AVG Resident Shield Alert seznam skoz daljši
Pozdravljeni,
ker sem dobil info, da je tukaj kar nekaj računalniških strokovnjakov,
pišem kratek s.o.s, ker zdaj enostavno ne vem več naprej.
Čudež, da sem sploh prišel nazaj v Windowse,
kajti stvar ki sem jo staknil mi je še celo preprečila varni zagon že pri driverjih
in se resetira.
Ko mi AVGjev resident shield alert sporoča Threat v System32\gasfkeyqpinfmd.dll
in probram označit grožnje za odstranit, mi komp zmrzne.
Isto se zgodi ko zaženem Malwarebytes ali AVG. Scan se začne, a ne pride do konca.
Kaj sploh lahko naredim, da ne bo treba celega sistema na novo naložit?
Verjamem da so moje informacije zelo površne, a pač nisem strokovnjak
in upam da ne bom izpadel idiot.
Za vsako info bom zelo zelo hvaležen!!!
p.s.:tukaj za vsak slučaj še hi-jack log. Če se komu da pomagat,
prosim, prosim, prosim !!!
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Laboratory\Applications\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Laboratory\Applications\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Laboratory\Applications\AVG8\avgcsrvx.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 – Hosts: ::1 localhost
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Laboratory\Applications\AVG8\avgssie.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 – BHO: Adobe PDF Conversion Toolbar Helper – {AE7CD045-E861-484f-8273-0445EE161910} – C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 – BHO: Google Dictionary Compression sdch – {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} – C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 – Toolbar: Adobe PDF – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 – HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 – HKLM\..\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 – HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 – HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 – HKLM\..\Run: [Skytel] Skytel.exe
O4 – HKLM\..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 – HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 – HKLM\..\Run: [AVG8_TRAY] C:\LABORA~1\APPLIC~1\AVG8\avgtray.exe
O4 – HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe”
O4 – HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 – HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 – HKLM\..\Run: [Memeo AutoBackup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe –silent
O4 – HKLM\..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe –silent
O4 – HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 – HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe”
O4 – HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 – HKCU\..\Run: [DAEMON Tools Pro Agent] “C:\Laboratory\Applications\DAEMON Tools Pro\DTProAgent.exe”
O4 – HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 – HKCU\..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 – HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 – Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 – Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 – Extra context menu item: Append to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert link target to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert link target to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert selected links to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 – Extra context menu item: Convert selected links to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 – Extra context menu item: Convert selection to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert selection to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: I&zvozi v Microsoft Excel – res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 – Gopher Prefix:
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Laboratory\Applications\AVG8\avgpp.dll
O20 – AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 – Service: AVG8 E-mail Scanner (avg8emc) – AVG Technologies CZ, s.r.o. – C:\LABORA~1\APPLIC~1\AVG8\avgemc.exe
O23 – Service: AVG8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\LABORA~1\APPLIC~1\AVG8\avgwdsvc.exe
O23 – Service: AVG8 Firewall (avgfws8) – AVG Technologies CZ, s.r.o. – C:\LABORA~1\APPLIC~1\AVG8\avgfws8.exe
O23 – Service: Firebird Server – MAGIX Instance (FirebirdServerMAGIXInstance) – MAGIX® – C:\Program Files\Foto Storitve Hofer\Common\Database\bin\fbserver.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: GoogleDesktopManager – Google – C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 – Service: GoogleDesktopManager – Google – C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: MemeoBackgroundService – Memeo – C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 – Service: Nero BackItUp Scheduler 3 – Nero AG – C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 – Service: Cyberlink RichVideo Service(CRVS) (RichVideo) – Unknown owner – C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 – Service: X10 Device Network Service (x10nets) – X10 – C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Na tem hijack logu ni videti kakšnih hudih problemov, sicer pa Running processes prilepi sem http://www.hijackthis.de/en in klikni analyze in tam kjer so vprašaji odstrani proces na fix checked.
Drugače pa, moje sožalje.
Živjo Martin,
hvala za ves trud in pregled log-a.
Še ta novička, da je bil virus zares prefinjen (hidden tracker).
Dejansko se je včeraj postopoma vse sesulo, tako da ni bilo druge,
kot pa windowse na novo naložiti.
Ravno ko je uspelo AVG-ju le priti skoz scan,
(našel 2 skrita driverja in jih ni hotel zbrisat)
in ko sem se spravil ročno na driverje,
je kompu bilo enostavno too much in fertig.
A ja, še to. Po nekaj urah truda da bi kaj popravil, hočem
naložit windowse, mi je pa še dvd-drive šel v maloro, hehe.
Dobro, zdaj se smejim, ni bilo luštno in bom v bodoče sigurno
bolj pozoren pri klikanju 🙂
Hvala še 1x in uživaj
lp sven
Forum je zaprt za komentiranje.