Jump to content

Проблем с интернет връзка


Blowy

Препоръчан пост

Здрасти :peace: ,

помогнете по следния проблем:

kshd.exe

vdshd.exe

ми създават нова интернет връзка и когато се свържа към нет-а, след няколко секунди ме дисконектва и новата връзка се опитва да се свърже, но не може. Това постоянно ме дисконектва и трябва да се свързвам много често.

До колкото разбрах т'ва не са вируси ?

Имам Security Task Manager, която ги открива, трие, но без да рестартирам компа пак се появяват следните файлове в папка C:\Documents and Settings\User\*.exe

Сега като пиша, не ми спира връзката, но може би защото се бъгна и ми дава само грешки. Сигурен съм, че от следващото пускане на компа пак ще ме изключва от нет-а.

-----------------------

 

Забелязах, че тва се появи, след като ползвах моята флашка/мп3/. Като я изкарах от USB се бъгна, да не е вирус?

Link to comment
Сподели другаде

Първо дай един лог от HijackThis.

 

И кажи каква ОС Ползваш,на какъв език и на какъв изглед(класически или нормален) ти е контрол панела.А,да,имаш ли сервизни пакети инсталирани?(Имаш ли напр. SP3 3a XP)

Link to comment
Сподели другаде

Първо дай един лог от HijackThis.

 

И кажи каква ОС Ползваш,на какъв език и на какъв изглед(класически или нормален) ти е контрол панела.А,да,имаш ли сервизни пакети инсталирани?(Имаш ли напр. SP3 3a XP)

 

Windows XP Media Center Edition + SP 2

English version

Category view mi e Control Panel

 

Ако искаш да търсиш дали тия вирусчета са в лога, май ги няма като процеси

 

loga e

----------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:00:48, on 17.2.2009 г.

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Reader\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [lphcceqj0ejfr] C:\WINDOWS\system32\lphcceqj0ejfr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7533 bytes

Link to comment
Сподели другаде

CNews предлагаш програмата ,а дори не си обяснил как да се използва (вече има проблем с използването и от един съфорумец който не е разбрал и беше смъмрен за това)

Night_Raven:

Що за глупост си направил. Занапред не използвай HijackThis без инструкции от човек, който е наясно с програмата.

Добре че нашия приятел знае как да я използва!!!

Blowy можеш да изтеглиш тези програми и да сканираш с тях (като след инсталацията им да обновиш дефинициите им - ако не го направят автоматично) SUPERAntiSpyware Free и Malwarebytes' Anti-Malware.

Инфо обаче за системата определено ще трябва!!!

Тази връзка за която казваш има ли я в Мрежови връзки? Ако я има опитай да я забраниш и после да я изтриеш (ако ти позволява изтриване),но по принцип може да се изтрие ако не е за локална мрежа!!! :computer:

Link to comment
Сподели другаде

CNews предлагаш програмата ,а дори не си обяснил как да се използва (вече има проблем с използването и от един съфорумец който не е разбрал и беше смъмрен за това)

Blowy можеш да изтеглиш тези програми и да сканираш с тях (като след инсталацията им да обновиш дефинициите им - ако не го направят автоматично) SUPERAntiSpyware Free и Malwarebytes' Anti-Malware.

Инфо обаче за системата определено ще трябва!!!

Тази връзка за която казваш има ли я в Мрежови връзки? Ако я има опитай да я забраниш и после да я изтриеш (ако ти позволява изтриване),но по принцип може да се изтрие ако не е за локална мрежа!!! :computer:

 

Вече сложих лог файла,

трие се, но се създава самичка автоматично под името "i-connection"

трия и двата фаила в директорията, но след време се появяват пак

Link to comment
Сподели другаде

От колко време го има този проблем?

Ако има точка на възстановяване на системата преди появяването на проблема можеш да я възстановиш (макар че това е крайна мярка според мен)! Един приятел имаше подобен (незнам понеже не видях ,а и всичко стана от растояние т.е. инструктирах го по скайп) може и да е бил същия проблем ,и се оправи само с възстановяване на системата ,но след изключване на мрежата която използва за интернет и след това рестарт в Safe Mode и от там избор на точка и възстановяване! След което проблема му го нямаше ,а това беше почти преди 6 месеца и от тогава не е имал проблем!!!

Моя съвет обаче е да не бързаш с възстановяване на системата (ако това не е крайно наложително) и дано се включат в темата и други съфорумци (по компетентни от мен разбира се) и да помогнат без да се налага възстановяване на системата!!! :computer:

Link to comment
Сподели другаде

Blowy, както предложи bmvtooo,сканирай с SUPERAntiSpyware Free и Malwarebytes' Anti-Malware

 

За SUPERAntiSpyware:

- стартирай програмата;

- кликни бутон Scan your Computer;

- вляво избери само дял C:, а вдясно избери Perform Complete Scan;

- кликни Next и изчакай да сканира;

- кликни Next, за да се премахнат гадинките и накрая Finish;

- кликни бутон Preferences... и иди на подпрозорец Statistics/Logs, маркирай последния лог и кликни бутон View Log...;

- копирай съдържанието му тук.

 

За Malwarebytes' Anti-Malware:

- стартирай програмата;

- избери Perform quick scan и кликни бутон Scan;

- като приключи сканирането кликни бутон Remove Selected;

- ще се появи текстов файл (лог), копирай съдържанието му тук.

Link to comment
Сподели другаде

+ показа порн сайтовете, но тях ги изтрих :)

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/18/2009 at 11:06 AM

 

Application Version : 4.25.1012

 

Core Rules Database Version : 3716

Trace Rules Database Version: 1690

 

Scan type : Complete Scan

Total Scan Time : 00:26:25

 

Memory items scanned : 416

Memory threats detected : 0

Registry items scanned : 5235

Registry threats detected : 0

File items scanned : 19378

File threats detected : 291

 

Adware.Tracking Cookie

C:\Documents and Settings\And1\Cookies\and1@sitestats.ets[1].txt

C:\Documents and Settings\And1\Cookies\and1@tacoda[3].txt

C:\Documents and Settings\And1\Cookies\and1@clicktorrent[2].txt

C:\Documents and Settings\And1\Cookies\and1@revsci[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.techguy[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.standartnews[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.teenchat[3].txt

C:\Documents and Settings\And1\Cookies\and1@adultadworld[1].txt

C:\Documents and Settings\And1\Cookies\and1@CAZEFNVM.txt

C:\Documents and Settings\And1\Cookies\and1@adbrite[3].txt

C:\Documents and Settings\And1\Cookies\and1@media6degrees[3].txt

C:\Documents and Settings\And1\Cookies\and1@media.adrevolver[1].txt

C:\Documents and Settings\And1\Cookies\and1@gjacket.adbureau[3].txt

C:\Documents and Settings\And1\Cookies\and1@ad.adocean[1].txt

C:\Documents and Settings\And1\Cookies\and1@nl.sitestat[10].txt

C:\Documents and Settings\And1\Cookies\and1@ads.mediageeks[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.ibox[2].txt

C:\Documents and Settings\And1\Cookies\and1@nl.sitestat[8].txt

C:\Documents and Settings\And1\Cookies\and1@koleda.themes.medianet[1].txt

C:\Documents and Settings\And1\Cookies\and1@collective-media[3].txt

C:\Documents and Settings\And1\Cookies\and1@media.brandreachsys[2].txt

C:\Documents and Settings\And1\Cookies\and1@server.cpmstar[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.madisonavenue[3].txt

C:\Documents and Settings\And1\Cookies\and1@ads.city[1].txt

C:\Documents and Settings\And1\Cookies\and1@ice.112.2o7[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad.orbitel[3].txt

C:\Documents and Settings\And1\Cookies\and1@adrevolver[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[4].txt

C:\Documents and Settings\And1\Cookies\and1@ehg-advertisementbv.hitbox[2].txt

C:\Documents and Settings\And1\Cookies\and1@trafficmp[2].txt

C:\Documents and Settings\And1\Cookies\and1@msnportal.112.2o7[1].txt

C:\Documents and Settings\And1\Cookies\and1@realmedia[1].txt

C:\Documents and Settings\And1\Cookies\and1@nl.sitestat[9].txt

C:\Documents and Settings\And1\Cookies\and1@zedo[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad.yieldmanager[2].txt

C:\Documents and Settings\And1\Cookies\and1@apmebf[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad.flux[3].txt

C:\Documents and Settings\And1\Cookies\and1@rambler[1].txt

C:\Documents and Settings\And1\Cookies\and1@counter.search[2].txt

C:\Documents and Settings\And1\Cookies\and1@adv.helikon[2].txt

C:\Documents and Settings\And1\Cookies\and1@burstnet[2].txt

C:\Documents and Settings\And1\Cookies\and1@web-stat[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.essex.enquiries.uk[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad2.doublepimp[2].txt

C:\Documents and Settings\And1\Cookies\and1@nl.sitestat[11].txt

C:\Documents and Settings\And1\Cookies\and1@uk.sitestat[3].txt

C:\Documents and Settings\And1\Cookies\and1@casalemedia[2].txt

C:\Documents and Settings\And1\Cookies\and1@wmmediacorp[1].txt

C:\Documents and Settings\And1\Cookies\and1@yadro[2].txt

C:\Documents and Settings\And1\Cookies\and1@rem.rezonmedia[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.pop[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.cartoonnetwork[2].txt

C:\Documents and Settings\And1\Cookies\and1@rotator.adjuggler[1].txt

C:\Documents and Settings\And1\Cookies\and1@gamesbannernet[1].txt

C:\Documents and Settings\And1\Cookies\and1@advertising[1].txt

C:\Documents and Settings\And1\Cookies\and1@ehg-eset.hitbox[2].txt

C:\Documents and Settings\And1\Cookies\and1@CA8PAPZX.txt

C:\Documents and Settings\And1\Cookies\and1@ads.blizzard[1].txt

C:\Documents and Settings\And1\Cookies\and1@atdmt[2].txt

C:\Documents and Settings\And1\Cookies\and1@xiti[1].txt

C:\Documents and Settings\And1\Cookies\and1@doubleclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@gametracker[3].txt

C:\Documents and Settings\And1\Cookies\and1@www.trafficholder[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.emailfinderpro[1].txt

C:\Documents and Settings\And1\Cookies\and1@adopt.specificclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@hotlog[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.mucunki[1].txt

C:\Documents and Settings\And1\Cookies\and1@statcounter[1].txt

C:\Documents and Settings\And1\Cookies\and1@interclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@grantfinder[2].txt

C:\Documents and Settings\And1\Cookies\and1@at.atwola[2].txt

C:\Documents and Settings\And1\Cookies\and1@questionmarket[1].txt

C:\Documents and Settings\And1\Cookies\and1@game-advertising-online[1].txt

C:\Documents and Settings\And1\Cookies\and1@rm.yieldmanager[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.bridgetrack[2].txt

C:\Documents and Settings\And1\Cookies\and1@imrworldwide[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[6].txt

C:\Documents and Settings\And1\Cookies\and1@serving-sys[2].txt

C:\Documents and Settings\And1\Cookies\and1@advert.technews[2].txt

C:\Documents and Settings\And1\Cookies\and1@CA7JZDEL.txt

C:\Documents and Settings\And1\Cookies\and1@bluestreak[2].txt

C:\Documents and Settings\And1\Cookies\and1@content.yieldmanager.edgesuite[2].txt

C:\Documents and Settings\And1\Cookies\and1@fulltraffic[1].txt

C:\Documents and Settings\And1\Cookies\and1@fastclick[1].txt

C:\Documents and Settings\And1\Cookies\and1@metacafe.122.2o7[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[7].txt

C:\Documents and Settings\And1\Cookies\and1@ads.pointroll[2].txt

C:\Documents and Settings\And1\Cookies\and1@1.sharkadnetwork[2].txt

C:\Documents and Settings\And1\Cookies\and1@mediaplex[1].txt

C:\Documents and Settings\And1\Cookies\and1@uk.sitestat[2].txt

C:\Documents and Settings\And1\Cookies\and1@list[1].txt

C:\Documents and Settings\And1\Cookies\and1@tripod[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad.httpool[1].txt

C:\Documents and Settings\And1\Cookies\and1@ehg-foxsports.hitbox[1].txt

C:\Documents and Settings\And1\Cookies\and1@clickaider[2].txt

C:\Documents and Settings\And1\Cookies\and1@bs.serving-sys[1].txt

C:\Documents and Settings\And1\Cookies\and1@specificmedia[2].txt

C:\Documents and Settings\And1\Cookies\and1@adserver.filefront[2].txt

C:\Documents and Settings\And1\Cookies\and1@googleadservices[1].txt

C:\Documents and Settings\And1\Cookies\and1@nielsen.112.2o7[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.adap[1].txt

C:\Documents and Settings\And1\Cookies\and1@server.iad.liveperson[1].txt

C:\Documents and Settings\And1\Cookies\and1@cgm.adbureau[3].txt

C:\Documents and Settings\And1\Cookies\and1@adbureau[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.gamesbannernet[2].txt

C:\Documents and Settings\And1\Cookies\and1@adtech[1].txt

C:\Documents and Settings\And1\Cookies\and1@hitbox[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.clickmanage[2].txt

C:\Documents and Settings\And1\Cookies\and1@imagevenue.advertserve[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[8].txt

C:\Documents and Settings\And1\Cookies\and1@content.yieldmanager[2].txt

C:\Documents and Settings\And1\Cookies\and1@content.yieldmanager[3].txt

C:\Documents and Settings\And1\Cookies\and1@emailfinderpro[2].txt

C:\Documents and Settings\And1\Cookies\and1@CATEC0JQ.txt

C:\Documents and Settings\And1\Cookies\and1@media.exchange[3].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[5].txt

C:\Documents and Settings\And1\Cookies\and1@stat.onestat[2].txt

C:\Documents and Settings\And1\Cookies\and1@CAVVGNLW.txt

C:\Documents and Settings\And1\Cookies\and1@web4.realtracker[1].txt

C:\Documents and Settings\And1\Cookies\and1@revenue[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.addfreestats[1].txt

C:\Documents and Settings\And1\Cookies\and1@tribalfusion[1].txt

C:\Documents and Settings\And1\Cookies\and1@teenchat[2].txt

C:\Documents and Settings\And1\Cookies\and1@statse.webtrendslive[1].txt

C:\Documents and Settings\And1\Cookies\and1@windowsmedia[2].txt

C:\Documents and Settings\And1\Cookies\and1@ehg-legonewyorkinc.hitbox[2].txt

C:\Documents and Settings\And1\Cookies\and1@2o7[1].txt

C:\Documents and Settings\And1\Cookies\and1@specificclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@adserver.adtechus[1].txt

C:\Documents and Settings\And1\Cookies\and1@server.cpmstar[1].txt

C:\Documents and Settings\And1\Cookies\and1@collective-media[2].txt

C:\Documents and Settings\And1\Cookies\and1@adopt.euroclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@incentaclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.incentaclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.kaldata[2].txt

C:\Documents and Settings\And1\Cookies\and1@clickaider[1].txt

C:\Documents and Settings\And1\Cookies\and1@gjacket.adbureau[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.realtechnetwork[2].txt

C:\Documents and Settings\And1\Cookies\and1@italianfriendfinder[2].txt

C:\Documents and Settings\And1\Cookies\and1@adv.gamerzhut[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.fresh[1].txt

C:\Documents and Settings\And1\Cookies\and1@adserver.filefront[1].txt

C:\Documents and Settings\And1\Cookies\and1@friendfinder[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[3].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.mobygames[1].txt

C:\Documents and Settings\And1\Cookies\and1@media.exchange[2].txt

C:\Documents and Settings\And1\Cookies\and1@chokertraffic[2].txt

C:\Documents and Settings\And1\Cookies\and1@adserver2.spele[2].txt

C:\Documents and Settings\And1\Cookies\and1@insightexpressai[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.cartoonnetwork[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.fpctraffic2[2].txt

C:\Documents and Settings\And1\Cookies\and1@media6degrees[1].txt

C:\Documents and Settings\And1\Cookies\and1@teenproblem[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.teenchat[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad.mp-gamer[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.teenproblem[1].txt

C:\Documents and Settings\And1\Cookies\and1@trafficshop[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.clicksor[2].txt

C:\Documents and Settings\And1\Cookies\and1@gametracker[2].txt

C:\Documents and Settings\And1\Cookies\and1@adultadworld[2].txt

C:\Documents and Settings\And1\Cookies\and1@toplist[3].txt

C:\Documents and Settings\And1\Cookies\and1@toplist[1].txt

C:\Documents and Settings\And1\Cookies\and1@adultfriendfinder[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad.yieldmanager[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad.orbitel[1].txt

C:\Documents and Settings\And1\Cookies\and1@zanox[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad.biscom[1].txt

C:\Documents and Settings\And1\Cookies\and1@account.live[1].txt

C:\Documents and Settings\And1\Cookies\and1@track.webtrekk[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad.flux[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad2.bbmedia[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad2.doublepimp[1].txt

C:\Documents and Settings\And1\Cookies\and1@adbrite[1].txt

C:\Documents and Settings\And1\Cookies\and1@adfarm1.adition[1].txt

C:\Documents and Settings\And1\Cookies\and1@adinterax[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.madisonavenue[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.ibox[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.icepique[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.revsci[1].txt

C:\Documents and Settings\And1\Cookies\and1@cgm.adbureau[1].txt

C:\Documents and Settings\And1\Cookies\and1@counter.search[1].txt

C:\Documents and Settings\And1\Cookies\and1@myroitracking[1].txt

C:\Documents and Settings\And1\Cookies\and1@prospect.adbureau[2].txt

C:\Documents and Settings\And1\Cookies\and1@revsci[1].txt

C:\Documents and Settings\And1\Cookies\and1@sitestats.ets[2].txt

C:\Documents and Settings\And1\Cookies\and1@stats.adbrite[1].txt

C:\Documents and Settings\And1\Cookies\and1@tacoda[2].txt

C:\Documents and Settings\And1\Cookies\and1@viacom.adbureau[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.trafficholder[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.trafficshops[2].txt

C:\Documents and Settings\gaby\Cookies\gaby@yadro[2].txt

Link to comment
Сподели другаде

и двете са c Updated virus definitions! Другото иска purchase :]

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/18/2009 at 12:18 PM

 

Application Version : 4.25.1012

 

Core Rules Database Version : 3764

Trace Rules Database Version: 1725

 

Scan type : Complete Scan

Total Scan Time : 00:30:45

 

Memory items scanned : 423

Memory threats detected : 0

Registry items scanned : 5248

Registry threats detected : 0

File items scanned : 19394

File threats detected : 1

 

Adware.Tracking Cookie

C:\Documents and Settings\And1\Cookies\and1@counter.search[1].txt

 

 

------------------------

 

Malwarebytes' Anti-Malware 1.34

Database version: 1773

Windows 5.1.2600 Service Pack 2

 

18.2.2009 г. 12:12:11

mbam-log-2009-02-18 (12-12-11).txt

 

Scan type: Quick Scan

Objects scanned: 75896

Time elapsed: 9 minute(s), 21 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 10

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Documents and Settings\And1\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Link to comment
Сподели другаде

Рестартирай системата и кажи дали проблемът е още налице.

 

P.S.: нито една от двете програми не изисква закупуване за обновяване или почистване.

Link to comment
Сподели другаде

Изтегли GMER. Разархивирай и стартирай програмата. Тя ще направи начално сканиране за секунди. След като то приключи НЕ кликай бутон Scan, а кликни бутон Copy и после пейстни съдържанието тук (Ctrl+V).
Link to comment
Сподели другаде

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-02-18 13:03:54

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.14 ----

 

SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF75A85DC]

SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF75B4120]

 

---- Devices - GMER 1.0.14 ----

 

Device \FileSystem\Ntfs \Ntfs 83B1A880

 

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

 

---- Modules - GMER 1.0.14 ----

 

Module _________ F750A000-F7522000 (98304 bytes)

 

---- EOF - GMER 1.0.14 ----

 

 

до вечерта :thumbsup:

Link to comment
Сподели другаде

Изтегли ESET SysInspector и:

1) стартирай я и изчакай да събере информацията;

2) меню File -> Save Log;

3) потвърди с Yes;

4) запази файла на удобно за теб място и го прикачи после към коментара си.

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
×
  • Създай ново...