|
|
#1
Janvāris 21, 2008, 20:16
| |||
| |||
 Nopietnas Adware Problem Man ir nopietna problēma. Ive got kādu adware uz mana datora. Kad Im sērfošanu, vai tikai man pārlūku atvērt, uznirstošo logu būs pop up ik pēc 2-3 minūtes. IVE mēģināja izmantot AVG Anti-Virus, AVG Anti-Spyware, CounterSpy un Bazooka Scanner. Viņi visi atrasts t lietas, i got atbrīvoties no tiem visiem, i skenēti no jauna, viss aizgāja. Izņemot diezgan maz TrackingCookies, bet, ka nedrīkstētu veicināt adware problēmu. Tie ir suppost par labāko programmas. Jebkurš ar to, kas nepieciešams, lai izmantotu vai to, kas man jādara suggestions? |
|
#2
Janvāris 21, 2008, 20:34
| |||
| |||
| Nopietnas Adware Problem Ļauj pietuvināt. Lejupielādējiet un pārdēvēt HijackThis (HJT)
__________________  |
|
#3
Janvāris 21, 2008, 20:50
| |||
| |||
| Nopietnas Adware Problem Logfile of Trend Micro HijackThis v2.0.2 Scan saglabāts 10:50:07, uz 1/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running procesiem: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ Windows \ Explorer.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ WINDOWS \ SOUNDMAN.EXE C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ SlySoft \ CloneCD \ CloneCDTray.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Daemon Tools \ daemon.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ TRENDnet \ TRENDnet TEW-421PC_TEW-423PI \ WlanCU.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll O2 - BHO: Yahoo! IE Pakalpojumi Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [CloneCDTray] "C: \ Program Files \ SlySoft \ CloneCD \ CloneCDTray.exe" / s O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimāla O4 - HKLM \ .. \ Run: [LXCFCATS] rundll32 C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ LXCFtim e.dll, _RunDLLEntry @ 16 O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [Daemon Tools] "C: \ Program Files \ Daemon Tools \ daemon.exe"-lang 1.033 O4 - HKCU \ .. \ Run: [Yahoo! Peidžeri] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-kluss O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User "SISTĒMA") O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user') O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C: \ Program Files \ TRENDnet \ TRENDnet TEW-421PC_TEW-423PI \ WlanCU.exe Ø9 - Extra button: Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll Ø9 - Extra button: ShopperReports - Salīdzināt produktu cenas - (C5428486-50A0-4a02-9D20-520B59A9F9B2) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (file missing) Ø9 - Extra button: ShopperReports - Salīdzināt ceļojumu cenas - (C5428486-50A0-4a02-9D20-520B59A9F9B3) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (file missing) Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø16 - DPF: (05D44720-58E3, 49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll Ø16 - DPF: (39B0684F-D7BF-4743-B050-FDC3F48F7E3B) -- http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab Ø16 - DPF: (3BB54395-5.982-4.788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Uzaicināt) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab Ø16 - DPF: (48DD0448-9.209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab Ø16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab Ø16 - DPF: (67A5F8DC-1A4b-4D66-9F24-A704AD929EEE) (System Requirements Lab) -- http://www.systemrequirementslab.com/sysreqlab2.cab Ø16 - DPF: (9BDF4724-10AA-43D5-BD15-AEA0D2287303) (MSN Games - Texas Holdem Poker) -- http://zone.msn.com/bingame/zpagames...e.cab60231.cab Ø16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220.313.175.592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab Ø16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1.150 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe -- End of failu - 7.993 bytes |
|
#4
Janvāris 21, 2008, 20:59
| |||
| |||
| Nopietnas Adware Problem Ka neatklāja daudz, mums vajadzēs veikt dažas pamatīgāk skenēšanu. Dažas tukšas ierakstus, lai noteiktu ar HJT nekustamo ātri. Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai. Vieta atzīme blakus šādiem ierakstiem: Ø9 - Extra button: ShopperReports - Salīdzināt produktu cenas - (C5428486-50A0-4a02-9D20-520B59A9F9B2) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (file missing) Ø9 - Extra button: ShopperReports - Salīdzināt ceļojumu cenas - (C5428486-50A0-4a02-9D20-520B59A9F9B3) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (file missing) Aizveriet visus logus, izņemot HijackThis un noklikšķiniet uz Fix pārbaudīja. Iziet HijackThis. --------- Lejupielādēt CCleaner
Lejupielādēt SUPERAntispyware Free Edition (SAS)
Next post lūdzu, pievienojiet SuperantiSpyware log
__________________ |
|
#5
Janvāris 21, 2008, 22:20
| |||
| |||
| Nopietnas Adware Problem Labi, es beidzot dabūja to darīt, bet .... logus vēl šeit anyways heres žurnāls: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/22/2008 at 00:10 Application Version: 3.9.1008 Core Noteikumi Database Version: 3.385 Trace Noteikumi Database Version: 1379 Scan type: Complete Scan Kopā Scan Time: 00:48:33 Atmiņas vienības skenēts: 556 Memory draudiem detected: 0 Reģistra vienības skenēts: 4.213 Reģistrs draudiem detected: 0 File preces skenēts: 39.567 File draudiem detected: 8 Adware.Tracking Cookie C: \ Documents and Settings \ Richard \ Cookies \ richard@login.revenueloop [2]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard@publishers.clickb ooth [2]. Txt C: \ Documents and Settings \ Richard \ Cookies \ Richard @ DoubleClick [1]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.pointroll [1]. Txt C: \ Documents and Settings \ Richard \ Cookies \ Richard @ bluestreak [1]. Txt C: \ Documents and Settings \ Richard \ Cookies \ Richard @ tribalfusion [2]. Txt C: \ Documents and Settings \ Richard \ Cookies \ Richard @ atdmt [2]. Txt RootKit.TnCore / Trace C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk |
|
#6
Janvāris 21, 2008, 22:23
| |||
| |||
| Nopietnas Adware Problem Šajā scan prasīs aptuveni 5 līdz 10 minūtēm. Lūdzu, lejupielādējiet Combofix ar subs no vienas no saitēm. (Try visi trīs, ja nepieciešams)SVARĪGI - Combofix.exe Jābūt saglabāta jūsu savu Desktop.
Skenēšana uz laiku apturēt jūsu darbvirsmas. Ja pārtraukta tā var atstāt datoru iesaldēti. Ja tā notiek, lūdzu pārstartējiet atjaunošanai darbvirsmas. Next post Combofix log
__________________ |
|
#7
Janvāris 21, 2008, 22:48
| |||
| |||
| Nopietnas Adware Problem ok to darīja. bet IVE joprojām got logus :-( Heres žurnāls: ComboFix 08-01-21.3 - Richard 2008-01-22 0:30:28.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.628 [GMT -5:00] Sākot no: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe * Izveido jaunu atjaunošanas punktu WARNING, šī mašīna nav atkop Installed! . ((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ temp \ tn3 C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk. . . . neizdevās izdzēst . ((((((((((((((((((((((((( Faili Created no 2007/12/22 līdz 2008/01/22 ))))))))))) )))))))))))))))))))) . 2008/01/22 00:36. 2008/01/22 00:36 167.545 --------- C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk 2008/01/22 00:34. 2008/01/22 00:34 <DIR> d -------- C: \ Temp \ tn3 2008/01/22 00:29. 2000/08/31 08:00 51.200 - ------ C: \ WINDOWS \ Nircmd.exe 2008/01/21 23:10. 2008/01/21 23:10 <DIR> d -------- C: \ Program Files \ CCleaner 2008/01/21 22:47. 2008/01/21 22:47 <DIR> d -------- C: \ Program Files \ Trend Micro 2008/01/21 22:21. 2008/01/22 00:16 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware 2008/01/21 02:10. 2008/01/21 02:10 <DIR> d -------- C: \ Program Files \ Lavasoft 2008/01/21 02:09. 2008/01/21 22:20 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008/01/20 22:04. 2008/01/20 22:04 <DIR> d -------- C: \ Program Files \ Bazooka Scanner 2008/01/20 17:41. 2007/05/30 07:10 10.872 - ------ C: \ WINDOWS \ system32 \ drivers \ AvgAsCln.sys 2008/01/20 16:39. 2008/01/20 16:39 86.144 - ------ C: \ WINDOWS \ system32 \ drivers \ ALCXWDMM.sys 2008/01/12 16:25. 2008/01/12 16:25 <DIR> d -------- C: \ Program Files \ Electronic Arts 2008/01/12 15:11. 2005/06/24 16:24 438.272-ra ------ C: \ WINDOWS \ system32 \ vp6vfw.dll 2008/01/12 15:11. 2004/12/10 09:06 327.680 - ------ C: \ WINDOWS \ system32 \ vp6dec.ax 2008/01/12 15:06. 2008/01/12 15:20 <DIR> d - h ----- C: \ WINDOWS \ msdownld.tmp 2008/01/10 19:21. 2008/01/10 19:21 <DIR> d -------- C: \ Program Files \ uTorrent 2008/01/10 19:01. 2008/01/10 19:21 <DIR> d -------- C: \ Program Files \ megamaps 2008/01/08 22:43. 2008/01/10 19:30 <DIR> d -------- C: \ Program Files \ Guitar Pro 5 2008/01/06 05:19. 2008/01/06 05:19 <DIR> d -------- C: \ Program Files \ Power Tab Software 2008/01/03 22:31. 2008/01/03 22:31 <DIR> d -------- C: \ AeriaGames 2008/01/03 21:30. 2008/01/12 21:55 <DIR> d -------- C: \ UnrealTournament 2007/12/25 14:25. 2007/12/28 16:53 90 - ------ C: \ WINDOWS \ RCAMPEG4VC.ini 2007/12/25 14:18. 2006/09/13 14:52 561.152 - ------ C: \ WINDOWS \ system32 \ xvidcore.dll 2007/12/25 14:18. 2006/09/13 15:01 237.568 - ------ C: \ WINDOWS \ system32 \ xvidvfw.dll 2007/12/25 14:18. 2005/12/30 15:34 2.864 - ------ C: \ WINDOWS \ system32 \ xvid.inf 2007/12/25 14:17. 2007/12/25 14:17 <DIR> d -------- C: \ Program Files \ RCA . (((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008/01/20 20:59 --------- d - h - w C: \ Program Files \ InstallShield Installation Information 2008/01/17 00:48 --------- d ----- w C: \ Program Files \ Yahoo! 2008/01/16 01:15 --------- d ----- w C: \ Program Files \ Lx_cats 2008/01/11 00:21 --------- d ----- w C: \ Program Files \ Xfire 2008/01/11 00:21 --------- d ----- w C: \ Program Files \ limewire 2007/12/22 10:47 --------- d ----- w C: \ Program Files \ DriftCity 2007/12/20 07:35 --------- d ----- w C: \ Program Files \ Sierra On-Line 2007/12/18 08:02 --------- d ----- w C: \ Program Files \ NHN ASV 2007/12/17 21:17 --------- d ----- w C: \ Program Files \ Bethesda Softworks 2007/12/05 04:14 --------- d ----- w C: \ Program Files \ SlySoft 2007/12/03 03:06 --------- d ----- w C: \ Program Files \ TGTSoft 2007/11/25 18:18 --------- d ----- w C: \ Program Files \ Common Files \ Sonic Shared 2007/11/22 05:03 --------- d ----- w C: \ Program Files \ Cliprex DVD Player Professional . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004/08/04 07:00 15.360] "Daemon Tools" = "C: \ Program Files \ Daemon Tools \ daemon.exe" [2007/08/29 10:09 171.464] "Yahoo! Pager" = "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe" [2007/08/30 17:43 4.670.704] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007/06/21 14:06 1.318.912] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "SoundMan" = "SOUNDMAN.EXE" [2006/11/16 16:42 577.536 C: \ WINDOWS \ SOUNDMAN.EXE] "ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2005/08/12 13:43 45.056] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007/09/25 01:11 132.496] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2007/09/26 13:42 267.064] "CloneCDTray" = "C: \ Program Files \ SlySoft \ CloneCD \ CloneCDTray.exe" [2006/09/28 14:21 57.344] "AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008/01/20 17:18 579.072] ! AVG Anti-Spyware "=" C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe "[2007/06/11 04:25 6.731.312] "LXCFCATS" = "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X 86 \ 3 \ LXCFtime.dll" [2005/07/20 12:47 73.728] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008/01/20 17:18 219.136] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Wireless Configuration Utility HW.15.lnk - C: \ Program Files \ TRENDnet \ TRENDnet TEW-421PC_TEW-423PI \ WlanCU.exe [2007/01/30 13:57:42 577.536] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ SYSTEM] "DisableRegistryTools" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006/12/20 13:55 77.824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] "UIHost" = "LogonUI.EXE" [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007/04/19 13:41 294.912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Sonic CinePlayer Quick Launch.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Sonic CinePlayer Quick Launch.lnk backup = C: \ WINDOWS \ PSS \ Sonic CinePlayer Quick Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ igndlm.exe] C: \ Program Files \ Download Manager \ DLM.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ MSMSGS] --------- 2004/10/13 11:24 1.694.208 C: \ Program Files \ Messenger \ msmsgs.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ QuickTime Task] - ------ 2007/06/29 05:24 286.720 C: \ Program Files \ QuickTime \ qttask.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ SBCSTray] C: \ Program Files \ Sunbelt Software \ CounterSpy \ SBCSTray.exe R0 videX32; videX32, C: \ WINDOWS \ system32 \ drivers \ videX3 2.sys [2006/10/17 07:22] R0 xfilt; VIA SATA IDE Hot-plug Driver; C: \ WINDOWS \ system32 \ drivers \ xfilt.sys [2006/10/18 04:39] R1 ALCXWDMM; ALCXWDMM, C: \ WINDOWS \ system32 \ drivers \ ALCX WDMM.sys [2008/01/20 16:39] R1 Cinemsup; Cinemsup, C: \ WINDOWS \ system32 \ drivers \ cine msup.sys [2002/07/19 09:10] R3 odysseyIM3; Odyssey Network Services Miniport, C: \ WINDOWS \ system32 \ drivers \ odysseyIM3.sy s [2007/08/17 20:35] S3 rtl8180; Realtek RTL8180 Wireless LAN (Mini-) PCI NIC NT Driver; C: \ WINDOWS \ system32 \ drivers \ RTL8180.SYS [2003/12/30 12:20] S3 SetupNTGLM7X; SetupNTGLM7X, D: \ NTGLM7X.sys [] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (5ed3c7c1-4bdf-11dc-8daa-806d6172696f)] \ Shell \ Autorun \ komandu - D: \ Autorun.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aktīvās setup \ uzstādītas sastāvdaļas \ (2352721C-2267-DB51-0.008-030706070804)] C: \ WINDOWS \ system32 \ vsc32.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net Rootkit scan 2008/01/22 00:37:48 Windows 5.1.2600 Service Pack 2 NTFS skenēšana slēptās procesi ... skenēšana slēptās palaišana ieraksti ... skenēšana slēptos failus ... scan sekmīgi pabeigta slēptos failus: 0 ************************************************** ************************ . Pabeigšanas laiks: 2008/01/22 0:42:14 - mašīna bija rebooted ComboFix-karantīnā-files.txt 2008/01/22 05:42:10 . 2008/01/11 00:38:07 --- EOF --- |
|
#8
Janvāris 21, 2008, 22:57
| |||
| |||
| Nopietnas Adware Problem Lejupielādēt Avenger By Swandog46, Un saglabājiet to savā datorā.
Kods: Mapes izdzēst: C: \ Temp \ tn3 Faili izdzēst: C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk Registry atslēgas izdzēst: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aktīvās setup \ uzstādītas sastāvdaļas \ (2352721C-2267 - DB51-0.008-030706070804)
Next post Avenger log
__________________ |
|
#9
Janvāris 21, 2008, 23:09
| |||
| |||
| Nopietnas Adware Problem ok here u go, vēl logus btw. Logfile of Avenger version 1 līdz Swandog46 Sākot no reģistra atslēgā: \ Registry \ MACHINE \ System \ CurrentControlSet \ Pakalpojums s \ hptxmheu ******************* Skripta fails atrodas: wqwsrviw Neizdevās atvērt skripta failu! Kļūda Neizdevās atvērt skripta failu! Statuss: 0xc000003b Abort! |
|
#10
Janvāris 21, 2008, 23:16
| |||
| |||
| Nopietnas Adware Problem oops my bad i redid to, cuz log didn't izskatās labi, un, acīmredzot, i didn't darīt kaut ko labi pirmo reizi, heres jaunu žurnālu. Ak, un vēl joprojām ir logus. Logfile of Avenger version 1 līdz Swandog46 Sākot no reģistra atslēgā: \ Registry \ MACHINE \ System \ CurrentControlSet \ Pakalpojums s \ mkawvjax ******************* Skripta fails atrodas: \? \ C: \ WINDOWS \ system32 \ ygueewld.txt Skripta fails atvērts veiksmīgi. Skripta fails lasīt veiksmīgi Backups direktorija atklāta veiksmīgi pie C: \ Avenger ******************* Sākumā apstrādāt skripta failu: Mapē C: \ Temp \ tn3 svītrots veiksmīgi. File C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk svītrots veiksmīgi. Reģistra atslēgu HKEY_LOCAL_MACHINE \ Software \ Microsoft \ aktīvās setup \ uzstādītas sastāvdaļas \ (2352721C-2267-DB51-0.008-030706070804) svītrots veiksmīgi. Pabeigts script apstrādi. ******************* Noslēgusies! Izbeidzas. |
