slavi georgiev Публикувано Юли 18, 2008 Report Share Публикувано Юли 18, 2008 преди 2 дена вязох в един сайт за картини и бои и ми писна аваста malwarename: html:agent-l [expl]type exploit на резидент скенера ми отчете infected paypopup(1)htm това е някакъв зловреден код според менпуснах аваста намира го изтривам го и пак се появи след 1 ден. пак писна и тоя път с ad aweare скенирах и го изчисти 2 инфектирани файла имах в windolsxp\documents and settings ако някои е имал такъв проблем да пише зло ли е това нещо. Аз мисля, че го махнах, но няма нищо сигурно Цитирай Link to comment Сподели другаде More sharing options...
dimd Публикувано Юли 18, 2008 Report Share Публикувано Юли 18, 2008 За твое успокоение сканирай с това :http://www.softvisia.com/download.php?view.1228 Цитирай Link to comment Сподели другаде More sharing options...
Aquarius Публикувано Юли 18, 2008 Report Share Публикувано Юли 18, 2008 Ако след сканирането и евентуално премахването на заплахитe с Malwarebytes' Anti-Malware все още имаш проблеми, пиши тук в темата, за да ти дадем инструкции кaк да предоставиш Log-файлове от Autoruns и HijackThis. Цитирай Link to comment Сподели другаде More sharing options...
slavi georgiev Публикувано Юли 19, 2008 Author Report Share Публикувано Юли 19, 2008 Изгеглих Malwarebytes Anti-Malware 1.21 скенирам с нея и ето: Trojan.BHO File C:\PROGRAM FILES\Web money advisor\t..Trojan.bho registry key hkey_classes_root\clsid\{..Trojan.bho registry key hkey_classes_root-interface\{..и още три ключа със същия троянец премахнах ги и след 2 3 минути пак ми пина аваста Пуснах го откри два файла заразени и дадох rename\ move опция или незнам точно как беше, защото предните дни натисках delete и казва че ги трие ама...Тази гадинка направо Web money е атакувала аз как не се осетих още ония дни, този сайт дето виказах че ме зарази това е интернет магазин, български. Само как него записах от скенера на аваста да ви го кажа Според мен някоя връзка не може да се изчисти щом се активира гадинката всеки ден Не знам с HighJack ли да пробвам или с друго?После пак скенирах с аваст пълно и с Malwarebytes Anti-Malware 1.21 пълно и нищо не отчете изтрих temporary file folder i cookies ot brawsera i restartirah i ето ме сега пиша, сигурно пак ще се появи това нещо, но и другото е интересно, защо аваст не го засича като троянец , а Malwarebytes Anti-Malware 1.21 го откри като такъв Цитирай Link to comment Сподели другаде More sharing options...
comando1302 Публикувано Юли 19, 2008 Report Share Публикувано Юли 19, 2008 Изтегли CCleaner 2.09.600 пусния да ти почисти компа,след това сканирай с SUPERAntiSpyware Free Edition 4.15.1000 и двете ги има в сайта, и след това сподели твоето мнение.Поздрави... Цитирай Link to comment Сподели другаде More sharing options...
Aquarius Публикувано Юли 19, 2008 Report Share Публикувано Юли 19, 2008 Пусни едно сканиране и със SUPERAntiSpyware Free. След като сканираш и евентуално премахнеш заплахите, пусни Log-файлове от AutoRuns и HiJackthis v2.0.2.Стартирай файла Autoruns.exe и направи следното:а) Избери Options -> Hide Microsoft Entries и Verify Code Signatures. б) Избери File -> Refresh или натисни F5. в) Избери File -> Export As. Запази файла на твърдия диск и копирай съдържанието му в темата. а) Инсталирай HijackThis и преименувай HiJackThis.exe (.exe файла, а не shortcut-a на работния плот) на нещо друго по твой избор. б) Стартирай го.в) Избери Do a system scan and save a logfile.Запази файла някъде на твърдия диск и след това копирай съдържанието му в темата, заедно с това от Log-файла на Autoruns. Цитирай Link to comment Сподели другаде More sharing options...
slavi georgiev Публикувано Юли 19, 2008 Author Report Share Публикувано Юли 19, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:30:30, on 19.7.2008 г.Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\S3trayp.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\PROGRA~1\FlashGet\Flashget.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exeC:\WINDOWS\VMSnap23.exeC:\WINDOWS\Domino.exeC:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exeC:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\Samsung\PanelMgr\ssmmgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\MP4 Player\mp4Player.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\SiteAdvisor\6261\SAService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Webteh\BSplayerPro\bsplayer.exeC:\Program Files\Trend Micro\HijackThis\slavipg.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.infoR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO2 - BHO: TBSB00196 - {1236D836-E9BA-4175-894F-2072A14D5A26} - C:\Program Files\WebMoney Advisor\wmadvisor.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [s3Trayp] S3trayp.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [Flashget] C:\PROGRA~1\FlashGet\Flashget.exe /minO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"O4 - HKLM\..\Run: [bigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exeO4 - HKLM\..\Run: [bigDogPath323Domino] C:\WINDOWS\Domino.exeO4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exeO4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exeO4 - HKLM\..\Run: [Hide-The-IP] "C:\Program Files\Hide The IP\HideTheIP.exe" /startupO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorunO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmwO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htmO8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dllO9 - Extra 'Tools' menuitem: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dllO9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\PROGRA~1\SkyCode\WEBTRA~1\wt2ie.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180520526328O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Br...018/flashax.cabO16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://77.77.141.197/activex/AMC.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe --End of file - 9908 bytes HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + Adobe Photo Downloader Adobe Photo Downloader 4.0 component (Verified) Adobe Systems Incorporated c:\program files\adobe\photoshop elements 6.0\apdproxy.exe+ avast! avast! service GUI component (Verified) ALWIL Software c:\program files\alwil software\avast4\ashdisp.exe+ BigDogPath323Domino Vimicro (Not verified) Vimicro c:\windows\domino.exe+ BigDogPath323VMSnap c:\windows\vmsnap23.exe+ Flashget FlashGet (Verified) Trend Media Corporation Limited c:\program files\flashget\flashget.exe+ Hide-The-IP File not found: C:\Program Files\Hide The IP\HideTheIP.exe+ NeroFilterCheck NeroCheck (Not verified) Nero AG c:\windows\system32\nerocheck.exe+ RemoteControl PowerDVD RC Service (Not verified) Cyberlink Corp. c:\program files\cyberlink\powerdvd\pdvdserv.exe+ Samsung PanelMgr c:\windows\samsung\panelmgr\ssmmgr.exe+ Ulead AutoDetector MONITOR (Not verified) Ulead Systems, Inc. c:\program files\ulead systems\ulead photo explorer 8.0 se basic\monitor.exe+ Ulead Photo Express Calendar Checker Photo Express -- Calendar Checker (Not verified) Ulead Systems, Inc. c:\program files\ulead systems\ulead photo express 5 se\calcheck.exe+ WinampAgent c:\program files\winamp\winampa.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Run + MP4 Player c:\program files\mp4 player\mp4player.exe+ NBJ Nero BackItUp Scheduler Application (Not verified) Ahead Software AG c:\program files\ahead\nero backitup\nbj.exe+ SUPERAntiSpyware SUPERAntiSpyware (Verified) SuperAdBlocker.com c:\program files\superantispyware\superantispyware.exe+ swg GoogleToolbarNotifier (Verified) Google Inc c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exeHKLM\SOFTWARE\Classes\Protocols\Handler + ms-itss Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\information retrieval\msitss.dll+ siteadvisor SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\siteadv.dll+ skype4com Skype for COM API (Verified) Skype Technologies SA c:\program files\common files\skype\skype4com.dllHKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 File not found: About:HomeHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + SABShellExecuteHook Class ShellExecuteHook (Not verified) SuperAdBlocker.com c:\program files\superantispyware\sasseh.dllHKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + avast avast! Shell Extension (Verified) ALWIL Software c:\program files\alwil software\avast4\ashshell.dll+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll+ WinRAR c:\program files\winrar\rarext.dll+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dllHKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers + MBAMShlExt Malwarebytes' Anti-Malware shell extension (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\mbamext.dllHKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + SASContextMenu Class SUPERAntiSpyware Context Menu Extension (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll+ WinRAR c:\program files\winrar\rarext.dll+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dllHKLM\Software\Classes\Directory\Shellex\DragDropHandlers + WinRAR c:\program files\winrar\rarext.dll+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dllHKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + avast avast! Shell Extension (Verified) ALWIL Software c:\program files\alwil software\avast4\ashshell.dll+ MBAMShlExt Malwarebytes' Anti-Malware shell extension (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\mbamext.dll+ WinRAR c:\program files\winrar\rarext.dll+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + avast avast! Shell Extension (Verified) ALWIL Software c:\program files\alwil software\avast4\ashshell.dll+ Display Panning CPL Extension File not found: deskpan.dll+ WinRAR shell extension c:\program files\winrar\rarext.dll+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + AcroIEHlprObj Class Adobe Acrobat IE Helper Version 6.0 for ActivieX (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll+ Flashget Catch Url Class Flashget CatchUrl Module (Not verified) www.flashget.com c:\program files\flashget\jccatch.dll+ FlashGet GetFlash Class Flashget GetFlash Module (Verified) Trend Media Corporation Limited c:\program files\flashget\getflash.dll+ Google Toolbar Helper Google IE Client Toolbar (Verified) Google Inc c:\program files\google\googletoolbar1.dll+ Google Toolbar Notifier BHO GoogleToolbarNotifier (Verified) Google Inc c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll+ Skype add-on (mastermind) Skype add-on for IE (Verified) Skype Technologies SA c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll+ TBSB00196 Class IE Toolbar Engine c:\program files\webmoney advisor\wmadvisor.dll+ {089FD14D-132B-48FC-8861-0048AE113215} SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\siteadv.dllHKLM\Software\Microsoft\Internet Explorer\Toolbar + &Google Google IE Client Toolbar (Verified) Google Inc c:\program files\google\googletoolbar1.dll+ McAfee SiteAdvisor SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\siteadv.dll+ WebMoney Advisor IE Toolbar Engine c:\program files\webmoney advisor\wmadvisor.dllHKLM\Software\Microsoft\Internet Explorer\Extensions + FlashGet FlashGet (Verified) Trend Media Corporation Limited c:\program files\flashget\flashget.exe+ ICQ6 ICQ Library (Verified) ICQ c:\program files\icq6\icq.exeHKLM\System\CurrentControlSet\Services + AdobeActiveFileMonitor6.0 Tracks files that are managed by Adobe Photoshop Elements (Verified) Adobe Systems Incorporated c:\program files\adobe\photoshop elements 6.0\photoshopelementsfileagent.exe+ aswUpdSv Provides automatic updating for the avast! antivirus. (Verified) ALWIL Software c:\program files\alwil software\avast4\aswupdsv.exe+ avast! Antivirus Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. (Verified) ALWIL Software c:\program files\alwil software\avast4\ashserv.exe+ SiteAdvisor Service Provides low-level support for McAfee SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\saservice.exeHKLM\System\CurrentControlSet\Services + Aavmker4 avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP (Verified) ALWIL Software c:\windows\system32\drivers\aavmker4.sys+ aswFsBlk avast! mini-filter driver (aswFsBlk) (Verified) ALWIL Software c:\windows\system32\drivers\aswfsblk.sys+ aswMon2 avast! File System Filter Driver for Windows XP (Verified) ALWIL Software c:\windows\system32\drivers\aswmon2.sys+ aswRdr avast! TDI RDR Driver (Verified) ALWIL Software c:\windows\system32\drivers\aswrdr.sys+ aswSP avast! self protection module (Verified) ALWIL Software c:\windows\system32\drivers\aswsp.sys+ aswTdi avast! TDI Filter Driver (Verified) ALWIL Software c:\windows\system32\drivers\aswtdi.sys+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys+ DgiVecp Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes (Not verified) Samsung Electronics Co., Ltd. c:\windows\system32\drivers\dgivecp.sys+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys+ SASDIFSV SASDIFSV.SYS (Verified) SuperAdBlocker.com c:\program files\superantispyware\sasdifsv.sys+ SASENUM SASENUM.SYS (Verified) SuperAdBlocker.com c:\program files\superantispyware\sasenum.sys+ SASKUTIL SASKUTIL.SYS (Verified) SuperAdBlocker.com c:\program files\superantispyware\saskutil.sys+ vmfilter323 VC323, MRD, Feature(VGA), FaceTracking (Not verified) Vimicro Corporation c:\windows\system32\drivers\vmfilter323.sys+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys+ ZSMC326 VM323 Video Driver (Not verified) Vimicro Corporation c:\windows\system32\drivers\usbvm323.sysHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + !SASWinLogon SUPERAntiSpyware WinLogon Processor (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\saswinlo.dll+ WgaLogon Windows Genuine Advantage Validation (Not verified) Microsoft Corporation c:\windows\system32\wgalogon.dllHKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors + Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging (Not verified) Microsoft Corporation c:\windows\system32\mdimon.dll Цитирай Link to comment Сподели другаде More sharing options...
Aquarius Публикувано Юли 19, 2008 Report Share Публикувано Юли 19, 2008 SUPERAntiSpyware откри ли нещо? Avast продължава ли да визуализира аларми? Цитирай Link to comment Сподели другаде More sharing options...
slavi georgiev Публикувано Юли 20, 2008 Author Report Share Публикувано Юли 20, 2008 откри adware.tracking cookieи преди 2 минути пак писна аваста на скенера ми пише last infected gest.ivefound.com/cont/_paypopup май това е сайта Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Юли 20, 2008 Report Share Публикувано Юли 20, 2008 Я дай шот на прозореца на avast!. Цитирай Link to comment Сподели другаде More sharing options...
slavi georgiev Публикувано Юли 20, 2008 Author Report Share Публикувано Юли 20, 2008 нещо не може да се копира и го снимах с камераето Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Юли 20, 2008 Report Share Публикувано Юли 20, 2008 Е, това просто показва кой е последният сканиран файл. Въобще не значи, че е заразен или опасен. Аз искам шот на прозореца на avast!, когато намира заплаха и извежда съобщение какво е открил. Цитирай Link to comment Сподели другаде More sharing options...
slavi georgiev Публикувано Юли 20, 2008 Author Report Share Публикувано Юли 20, 2008 не мога сега да го направя защото не пищи, ама пиише това от началота на темата maware html agen-l и ми дава съвет да го пратя във virus chest, правя го и излиза съобщение че не може защото се използав от друга програма и ме посъветва нищо да не правя След това пускам авас скенирам с и д и го открива пак malare i го напискам пак това move to chest i като свърши скенирането и ми излиза резутат успешно са изпратени 2 файла във virus chest това е това за първи път го правя преди ги изтривах дано да не пищи повече Нали като са в тази кутия са под карантина? Цитирай Link to comment Сподели другаде More sharing options...
Aquarius Публикувано Юли 20, 2008 Report Share Публикувано Юли 20, 2008 Не мога сега да го направя защото не пищи, ама пиише това от началота на темата. Т.е. сега !avast не визуализира съобщения за заплаха? И ми дава съвет да го пратя във virus chest, правя го и излиза съобщение че не може защото се използав от друга програма и ме посъветва нищо да не правя. Кой точно файл се използва? Иначе е възможно към него да има отворен манипулатор или пък да е мапнат в адресното пространство на някои друг процес и затова да не може да се премахне. Нали като са в тази кутия са под карантина? Да - Virus Chest = Virus Quarantine. Цитирай Link to comment Сподели другаде More sharing options...
slavi georgiev Публикувано Юли 20, 2008 Author Report Share Публикувано Юли 20, 2008 да не визуализира заплахи сега, но когато ресидент скенера го хваща и сигнализира, не може да го мовне във вирус чест изпива само, не може защото може би се използва от друг процес но не пише точно кои и само ок едно прозорче може да натиснеш и те съветва после да не правиш нищо а после като пусна антивирусната да скенира с и д го засича и тази мове то чест опция действа и го поставих в тая кутия ще видим ако найстинна е в някои друг работещ процес не знам трябва да потърся друга програмка която ги маха въпреки че са работещи Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.