Проблем с malware

[slavi georgiev]

преди 2 дена вязох в един сайт за картини и бои и ми писна аваста

 

malware

name: html:agent-l [expl]

type exploit

 

на резидент скенера ми отчете

infected paypopup(1)htm

 

това е някакъв зловреден код според мен

пуснах аваста намира го изтривам го и пак се появи след 1 ден. пак писна и тоя път с ad aweare скенирах и го изчисти 2 инфектирани файла имах в windolsxp\documents and settings

 

ако някои е имал такъв проблем да пише зло ли е това нещо. Аз мисля, че го махнах, но няма нищо сигурно

[dimd]

За твое успокоение сканирай с това :

http://www.softvisia.com/download.php?view.1228

[Aquarius]

Ако след сканирането и евентуално премахването на заплахитe с Malwarebytes' Anti-Malware все още имаш проблеми, пиши тук в темата, за да ти дадем инструкции кaк да предоставиш Log-файлове от Autoruns и HijackThis.

[slavi georgiev]

Изгеглих Malwarebytes Anti-Malware 1.21 скенирам с нея и ето:

 

Trojan.BHO File C:\PROGRAM FILES\Web money advisor\t..

Trojan.bho registry key hkey_classes_root\clsid\{..

Trojan.bho registry key hkey_classes_root-interface\{..

и още три ключа със същия троянец

 

премахнах ги и след 2 3 минути пак ми пина аваста Пуснах го откри два файла заразени и дадох rename\ move опция или незнам точно как беше, защото предните дни натисках delete и казва че ги трие ама...

Тази гадинка направо Web money е атакувала аз как не се осетих още ония дни, този сайт дето виказах че ме зарази това е интернет магазин, български. Само как него записах от скенера на аваста да ви го кажа

Според мен някоя връзка не може да се изчисти щом се активира гадинката всеки ден

Не знам с HighJack ли да пробвам или с друго?

После пак скенирах с аваст пълно и с Malwarebytes Anti-Malware 1.21 пълно и нищо не отчете изтрих temporary file folder i cookies ot brawsera i restartirah i ето ме сега пиша, сигурно пак ще се появи това нещо, но и другото е интересно, защо аваст не го засича като троянец , а Malwarebytes Anti-Malware 1.21 го откри като такъв

[comando1302]

Изтегли CCleaner 2.09.600 пусния да ти почисти компа,след това сканирай с SUPERAntiSpyware Free Edition 4.15.1000 и двете ги има в сайта,

и след това сподели твоето мнение.Поздрави...

[Aquarius]

Пусни едно сканиране и със SUPERAntiSpyware Free.

След като сканираш и евентуално премахнеш заплахите, пусни Log-файлове от AutoRuns и HiJackthis v2.0.2.

Стартирай файла Autoruns.exe и направи следното:

а) Избери Options -> Hide Microsoft Entries и Verify Code Signatures.

б) Избери File -> Refresh или натисни F5.

в) Избери File -> Export As.

Запази файла на твърдия диск и копирай съдържанието му в темата.

 

а) Инсталирай HijackThis и преименувай HiJackThis.exe (.exe файла, а не shortcut-a на работния плот) на нещо друго по твой избор.

б) Стартирай го.

в) Избери Do a system scan and save a logfile.

Запази файла някъде на твърдия диск и след това копирай съдържанието му в темата, заедно с това от Log-файла на Autoruns.

[slavi georgiev]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:30:30, on 19.7.2008 г.

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\FlashGet\Flashget.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\WINDOWS\VMSnap23.exe

C:\WINDOWS\Domino.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\MP4 Player\mp4Player.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Webteh\BSplayerPro\bsplayer.exe

C:\Program Files\Trend Micro\HijackThis\slavipg.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: TBSB00196 - {1236D836-E9BA-4175-894F-2072A14D5A26} - C:\Program Files\WebMoney Advisor\wmadvisor.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Flashget] C:\PROGRA~1\FlashGet\Flashget.exe /min

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"

O4 - HKLM\..\Run: [bigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe

O4 - HKLM\..\Run: [bigDogPath323Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [Hide-The-IP] "C:\Program Files\Hide The IP\HideTheIP.exe" /startup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll

O9 - Extra 'Tools' menuitem: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll

O9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\PROGRA~1\SkyCode\WEBTRA~1\wt2ie.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180520526328

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://77.77.141.197/activex/AMC.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

 

--

End of file - 9908 bytes

 

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ Adobe Photo Downloader Adobe Photo Downloader 4.0 component (Verified) Adobe Systems Incorporated c:\program files\adobe\photoshop elements 6.0\apdproxy.exe

+ avast! avast! service GUI component (Verified) ALWIL Software c:\program files\alwil software\avast4\ashdisp.exe

+ BigDogPath323Domino Vimicro (Not verified) Vimicro c:\windows\domino.exe

+ BigDogPath323VMSnap c:\windows\vmsnap23.exe

+ Flashget FlashGet (Verified) Trend Media Corporation Limited c:\program files\flashget\flashget.exe

+ Hide-The-IP File not found: C:\Program Files\Hide The IP\HideTheIP.exe

+ NeroFilterCheck NeroCheck (Not verified) Nero AG c:\windows\system32\nerocheck.exe

+ RemoteControl PowerDVD RC Service (Not verified) Cyberlink Corp. c:\program files\cyberlink\powerdvd\pdvdserv.exe

+ Samsung PanelMgr c:\windows\samsung\panelmgr\ssmmgr.exe

+ Ulead AutoDetector MONITOR (Not verified) Ulead Systems, Inc. c:\program files\ulead systems\ulead photo explorer 8.0 se basic\monitor.exe

+ Ulead Photo Express Calendar Checker Photo Express -- Calendar Checker (Not verified) Ulead Systems, Inc. c:\program files\ulead systems\ulead photo express 5 se\calcheck.exe

+ WinampAgent c:\program files\winamp\winampa.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ MP4 Player c:\program files\mp4 player\mp4player.exe

+ NBJ Nero BackItUp Scheduler Application (Not verified) Ahead Software AG c:\program files\ahead\nero backitup\nbj.exe

+ SUPERAntiSpyware SUPERAntiSpyware (Verified) SuperAdBlocker.com c:\program files\superantispyware\superantispyware.exe

+ swg GoogleToolbarNotifier (Verified) Google Inc c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe

HKLM\SOFTWARE\Classes\Protocols\Handler

+ ms-itss Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\information retrieval\msitss.dll

+ siteadvisor SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\siteadv.dll

+ skype4com Skype for COM API (Verified) Skype Technologies SA c:\program files\common files\skype\skype4com.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: About:Home

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ SABShellExecuteHook Class ShellExecuteHook (Not verified) SuperAdBlocker.com c:\program files\superantispyware\sasseh.dll

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers

+ avast avast! Shell Extension (Verified) ALWIL Software c:\program files\alwil software\avast4\ashshell.dll

+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll

+ WinRAR c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers

+ MBAMShlExt Malwarebytes' Anti-Malware shell extension (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\mbamext.dll

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll

+ WinRAR c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers

+ WinRAR c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers

+ avast avast! Shell Extension (Verified) ALWIL Software c:\program files\alwil software\avast4\ashshell.dll

+ MBAMShlExt Malwarebytes' Anti-Malware shell extension (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\mbamext.dll

+ WinRAR c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ avast avast! Shell Extension (Verified) ALWIL Software c:\program files\alwil software\avast4\ashshell.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 6.0 for ActivieX (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll

+ Flashget Catch Url Class Flashget CatchUrl Module (Not verified) www.flashget.com c:\program files\flashget\jccatch.dll

+ FlashGet GetFlash Class Flashget GetFlash Module (Verified) Trend Media Corporation Limited c:\program files\flashget\getflash.dll

+ Google Toolbar Helper Google IE Client Toolbar (Verified) Google Inc c:\program files\google\googletoolbar1.dll

+ Google Toolbar Notifier BHO GoogleToolbarNotifier (Verified) Google Inc c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll

+ Skype add-on (mastermind) Skype add-on for IE (Verified) Skype Technologies SA c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

+ TBSB00196 Class IE Toolbar Engine c:\program files\webmoney advisor\wmadvisor.dll

+ {089FD14D-132B-48FC-8861-0048AE113215} SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\siteadv.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ &Google Google IE Client Toolbar (Verified) Google Inc c:\program files\google\googletoolbar1.dll

+ McAfee SiteAdvisor SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\siteadv.dll

+ WebMoney Advisor IE Toolbar Engine c:\program files\webmoney advisor\wmadvisor.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ FlashGet FlashGet (Verified) Trend Media Corporation Limited c:\program files\flashget\flashget.exe

+ ICQ6 ICQ Library (Verified) ICQ c:\program files\icq6\icq.exe

HKLM\System\CurrentControlSet\Services

+ AdobeActiveFileMonitor6.0 Tracks files that are managed by Adobe Photoshop Elements (Verified) Adobe Systems Incorporated c:\program files\adobe\photoshop elements 6.0\photoshopelementsfileagent.exe

+ aswUpdSv Provides automatic updating for the avast! antivirus. (Verified) ALWIL Software c:\program files\alwil software\avast4\aswupdsv.exe

+ avast! Antivirus Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. (Verified) ALWIL Software c:\program files\alwil software\avast4\ashserv.exe

+ SiteAdvisor Service Provides low-level support for McAfee SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\saservice.exe

HKLM\System\CurrentControlSet\Services

+ Aavmker4 avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP (Verified) ALWIL Software c:\windows\system32\drivers\aavmker4.sys

+ aswFsBlk avast! mini-filter driver (aswFsBlk) (Verified) ALWIL Software c:\windows\system32\drivers\aswfsblk.sys

+ aswMon2 avast! File System Filter Driver for Windows XP (Verified) ALWIL Software c:\windows\system32\drivers\aswmon2.sys

+ aswRdr avast! TDI RDR Driver (Verified) ALWIL Software c:\windows\system32\drivers\aswrdr.sys

+ aswSP avast! self protection module (Verified) ALWIL Software c:\windows\system32\drivers\aswsp.sys

+ aswTdi avast! TDI Filter Driver (Verified) ALWIL Software c:\windows\system32\drivers\aswtdi.sys

+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys

+ DgiVecp Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes (Not verified) Samsung Electronics Co., Ltd. c:\windows\system32\drivers\dgivecp.sys

+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys

+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys

+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys

+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys

+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys

+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys

+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ SASDIFSV SASDIFSV.SYS (Verified) SuperAdBlocker.com c:\program files\superantispyware\sasdifsv.sys

+ SASENUM SASENUM.SYS (Verified) SuperAdBlocker.com c:\program files\superantispyware\sasenum.sys

+ SASKUTIL SASKUTIL.SYS (Verified) SuperAdBlocker.com c:\program files\superantispyware\saskutil.sys

+ vmfilter323 VC323, MRD, Feature(VGA), FaceTracking (Not verified) Vimicro Corporation c:\windows\system32\drivers\vmfilter323.sys

+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

+ ZSMC326 VM323 Video Driver (Not verified) Vimicro Corporation c:\windows\system32\drivers\usbvm323.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ !SASWinLogon SUPERAntiSpyware WinLogon Processor (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\saswinlo.dll

+ WgaLogon Windows Genuine Advantage Validation (Not verified) Microsoft Corporation c:\windows\system32\wgalogon.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging (Not verified) Microsoft Corporation c:\windows\system32\mdimon.dll

[Aquarius]

SUPERAntiSpyware откри ли нещо? Avast продължава ли да визуализира аларми?

[slavi georgiev]

откри adware.tracking cookie

и преди 2 минути пак писна аваста

 

на скенера ми пише last infected gest.ivefound.com/cont/_paypopup

 

май това е сайта

[Night_Raven]

Я дай шот на прозореца на avast!.

[slavi georgiev]

нещо не може да се копира и го снимах с камера

ето

[Night_Raven]

Е, това просто показва кой е последният сканиран файл. Въобще не значи, че е заразен или опасен. Аз искам шот на прозореца на avast!, когато намира заплаха и извежда съобщение какво е открил.

[slavi georgiev]

не мога сега да го направя защото не пищи, ама пиише това от началота на темата

maware

html agen-l

и ми дава съвет да го пратя във virus chest, правя го и излиза съобщение че не може защото се използав от друга програма и ме посъветва нищо да не правя

 

След това пускам авас скенирам с и д и го открива пак malare i го напискам пак това move to chest i като свърши скенирането и ми излиза резутат успешно са изпратени 2 файла във virus chest това е това за първи път го правя преди ги изтривах дано да не пищи повече

 

 

Нали като са в тази кутия са под карантина?

[Aquarius]

Не мога сега да го направя защото не пищи, ама пиише това от началота на темата.

 

Т.е. сега !avast не визуализира съобщения за заплаха?

 

 

И ми дава съвет да го пратя във virus chest, правя го и излиза съобщение че не може защото се използав от друга програма и ме посъветва нищо да не правя.

 

Кой точно файл се използва? Иначе е възможно към него да има отворен манипулатор или пък да е мапнат в адресното пространство на някои друг процес и затова да не може да се премахне.

 

Нали като са в тази кутия са под карантина?

 

Да - Virus Chest = Virus Quarantine.

[slavi georgiev]

да не визуализира заплахи сега, но когато ресидент скенера го хваща и сигнализира, не може да го мовне във вирус чест изпива само, не може защото може би се използва от друг процес но не пише точно кои и само ок едно прозорче може да натиснеш и те съветва после да не правиш нищо

а после като пусна антивирусната да скенира с и д го засича и тази мове то чест опция действа и го поставих в тая кутия ще видим

ако найстинна е в някои друг работещ процес не знам трябва да потърся друга програмка която ги маха въпреки че са работещи