195 ----a-w c:\program files\Aug2006_XACT_x86.cab
2006-07-28 07:32 82,338 ----a-w c:\program files\dxupdate.cab
2006-07-28 07:32 2,248,984 ----a-w c:\program files\dsetup32.dll
2006-07-28 07:31 484,632 ----a-w c:\program files\DXSETUP.exe
2006-07-28 07:30 74,520 ----a-w c:\program files\DSETUP.dll
2006-05-31 05:39 181,745 ----a-w c:\program files\JUN2006_XACT_x64.cab
2006-05-31 05:39 134,631 ----a-w c:\program files\JUN2006_XACT_x86.cab
2006-03-31 11:56 917,318 ----a-w c:\program files\Apr2006_MDX1_x86.cab
2006-03-31 11:56 87,989 ----a-w c:\program files\Apr2006_xinput_x64.cab
2006-03-31 11:56 46,898 ----a-w c:\program files\Apr2006_xinput_x86.cab
2006-03-31 11:56 4,163,518 ----a-w c:\program files\Apr2006_MDX1_x86_Archive.cab
2006-03-31 11:56 180,021 ----a-w c:\program files\Apr2006_XACT_x64.cab
2006-03-31 11:56 133,991 ----a-w c:\program files\Apr2006_XACT_x86.cab
2006-03-31 11:56 1,398,718 ----a-w c:\program files\Apr2006_d3dx9_30_x64.cab
2006-03-31 11:56 1,116,109 ----a-w c:\program files\Apr2006_d3dx9_30_x86.cab
2006-02-03 08:00 179,247 ----a-w c:\program files\Feb2006_XACT_x64.cab
2006-02-03 08:00 133,297 ----a-w c:\program files\Feb2006_XACT_x86.cab
2006-02-03 08:00 1,363,684 ----a-w c:\program files\Feb2006_d3dx9_29_x64.cab
2006-02-03 08:00 1,085,608 ----a-w c:\program files\Feb2006_d3dx9_29_x86.cab
2005-12-05 17:31 86,925 ----a-w c:\program files\Oct2005_xinput_x64.cab
2005-12-05 17:31 46,247 ----a-w c:\program files\Oct2005_xinput_x86.cab
2005-12-05 17:31 1,358,864 ----a-w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-05 17:31 1,080,344 ----a-w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-07-22 18:14 1,351,430 ----a-w c:\program files\Aug2005_d3dx9_27_x64.cab
2005-07-22 18:14 1,078,532 ----a-w c:\program files\Aug2005_d3dx9_27_x86.cab
2005-05-26 13:49 1,336,890 ----a-w c:\program files\Jun2005_d3dx9_26_x64.cab
2005-05-26 13:49 1,065,813 ----a-w c:\program files\Jun2005_d3dx9_26_x86.cab
2005-03-18 16:40 1,348,242 ----a-w c:\program files\Apr2005_d3dx9_25_x64.cab
2005-03-18 16:40 1,079,850 ----a-w c:\program files\Apr2005_d3dx9_25_x86.cab
2005-02-05 19:03 1,248,387 ----a-w c:\program files\Feb2005_d3dx9_24_x64.cab
2005-02-05 19:03 1,014,113 ----a-w c:\program files\Feb2005_d3dx9_24_x86.cab
2004-09-27 10:29 976,020 ----a-w c:\program files\BDAXP.cab
2004-09-27 10:29 703,080 ----a-w c:\program files\BDA.cab
2004-09-27 10:29 15,493,481 ----a-w c:\program files\DirectX.cab
2004-09-27 10:29 13,265,040 ----a-w c:\program files\dxnt.cab
2004-09-27 10:29 1,156,363 ----a-w c:\program files\BDANT.cab
2004-05-30 17:09 1,568 ----a-w c:\documents and settings\Goran\Application Data\mpauth.dat
2003-08-17 19:07 10,457 ----a-w c:\program files\readme.txt
.

((((((((((((((((((((((((((((( snapshot@2008-12-28_12.29.32,70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-28 11:43:53 26,824 ----a-w c:\win\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2008-11-17 1784856]

[HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
2008-11-17 20:27 1784856 --a------ c:\program files\RadarSyncBar2\tbRad1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2008-11-17 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3D708B11-B57C-4ABA-98F2-141DCF6C6FF8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2008-11-17 1784856]

[HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\win\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-16 68856]
"MAXadsl - Provjera prometa"="c:\program files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe" [2008-03-15 726016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]
"ATIPTA"="c:\win\atiptaxx.exe" [2003-06-05 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\win\system32\NeroCheck.exe" [2001-07-09 155648]
"VGAUtil"="c:\win\system32\G-VGA.exe" [2003-01-06 540672]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-05 185872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-28 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\win\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="c:\win\System32\drivers\logman.exe" [2008-10-18 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"="c:\docume~1\jo\APPLIC~1\MICROS~1\esentutl.exe" [2008-10-18 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Cisvc"="c:\win\cisvc.exe" [2008-10-18 81920]

c:\documents and settings\gogo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\docume~1\jo\LOCALS~1\APPLIC~1\dllhst3g.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WIN\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WIN\\system32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WIN\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA Sports\\UEFA EURO 2008\\EURO08.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\win\system32\Drivers\avgrkx86.sys [2008-12-28 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\win\system32\Drivers\avgldx86.sys [2008-12-28 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\win\system32\Drivers\avgtdix.sys [2008-12-28 90632]
R1 eusk2par;EUTRON SmartKey Parallel Driver;\??\c:\win\system32\Drivers\eusk2par.sys [2008-10-31 24786]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-28 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-28 231704]
S1 Asapi;Asapi;c:\win\system32\drivers\Asapi.sys [2008-09-24 11264]
S3 eusk3usb;SmartKey 3 USB;c:\win\system32\Drivers\eusk3usb.sys [2008-11-03 45534]
S3 GemCCID;GemCCID;c:\win\system32\Drivers\GemCCID.sys [2008-04-04 87424]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\win\system32\drivers\nmwcdnsu.sys [2008-09-16 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\win\system32\drivers\nmwcdnsuc.sys [2008-09-16 8320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50f3a235-67c6-11dd-a720-806d6172696f}]
\Shell\AutoRun\command - e:\bin\Assetup.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: {58888CAB-936C-42EA-B676-5F607B22B514} = 192.168.1.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 15:15:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\win\system32\Ati2evxx.dll
.
Completion time: 2008-12-28 15:17:48
ComboFix-quarantined-files.txt 2008-12-28 14:17:45
ComboFix2.txt 2008-12-28 11:30:06

Pre-Run: 1,073,983,488 bytes free
Post-Run: 1,062,150,144 bytes free

234 --- E O F --- 2008-12-18 16:05:33
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Firewall i AVG 8.028.12.2008. u 14:54 - pre 186 meseci
Klikni Start\ run\ kucaj Combofix /u
Sacekaj da se deinstalacija zavrsi.

Skini http://www.malwarebytes.org/mbam.php
Startuj program i dozvoli mu update na pocetku
Neka ostane na Quick Scan, klikni na Scan
Kad zavrsi klikni na Show Results pa remove.
Postavi log koji izbaci.
 
Odgovor na temu

beza

Član broj: 87049
Poruke: 41
*.adsl.net.t-com.hr.



Profil

icon Re: Firewall i AVG 8.028.12.2008. u 18:55 - pre 186 meseci
Malwarebytes' Anti-Malware 1.31
Verzija baze podataka: 1562
Windows 5.1.2600 Service Pack 3

28.12.2008 19:56:14
mbam-log-2008-12-28 (19-56-14).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 70111
Proteklo vreme: 3 minute(s), 11 second(s)

Inficirani procesi u memoriji: 1
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 2
Inficirane vrednosti u registru: 2
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 5

Inficirani procesi u memoriji:
C:\WIN\system32\drivers\logman.exe (Trojan.Agent) -> Unloaded process successfully.

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Inficirane vrednosti u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> Quarantined and deleted successfully.

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
C:\WIN\system32\drivers\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WIN\system32\drivers\logman.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jo\Application Data\Microsoft\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jo\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\jo\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
 
Odgovor na temu

kelicmilos
Dragan kelic
armamont
Sombor

Član broj: 177807
Poruke: 52
*.dynamic.sbb.rs.



Profil

icon Re: Firewall i AVG 8.029.12.2008. u 05:25 - pre 186 meseci
Slazem se sa Stefan93 u potpunosti.Takodje sam imao istih problema,skroz istih.Jednostavno ga skini sa kompa i toje to,stavi nesto drugo!
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.yu.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Firewall i AVG 8.029.12.2008. u 09:46 - pre 186 meseci
Ok mbam je pocistio, nesto ti nisi uradio kako treba sa cfscriptom zato sam ti dao mbam, e sad kazi kakva je situacija, a nebi bilo lose da postavis novi HJT log.
 
Odgovor na temu

beza

Član broj: 87049
Poruke: 41
*.adsl.net.t-com.hr.



Profil

icon Re: Firewall i AVG 8.029.12.2008. u 12:06 - pre 186 meseci
Opet ista stvar. Deinstalirao sam AVG 8.0. Sada radi sve OK.
Ali kada sam deinstalirao AVG 8.0 opet firewall nije uključivao prilikom start compa.
Zato sam u system configuration utility , u service isključio firewall, restart, pa opet uključio firewall,restart i tek onda se normalno uključuje prilikom start
windowsa.(naravno bez AVG 8.0)
 
Odgovor na temu

beza

Član broj: 87049
Poruke: 41
*.adsl.net.t-com.hr.



Profil

icon Re: Firewall i AVG 8.029.12.2008. u 12:08 - pre 186 meseci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:31, on 29.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WIN\System32\smss.exe
C:\WIN\system32\winlogon.exe
C:\WIN\system32\services.exe
C:\WIN\system32\lsass.exe
C:\WIN\system32\Ati2evxx.exe
C:\WIN\system32\svchost.exe
C:\WIN\System32\svchost.exe
C:\WIN\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WIN\system32\Ati2evxx.exe
C:\WIN\Explorer.EXE
C:\WIN\system32\wscntfy.exe
C:\WIN\System\logman.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WIN\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WIN\system32\G-VGA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WIN\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
C:\Documents and Settings\jo\Desktop\GT3\GT3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
F3 - REG:win.ini: load=C:\DOCUME~1\jo\APPLIC~1\MICROS~1\comrepl.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: RadarSyncBar2 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\WIN\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WIN\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WIN\system32\G-VGA.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MAXadsl - Provjera prometa] C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\WIN\System\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\jo\APPLIC~1\MICROS~1\esentutl.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\WIN\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\WIN\cisvc.exe /waitservice (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1218489719000
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{58888CAB-936C-42EA-B676-5F607B22B514}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WIN\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WIN\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6288 bytes
 
Odgovor na temu

Stefan 93

Član broj: 178220
Poruke: 364
*.dynamic.sbb.rs.



Profil

icon Re: Firewall i AVG 8.029.12.2008. u 12:09 - pre 186 meseci
Džabe gubite vreme!!! Samo se patite. Ovo je potpuno normalna stvar, ove zaraze ili AVG ne može da nađe ili ih je sad navatao kad se kreće bez zaštite. Skroz je bio u redu komp! Garantujem ti. Sad će svi da ti daju razne programe da skeniraš i da ti pobrišu normalne unose preko Combo Fix-a, i na kraju nećeš dobiti ništa jer ničega nije ni bilo!!!
P.S. Za HijackThis logove koristi one sajtove sa TOP teme! Skroz su tačni! Što niko ne čita TOP teme?!
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.yu.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Firewall i AVG 8.029.12.2008. u 12:50 - pre 186 meseci
Stefane nije navatao trojance sada evo ti trojanca iz prvog HJT loga. I nebitno je zbog cega je problem u ovom trenutku kad decko ima zarazen komp. Mozda nije do toga ali pokusavamo da ocistimo racunar.

Code:
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\WIN\System32\drivers\logman.exe /waitservice


Neverovatno je da se ponovo navraca, moguce da je zbog Java programa. Deinstaliraj Javu na sledeci nacin"

Skinuti program JavaRa Ovde
- Kliknuti na Remove older versions
- Kada to zavrsi i izbaci log fajl, onda kliknuti na Search for updates onda odabrati donju opciju pa kliknuti na Search
- To ce te odvesti na sajt sa koga treba skinuti i instalirati zadnju verziju Jave
[/quote]

Posle toga pusti ponovo Malwarebytes i postavi mi log da vidim sta je obrisao.
 
Odgovor na temu

[es] :: Zaštita :: Firewall i AVG 8.0

Strane: 1 2

[ Pregleda: 5886 | Odgovora: 24 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.