|
|
#1
21 Gennaio 2008, 20:16
| |||
| |||
 Grave Problema Adware Ho un problema serio. Ive ha ottenuto un qualche tipo di adware sul mio computer. Quando Im surf, o hanno appena aperto il mio browser, verrà visualizzato un popup ogni 2-3 minuti. Ive provato utilizzando AVG Anti-Virus, AVG Anti-Spyware, CounterSpy, e Bazooka Scanner. Hanno trovato tonnellate di tutte le cose, io mi sono liberata di tutti i capi, i scansionate di nuovo, tutto scomparso. Fatta eccezione per un bel po 'TrackingCookies, ma che non dovrebbe contribuire al problema adware. Questi sono suppost di essere i migliori programmi per elaboratore. Eventuali suggerimenti per quello che ho bisogno di usare o che cosa devo fare? |
|
#2
21 Gennaio 2008, 20:34
| |||
| |||
| Grave Problema Adware Diamo un'occhiata più da vicino. Scarica e rinominare HijackThis (HJT)
__________________  |
|
#3
21 Gennaio 2008, 20:50
| |||
| |||
| Grave Problema Adware Logfile di Trend Micro HijackThis v2.0.2 Scan salvato a 10:50:07 PM, il 1/21/2008 Piattaforma: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Processi in esecuzione: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ SOUNDMAN.EXE C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ SlySoft \ CloneCD \ CloneCDTray.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ DAEMON Tools \ daemon.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ TRENDnet \ TRENDnet TEW-421PC_TEW-423PI \ WlanCU.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll (file mancanti) O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [CloneCDTray] "C: \ Program Files \ SlySoft \ CloneCD \ CloneCDTray.exe" / s O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimizzate O4 - HKLM \ .. \ Run: [LXCFCATS] rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCFtim e.dll, _RunDLLEntry @ 16 O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [DAEMON Tools] "C: \ Program Files \ DAEMON Tools \ daemon.exe"-lang 1033 O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe" tranquilla O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SERVIZIO LOCALE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user') O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C: \ Program Files \ TRENDnet \ TRENDnet TEW-421PC_TEW-423PI \ WlanCU.exe O9 - Extra pulsante: Yahoo! Servizi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O9 - Extra pulsante: ShopperReports - Confrontare i prezzi dei prodotti - (C5428486-50A0-4a02-9D20-520B59A9F9B2) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (file mancanti) O9 - Extra pulsante: ShopperReports - Confrontare i tassi di viaggio - (C5428486-50A0-4a02-9D20-520B59A9F9B3) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (file mancanti) O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab Ø16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll Ø16 - DPF: (39B0684F-D7BF-4743-B050-FDC3F48F7E3B) -- http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab Ø16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Invito) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab Ø16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab Ø16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab Ø16 - DPF: (67A5F8DC-1A4B-4D66-9F24-A704AD929EEE) (System Requirements Lab) -- http://www.systemrequirementslab.com/sysreqlab2.cab Ø16 - DPF: (9BDF4724-10AA-43D5-BD15-AEA0D2287303) (MSN Games - Texas Holdem Poker) -- http://zone.msn.com/bingame/zpagames...e.cab60231.cab Ø16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab Ø16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Ati Hotkey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown proprietario - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe -- Fine del file - 7993 bytes |
|
#4
21 Gennaio 2008, 20:59
| |||
| |||
| Grave Problema Adware Che non ha rivelato molto, abbiamo bisogno di fare un po più approfondita scansioni. A pochi vuoto voci di fissare con HJT reale veloce. Apri HijackThis e selezionare Non solo un sistema di scansione. Mettere un segno di spunta accanto alle seguenti voci: O9 - Extra pulsante: ShopperReports - Confrontare i prezzi dei prodotti - (C5428486-50A0-4a02-9D20-520B59A9F9B2) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (file mancanti) O9 - Extra pulsante: ShopperReports - Confrontare i tassi di viaggio - (C5428486-50A0-4a02-9D20-520B59A9F9B3) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (file mancanti) Chiudere tutte le finestre, ad eccezione di HijackThis e fare clic su Fix controllati. Uscita HijackThis. --------- Scaricare CCleaner
Scaricare SUPERAntiSpyware Free Edition (SAS)
Next post aggiungi SUPERAntiSpyware Accedi
__________________ |
|
#5
21 Gennaio 2008, 22:20
| |||
| |||
| Grave Problema Adware ok i got it finalmente fare, ma .... popup ancora qui, anyways heres il log: SUPERAntiSpyware Scan Entra http://www.superantispyware.com Generata 01/22/2008 alle 00:10 AM Applicazione Versione: 3/9/1008 Core Regole Database Version: 3385 Trace Regole Database Version: 1379 Tipo di scansione: Scansione completa Totale Scan Time: 00:48:33 Memoria oggetti scanditi: 556 Memoria minacce rilevate: 0 Registro di oggetti scanditi: 4213 Registro di minacce rilevate: 0 File oggetti scanditi: 39567 File minacce rilevate: 8 Adware.Tracking Cookie C: \ Documents and Settings \ Richard \ Cookies \ richard@login.revenueloop [2]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard@publishers.clickb ooth [2]. Txt C: \ Documents and Settings \ Richard \ Cookies \ @ richard doppio [1]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.pointroll [1]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard @ bluestreak [1]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard @ tribalfusion [2]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard @ atdmt [2]. Txt RootKit.TnCore / Trace C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk |
|
#6
21 Gennaio 2008, 22:23
| |||
| |||
| Grave Problema Adware La scansione avrà circa da 5 a 10 minuti. Si prega di scaricare da SUBS Combofix da uno dei link qui sotto. (Prova a tutti e tre, se necessario)IMPORTANTE - Combofix.exe VA essere salvati sul vostro Desktop.
La scansione sarà disattivare temporaneamente il tuo desktop. Se interrotto può lasciare il computer bloccato. Se ciò si verifica, si prega di riavviare per ripristinare il desktop. Next post Combofix log
__________________ |
|
#7
21 Gennaio 2008, 22:48
| |||
| |||
| Grave Problema Adware ok fatto. ma Ive ancora ha ottenuto popup :-( Heres il log: ComboFix 08-01-21.3 - Richard 2008-01-22 0:30:28.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.628 [GMT -5:00] Running da: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe * Creato un nuovo punto di ripristino AVVERTENZA-Questa macchina NON HANNO IL RECUPERO CONSOLE INSTALLED! . Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ temp \ tn3 C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk. . . . non eliminare . ((((((((((((((((((((((((( I file creati dal 2007/12/22 al 2008/01/22 ))))))))))) )))))))))))))))))))) . 2008-01-22 00:36. 2008-01-22 00:36 167.545 --------- C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk 2008-01-22 00:34. 2008-01-22 00:34 <DIR> d -------- C: \ Temp \ tn3 2008-01-22 00:29. 2000-08-31 08:00 51.200 - a ------ C: \ WINDOWS \ Nircmd.exe 2008-01-21 23:10. 2008-01-21 23:10 <DIR> d -------- C: \ Program Files \ CCleaner 2008-01-21 22:47. 2008-01-21 22:47 <DIR> d -------- C: \ Program Files \ Trend Micro 2008-01-21 22:21. 2008-01-22 00:16 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware 2008-01-21 02:10. 2008-01-21 02:10 <DIR> d -------- C: \ Program Files \ Lavasoft 2008-01-21 02:09. 2008-01-21 22:20 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008-01-20 22:04. 2008-01-20 22:04 <DIR> d -------- C: \ Program Files \ Bazooka Scanner 2008-01-20 17:41. 2007-05-30 07:10 10.872 - a ------ C: \ WINDOWS \ system32 \ drivers \ AvgAsCln.sys 2008-01-20 16:39. 2008-01-20 16:39 86.144 - a ------ C: \ WINDOWS \ system32 \ drivers \ ALCXWDMM.sys 2008-01-12 16:25. 2008-01-12 16:25 <DIR> d -------- C: \ Program Files \ Electronic Arts 2008-01-12 15:11. 2005-06-24 16:24 438.272-ra ------ C: \ WINDOWS \ system32 \ vp6vfw.dll 2008-01-12 15:11. 2004-12-10 09:06 327.680 - un ------ C: \ WINDOWS \ system32 \ vp6dec.ax 2008-01-12 15:06. 2008-01-12 15:20 <DIR> d - h ----- C: \ WINDOWS \ msdownld.tmp 2008-01-10 19:21. 2008-01-10 19:21 <DIR> d -------- C: \ Program Files \ uTorrent 2008-01-10 19:01. 2008-01-10 19:21 <DIR> d -------- C: \ Program Files \ megamaps 2008-01-08 22:43. 2008-01-10 19:30 <DIR> d -------- C: \ Program Files \ Guitar Pro 5 2008-01-06 05:19. 2008-01-06 05:19 <DIR> d -------- C: \ Program Files \ Software Power Tab 2008-01-03 22:31. 2008-01-03 22:31 <DIR> d -------- C: \ AeriaGames 2008-01-03 21:30. 2008-01-12 21:55 <DIR> d -------- C: \ UnrealTournament 2007-12-25 14:25. 2007-12-28 16:53 90 - a ------ C: \ WINDOWS \ RCAMPEG4VC.ini 2007-12-25 14:18. 2006-09-13 14:52 561.152 - un ------ C: \ WINDOWS \ system32 \ xvidcore.dll 2007-12-25 14:18. 2006-09-13 15:01 237.568 - un ------ C: \ WINDOWS \ system32 \ xvidvfw.dll 2007-12-25 14:18. 2005-12-30 15:34 2.864 - un ------ C: \ WINDOWS \ system32 \ xvid.inf 2007-12-25 14:17. 2007-12-25 14:17 <DIR> d -------- C: \ Program Files \ RCA . (((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-01-20 20:59 --------- d - h - w C: \ Program Files \ InstallShield Installation Information 2008-01-17 00:48 --------- d ----- w C: \ Program Files \ Yahoo! 2008-01-16 01:15 --------- d ----- w C: \ Program Files \ Lx_cats 2008-01-11 00:21 --------- d ----- w C: \ Program Files \ Xfire 2008-01-11 00:21 --------- d ----- w C: \ Program Files \ LimeWire 2007-12-22 10:47 --------- d ----- w C: \ Program Files \ DriftCity 2007-12-20 07:35 --------- d ----- w C: \ Program Files \ Sierra On-Line 2007-12-18 08:02 --------- d ----- w C: \ Program Files \ NHN Stati Uniti d'America 2007-12-17 21:17 --------- d ----- w C: \ Program Files \ Bethesda Softworks 2007-12-05 04:14 --------- d ----- w C: \ Program Files \ SlySoft 2007-12-03 03:06 --------- d ----- w C: \ Program Files \ TGTSoft 2007-11-25 18:18 --------- d ----- w C: \ Program Files \ Common Files \ Sonic Shared 2007-11-22 05:03 --------- d ----- w C: \ Program Files \ Cliprex DVD Player Professional . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * vuoto voci & legit default voci non vengono visualizzate REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 07:00 15360] "DAEMON Tools" = "C: \ Program Files \ DAEMON Tools \ daemon.exe" [2007-08-29 10:09 171464] "Yahoo! Pager" = "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe" [2007-08-30 17:43 4670704] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "SoundMan" = "SOUNDMAN.EXE" [2006-11-16 16:42 577536 C: \ WINDOWS \ SOUNDMAN.EXE] "ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2005-08-12 13:43 45056] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2007-09-26 13:42 267064] "CloneCDTray" = "C: \ Program Files \ SlySoft \ CloneCD \ CloneCDTray.exe" [2006-09-28 14:21 57344] "AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-20 17:18 579072] "! AVG Anti-Spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" [2007-06-11 04:25 6731312] "LXCFCATS" = "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCFtime.dll" [2005-07-20 12:47 73728] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-01-20 17:18 219136] C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Startup \ Utilità di configurazione wireless HW.15.lnk - C: \ Program Files \ TRENDnet \ TRENDnet TEW-421PC_TEW-423PI \ WlanCU.exe [2007-01-30 13:57:42 577536] [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ Policies \ System] "DisableRegistryTools" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] "UIHost" = "LogonUI.EXE" [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Avvio ^ Programmi ^ ^ Avvio veloce di Sonic CinePlayer Launch.lnk] path = C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Esecuzione automatica \ Sonic CinePlayer Quick Launch.lnk backup = C: \ WINDOWS \ pss \ Sonic CinePlayer Launch.lnkCommon di avvio rapido [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igndlm.exe] C: \ Program Files \ Download Manager \ DLM.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ MSMSGS] --------- 2004-10-13 11:24 1694208 C: \ Program Files \ Messenger \ msmsgs.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task] - un ------ 2007-06-29 05:24 286720 C: \ Program Files \ QuickTime \ qttask.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SBCSTray] C: \ Program Files \ Sunbelt Software \ CounterSpy \ SBCSTray.exe R0 videX32; videX32; C: \ WINDOWS \ system32 \ drivers \ videX3 2.sys [2006-10-17 07:22] R0 xfilt; VIA SATA IDE Hot-plug Driver; C: \ WINDOWS \ system32 \ drivers \ xfilt.sys [2006-10-18 04:39] R1 ALCXWDMM; ALCXWDMM; C: \ WINDOWS \ system32 \ drivers \ ALCX WDMM.sys [2008-01-20 16:39] R1 Cinemsup; Cinemsup; C: \ WINDOWS \ system32 \ drivers \ cine msup.sys [2002-07-19 09:10] R3 odysseyIM3; Odyssey Network Services Miniport; C: \ WINDOWS \ system32 \ drivers \ odysseyIM3.sy s [2007-08-17 20:35] S3 rtl8180; Realtek RTL8180 Wireless LAN (Mini-) PCI NIC Driver NT; C: \ WINDOWS \ system32 \ drivers \ RTL8180.SYS [2003-12-30 12:20] S3 SetupNTGLM7X; SetupNTGLM7X; D: \ NTGLM7X.sys [] [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (5ed3c7c1-4bdf-11dc-8daa-806d6172696f)] \ Shell \ AutoRun \ command - D: \ autorun.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \ (2352721C-2267-DB51-0008-030706070804)] C: \ WINDOWS \ system32 \ vsc32.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-22 00:37:48 5/1/2600 Windows Service Pack 2 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... scansione di file nascosti ... scansione completata con successo i file nascosti: 0 ************************************************** ************************ . Completamento orario: 2008-01-22 0:42:14 - macchina è stato riavviato ComboFix-quarantena-files.txt 2008-01-22 05:42:10 . 2008-01-11 00:38:07 --- EOF --- |
|
#8
21 Gennaio 2008, 22:57
| |||
| |||
| Grave Problema Adware Ora il download La Avenger Con Swandog46, E salvarlo sul desktop.
Codice: Per eliminare le cartelle: C: \ Temp \ tn3 file da eliminare: C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk per eliminare le chiavi del Registro di sistema: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \ (2352721C-2267 - DB51-0008-030706070804)
Next post Accedi Avenger
__________________ |
|
#9
21 Gennaio 2008, 23:09
| |||
| |||
| Grave Problema Adware ok qui e andare, ancora popup btw. Il file di log di Avenger versione 1, da Swandog46 Running da chiave di registro: \ Registry \ Machine \ System \ CurrentControlSet \ Service s \ hptxmheu ******************* File di script situato presso: wqwsrviw Impossibile aprire il file di script! Errore Impossibile aprire il file di script! Status: 0xc000003b Abort! |
|
#10
21 Gennaio 2008, 23:16
| |||
| |||
| Grave Problema Adware oops i miei cattivi è rifatto, cuz i didnt log guardare a destra, e apparentemente i didnt fare qualcosa di giusto la prima volta, heres il nuovo registro. oh e ci sono ancora i popup. Il file di log di Avenger versione 1, da Swandog46 Running da chiave di registro: \ Registry \ Machine \ System \ CurrentControlSet \ Service s \ mkawvjax ******************* File di script situato a: \? \ C: \ WINDOWS \ system32 \ ygueewld.txt File di script aperto con successo. File di script leggere correttamente Backups directory aperto con successo in C: \ Avenger ******************* A partire dal processo di file di script: Cartella C: \ Temp \ tn3 eliminato con successo. File C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk eliminato con successo. Chiave di registro HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \ (2352721C-2267-DB51-0008-030706070804) eliminato con successo. Completato lo script di trasformazione. ******************* Finito! Termina. |
 |
 |
| Segnalibri |
Threads simili | ||||
| Filo | Thread Starter | Forum | Risposte | Ultimo Post |
| Hai bisogno di aiuto Rimozione di Adware | ezong | Virus, Spyware e sicurezza | 8 | 15 lug 2009 13:15 |
| Tribalfusion è presente alcun tipo di adware | hopthwoks | Virus, Spyware e sicurezza | 2 | 2 Feb 2009 01:37 |
| AdWare problemi | Marcus123 | Virus, Spyware e sicurezza | 3 | 30 gen 2008 11:11 |
| Adware problemi non possono fermare i popup | Passat | Virus, Spyware e sicurezza | 8 | 23 gen 2008 21:42 |
| Nid aiuto! ~ Non è possibile rimuovere questo adware / virus! | jomm43point67 | Virus, Spyware e sicurezza | 10 | 16 gen 2008 08:38 |
| Thread Tools | |
| |
