Проблем с интернет връзка

[Blowy]

Здрасти ,

помогнете по следния проблем:

kshd.exe

vdshd.exe

ми създават нова интернет връзка и когато се свържа към нет-а, след няколко секунди ме дисконектва и новата връзка се опитва да се свърже, но не може. Това постоянно ме дисконектва и трябва да се свързвам много често.

До колкото разбрах т'ва не са вируси ?

Имам Security Task Manager, която ги открива, трие, но без да рестартирам компа пак се появяват следните файлове в папка C:\Documents and Settings\User\*.exe

Сега като пиша, не ми спира връзката, но може би защото се бъгна и ми дава само грешки. Сигурен съм, че от следващото пускане на компа пак ще ме изключва от нет-а.

-----------------------

 

Забелязах, че тва се появи, след като ползвах моята флашка/мп3/. Като я изкарах от USB се бъгна, да не е вирус?

[CNews]

Първо дай един лог от HijackThis.

 

И кажи каква ОС Ползваш,на какъв език и на какъв изглед(класически или нормален) ти е контрол панела.А,да,имаш ли сервизни пакети инсталирани?(Имаш ли напр. SP3 3a XP)

[Blowy]

Първо дай един лог от HijackThis.

 

И кажи каква ОС Ползваш,на какъв език и на какъв изглед(класически или нормален) ти е контрол панела.А,да,имаш ли сервизни пакети инсталирани?(Имаш ли напр. SP3 3a XP)

 

Windows XP Media Center Edition + SP 2

English version

Category view mi e Control Panel

 

Ако искаш да търсиш дали тия вирусчета са в лога, май ги няма като процеси

 

loga e

----------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:00:48, on 17.2.2009 г.

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Reader\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [lphcceqj0ejfr] C:\WINDOWS\system32\lphcceqj0ejfr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7533 bytes

[bmvtooo]

CNews предлагаш програмата ,а дори не си обяснил как да се използва (вече има проблем с използването и от един съфорумец който не е разбрал и беше смъмрен за това)

Night_Raven:

Що за глупост си направил. Занапред не използвай HijackThis без инструкции от човек, който е наясно с програмата.

Добре че нашия приятел знае как да я използва!!!

Blowy можеш да изтеглиш тези програми и да сканираш с тях (като след инсталацията им да обновиш дефинициите им - ако не го направят автоматично) SUPERAntiSpyware Free и Malwarebytes' Anti-Malware.

Инфо обаче за системата определено ще трябва!!!

Тази връзка за която казваш има ли я в Мрежови връзки? Ако я има опитай да я забраниш и после да я изтриеш (ако ти позволява изтриване),но по принцип може да се изтрие ако не е за локална мрежа!!!

[Blowy]

CNews предлагаш програмата ,а дори не си обяснил как да се използва (вече има проблем с използването и от един съфорумец който не е разбрал и беше смъмрен за това)

Blowy можеш да изтеглиш тези програми и да сканираш с тях (като след инсталацията им да обновиш дефинициите им - ако не го направят автоматично) SUPERAntiSpyware Free и Malwarebytes' Anti-Malware.

Инфо обаче за системата определено ще трябва!!!

Тази връзка за която казваш има ли я в Мрежови връзки? Ако я има опитай да я забраниш и после да я изтриеш (ако ти позволява изтриване),но по принцип може да се изтрие ако не е за локална мрежа!!!

 

Вече сложих лог файла,

трие се, но се създава самичка автоматично под името "i-connection"

трия и двата фаила в директорията, но след време се появяват пак

[bmvtooo]

От колко време го има този проблем?

Ако има точка на възстановяване на системата преди появяването на проблема можеш да я възстановиш (макар че това е крайна мярка според мен)! Един приятел имаше подобен (незнам понеже не видях ,а и всичко стана от растояние т.е. инструктирах го по скайп) може и да е бил същия проблем ,и се оправи само с възстановяване на системата ,но след изключване на мрежата която използва за интернет и след това рестарт в Safe Mode и от там избор на точка и възстановяване! След което проблема му го нямаше ,а това беше почти преди 6 месеца и от тогава не е имал проблем!!!

Моя съвет обаче е да не бързаш с възстановяване на системата (ако това не е крайно наложително) и дано се включат в темата и други съфорумци (по компетентни от мен разбира се) и да помогнат без да се налага възстановяване на системата!!!

[Night_Raven]

Blowy, както предложи bmvtooo,сканирай с SUPERAntiSpyware Free и Malwarebytes' Anti-Malware

 

За SUPERAntiSpyware:

- стартирай програмата;

- кликни бутон Scan your Computer;

- вляво избери само дял C:, а вдясно избери Perform Complete Scan;

- кликни Next и изчакай да сканира;

- кликни Next, за да се премахнат гадинките и накрая Finish;

- кликни бутон Preferences... и иди на подпрозорец Statistics/Logs, маркирай последния лог и кликни бутон View Log...;

- копирай съдържанието му тук.

 

За Malwarebytes' Anti-Malware:

- стартирай програмата;

- избери Perform quick scan и кликни бутон Scan;

- като приключи сканирането кликни бутон Remove Selected;

- ще се появи текстов файл (лог), копирай съдържанието му тук.

[Blowy]

+ показа порн сайтовете, но тях ги изтрих

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/18/2009 at 11:06 AM

 

Application Version : 4.25.1012

 

Core Rules Database Version : 3716

Trace Rules Database Version: 1690

 

Scan type : Complete Scan

Total Scan Time : 00:26:25

 

Memory items scanned : 416

Memory threats detected : 0

Registry items scanned : 5235

Registry threats detected : 0

File items scanned : 19378

File threats detected : 291

 

Adware.Tracking Cookie

C:\Documents and Settings\And1\Cookies\and1@sitestats.ets[1].txt

C:\Documents and Settings\And1\Cookies\and1@tacoda[3].txt

C:\Documents and Settings\And1\Cookies\and1@clicktorrent[2].txt

C:\Documents and Settings\And1\Cookies\and1@revsci[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.techguy[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.standartnews[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.teenchat[3].txt

C:\Documents and Settings\And1\Cookies\and1@adultadworld[1].txt

C:\Documents and Settings\And1\Cookies\and1@CAZEFNVM.txt

C:\Documents and Settings\And1\Cookies\and1@adbrite[3].txt

C:\Documents and Settings\And1\Cookies\and1@media6degrees[3].txt

C:\Documents and Settings\And1\Cookies\and1@media.adrevolver[1].txt

C:\Documents and Settings\And1\Cookies\and1@gjacket.adbureau[3].txt

C:\Documents and Settings\And1\Cookies\and1@ad.adocean[1].txt

C:\Documents and Settings\And1\Cookies\and1@nl.sitestat[10].txt

C:\Documents and Settings\And1\Cookies\and1@ads.mediageeks[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.ibox[2].txt

C:\Documents and Settings\And1\Cookies\and1@nl.sitestat[8].txt

C:\Documents and Settings\And1\Cookies\and1@koleda.themes.medianet[1].txt

C:\Documents and Settings\And1\Cookies\and1@collective-media[3].txt

C:\Documents and Settings\And1\Cookies\and1@media.brandreachsys[2].txt

C:\Documents and Settings\And1\Cookies\and1@server.cpmstar[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.madisonavenue[3].txt

C:\Documents and Settings\And1\Cookies\and1@ads.city[1].txt

C:\Documents and Settings\And1\Cookies\and1@ice.112.2o7[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad.orbitel[3].txt

C:\Documents and Settings\And1\Cookies\and1@adrevolver[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[4].txt

C:\Documents and Settings\And1\Cookies\and1@ehg-advertisementbv.hitbox[2].txt

C:\Documents and Settings\And1\Cookies\and1@trafficmp[2].txt

C:\Documents and Settings\And1\Cookies\and1@msnportal.112.2o7[1].txt

C:\Documents and Settings\And1\Cookies\and1@realmedia[1].txt

C:\Documents and Settings\And1\Cookies\and1@nl.sitestat[9].txt

C:\Documents and Settings\And1\Cookies\and1@zedo[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad.yieldmanager[2].txt

C:\Documents and Settings\And1\Cookies\and1@apmebf[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad.flux[3].txt

C:\Documents and Settings\And1\Cookies\and1@rambler[1].txt

C:\Documents and Settings\And1\Cookies\and1@counter.search[2].txt

C:\Documents and Settings\And1\Cookies\and1@adv.helikon[2].txt

C:\Documents and Settings\And1\Cookies\and1@burstnet[2].txt

C:\Documents and Settings\And1\Cookies\and1@web-stat[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.essex.enquiries.uk[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad2.doublepimp[2].txt

C:\Documents and Settings\And1\Cookies\and1@nl.sitestat[11].txt

C:\Documents and Settings\And1\Cookies\and1@uk.sitestat[3].txt

C:\Documents and Settings\And1\Cookies\and1@casalemedia[2].txt

C:\Documents and Settings\And1\Cookies\and1@wmmediacorp[1].txt

C:\Documents and Settings\And1\Cookies\and1@yadro[2].txt

C:\Documents and Settings\And1\Cookies\and1@rem.rezonmedia[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.pop[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.cartoonnetwork[2].txt

C:\Documents and Settings\And1\Cookies\and1@rotator.adjuggler[1].txt

C:\Documents and Settings\And1\Cookies\and1@gamesbannernet[1].txt

C:\Documents and Settings\And1\Cookies\and1@advertising[1].txt

C:\Documents and Settings\And1\Cookies\and1@ehg-eset.hitbox[2].txt

C:\Documents and Settings\And1\Cookies\and1@CA8PAPZX.txt

C:\Documents and Settings\And1\Cookies\and1@ads.blizzard[1].txt

C:\Documents and Settings\And1\Cookies\and1@atdmt[2].txt

C:\Documents and Settings\And1\Cookies\and1@xiti[1].txt

C:\Documents and Settings\And1\Cookies\and1@doubleclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@gametracker[3].txt

C:\Documents and Settings\And1\Cookies\and1@www.trafficholder[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.emailfinderpro[1].txt

C:\Documents and Settings\And1\Cookies\and1@adopt.specificclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@hotlog[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.mucunki[1].txt

C:\Documents and Settings\And1\Cookies\and1@statcounter[1].txt

C:\Documents and Settings\And1\Cookies\and1@interclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@grantfinder[2].txt

C:\Documents and Settings\And1\Cookies\and1@at.atwola[2].txt

C:\Documents and Settings\And1\Cookies\and1@questionmarket[1].txt

C:\Documents and Settings\And1\Cookies\and1@game-advertising-online[1].txt

C:\Documents and Settings\And1\Cookies\and1@rm.yieldmanager[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.bridgetrack[2].txt

C:\Documents and Settings\And1\Cookies\and1@imrworldwide[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[6].txt

C:\Documents and Settings\And1\Cookies\and1@serving-sys[2].txt

C:\Documents and Settings\And1\Cookies\and1@advert.technews[2].txt

C:\Documents and Settings\And1\Cookies\and1@CA7JZDEL.txt

C:\Documents and Settings\And1\Cookies\and1@bluestreak[2].txt

C:\Documents and Settings\And1\Cookies\and1@content.yieldmanager.edgesuite[2].txt

C:\Documents and Settings\And1\Cookies\and1@fulltraffic[1].txt

C:\Documents and Settings\And1\Cookies\and1@fastclick[1].txt

C:\Documents and Settings\And1\Cookies\and1@metacafe.122.2o7[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[7].txt

C:\Documents and Settings\And1\Cookies\and1@ads.pointroll[2].txt

C:\Documents and Settings\And1\Cookies\and1@1.sharkadnetwork[2].txt

C:\Documents and Settings\And1\Cookies\and1@mediaplex[1].txt

C:\Documents and Settings\And1\Cookies\and1@uk.sitestat[2].txt

C:\Documents and Settings\And1\Cookies\and1@list[1].txt

C:\Documents and Settings\And1\Cookies\and1@tripod[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad.httpool[1].txt

C:\Documents and Settings\And1\Cookies\and1@ehg-foxsports.hitbox[1].txt

C:\Documents and Settings\And1\Cookies\and1@clickaider[2].txt

C:\Documents and Settings\And1\Cookies\and1@bs.serving-sys[1].txt

C:\Documents and Settings\And1\Cookies\and1@specificmedia[2].txt

C:\Documents and Settings\And1\Cookies\and1@adserver.filefront[2].txt

C:\Documents and Settings\And1\Cookies\and1@googleadservices[1].txt

C:\Documents and Settings\And1\Cookies\and1@nielsen.112.2o7[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.adap[1].txt

C:\Documents and Settings\And1\Cookies\and1@server.iad.liveperson[1].txt

C:\Documents and Settings\And1\Cookies\and1@cgm.adbureau[3].txt

C:\Documents and Settings\And1\Cookies\and1@adbureau[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.gamesbannernet[2].txt

C:\Documents and Settings\And1\Cookies\and1@adtech[1].txt

C:\Documents and Settings\And1\Cookies\and1@hitbox[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.clickmanage[2].txt

C:\Documents and Settings\And1\Cookies\and1@imagevenue.advertserve[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[8].txt

C:\Documents and Settings\And1\Cookies\and1@content.yieldmanager[2].txt

C:\Documents and Settings\And1\Cookies\and1@content.yieldmanager[3].txt

C:\Documents and Settings\And1\Cookies\and1@emailfinderpro[2].txt

C:\Documents and Settings\And1\Cookies\and1@CATEC0JQ.txt

C:\Documents and Settings\And1\Cookies\and1@media.exchange[3].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[5].txt

C:\Documents and Settings\And1\Cookies\and1@stat.onestat[2].txt

C:\Documents and Settings\And1\Cookies\and1@CAVVGNLW.txt

C:\Documents and Settings\And1\Cookies\and1@web4.realtracker[1].txt

C:\Documents and Settings\And1\Cookies\and1@revenue[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.addfreestats[1].txt

C:\Documents and Settings\And1\Cookies\and1@tribalfusion[1].txt

C:\Documents and Settings\And1\Cookies\and1@teenchat[2].txt

C:\Documents and Settings\And1\Cookies\and1@statse.webtrendslive[1].txt

C:\Documents and Settings\And1\Cookies\and1@windowsmedia[2].txt

C:\Documents and Settings\And1\Cookies\and1@ehg-legonewyorkinc.hitbox[2].txt

C:\Documents and Settings\And1\Cookies\and1@2o7[1].txt

C:\Documents and Settings\And1\Cookies\and1@specificclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@adserver.adtechus[1].txt

C:\Documents and Settings\And1\Cookies\and1@server.cpmstar[1].txt

C:\Documents and Settings\And1\Cookies\and1@collective-media[2].txt

C:\Documents and Settings\And1\Cookies\and1@adopt.euroclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@incentaclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.incentaclick[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.kaldata[2].txt

C:\Documents and Settings\And1\Cookies\and1@clickaider[1].txt

C:\Documents and Settings\And1\Cookies\and1@gjacket.adbureau[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.realtechnetwork[2].txt

C:\Documents and Settings\And1\Cookies\and1@italianfriendfinder[2].txt

C:\Documents and Settings\And1\Cookies\and1@adv.gamerzhut[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.fresh[1].txt

C:\Documents and Settings\And1\Cookies\and1@adserver.filefront[1].txt

C:\Documents and Settings\And1\Cookies\and1@friendfinder[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[3].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.googleadservices[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.mobygames[1].txt

C:\Documents and Settings\And1\Cookies\and1@media.exchange[2].txt

C:\Documents and Settings\And1\Cookies\and1@chokertraffic[2].txt

C:\Documents and Settings\And1\Cookies\and1@adserver2.spele[2].txt

C:\Documents and Settings\And1\Cookies\and1@insightexpressai[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.cartoonnetwork[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.fpctraffic2[2].txt

C:\Documents and Settings\And1\Cookies\and1@media6degrees[1].txt

C:\Documents and Settings\And1\Cookies\and1@teenproblem[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.teenchat[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad.mp-gamer[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.teenproblem[1].txt

C:\Documents and Settings\And1\Cookies\and1@trafficshop[2].txt

C:\Documents and Settings\And1\Cookies\and1@ads.clicksor[2].txt

C:\Documents and Settings\And1\Cookies\and1@gametracker[2].txt

C:\Documents and Settings\And1\Cookies\and1@adultadworld[2].txt

C:\Documents and Settings\And1\Cookies\and1@toplist[3].txt

C:\Documents and Settings\And1\Cookies\and1@toplist[1].txt

C:\Documents and Settings\And1\Cookies\and1@adultfriendfinder[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad.yieldmanager[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad.orbitel[1].txt

C:\Documents and Settings\And1\Cookies\and1@zanox[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad.biscom[1].txt

C:\Documents and Settings\And1\Cookies\and1@account.live[1].txt

C:\Documents and Settings\And1\Cookies\and1@track.webtrekk[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad.flux[1].txt

C:\Documents and Settings\And1\Cookies\and1@ad2.bbmedia[2].txt

C:\Documents and Settings\And1\Cookies\and1@ad2.doublepimp[1].txt

C:\Documents and Settings\And1\Cookies\and1@adbrite[1].txt

C:\Documents and Settings\And1\Cookies\and1@adfarm1.adition[1].txt

C:\Documents and Settings\And1\Cookies\and1@adinterax[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.madisonavenue[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.ibox[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.icepique[1].txt

C:\Documents and Settings\And1\Cookies\and1@ads.revsci[1].txt

C:\Documents and Settings\And1\Cookies\and1@cgm.adbureau[1].txt

C:\Documents and Settings\And1\Cookies\and1@counter.search[1].txt

C:\Documents and Settings\And1\Cookies\and1@myroitracking[1].txt

C:\Documents and Settings\And1\Cookies\and1@prospect.adbureau[2].txt

C:\Documents and Settings\And1\Cookies\and1@revsci[1].txt

C:\Documents and Settings\And1\Cookies\and1@sitestats.ets[2].txt

C:\Documents and Settings\And1\Cookies\and1@stats.adbrite[1].txt

C:\Documents and Settings\And1\Cookies\and1@tacoda[2].txt

C:\Documents and Settings\And1\Cookies\and1@viacom.adbureau[2].txt

C:\Documents and Settings\And1\Cookies\and1@www.trafficholder[1].txt

C:\Documents and Settings\And1\Cookies\and1@www.trafficshops[2].txt

C:\Documents and Settings\gaby\Cookies\gaby@yadro[2].txt

[Night_Raven]

1. Не си обновил SUPERAntiSpyware.

2. Липсва лог от Malwarebytes' Anti-Malware.

Не разбирам как очакваш помощ, след като не изпълняваш инструкции.

[Blowy]

и двете са c Updated virus definitions! Другото иска purchase :]

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/18/2009 at 12:18 PM

 

Application Version : 4.25.1012

 

Core Rules Database Version : 3764

Trace Rules Database Version: 1725

 

Scan type : Complete Scan

Total Scan Time : 00:30:45

 

Memory items scanned : 423

Memory threats detected : 0

Registry items scanned : 5248

Registry threats detected : 0

File items scanned : 19394

File threats detected : 1

 

Adware.Tracking Cookie

C:\Documents and Settings\And1\Cookies\and1@counter.search[1].txt

 

 

------------------------

 

Malwarebytes' Anti-Malware 1.34

Database version: 1773

Windows 5.1.2600 Service Pack 2

 

18.2.2009 г. 12:12:11

mbam-log-2009-02-18 (12-12-11).txt

 

Scan type: Quick Scan

Objects scanned: 75896

Time elapsed: 9 minute(s), 21 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 10

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Documents and Settings\And1\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\And1\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

[Night_Raven]

Рестартирай системата и кажи дали проблемът е още налице.

 

P.S.: нито една от двете програми не изисква закупуване за обновяване или почистване.

[Blowy]

е, проблемът си стой

btw от вчера е

[Night_Raven]

Изтегли GMER. Разархивирай и стартирай програмата. Тя ще направи начално сканиране за секунди. След като то приключи НЕ кликай бутон Scan, а кликни бутон Copy и после пейстни съдържанието тук (Ctrl+V).

[Blowy]

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-02-18 13:03:54

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.14 ----

 

SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF75A85DC]

SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF75B4120]

 

---- Devices - GMER 1.0.14 ----

 

Device \FileSystem\Ntfs \Ntfs 83B1A880

 

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

 

---- Modules - GMER 1.0.14 ----

 

Module _________ F750A000-F7522000 (98304 bytes)

 

---- EOF - GMER 1.0.14 ----

 

 

до вечерта

[Night_Raven]

Изтегли ESET SysInspector и:

1) стартирай я и изчакай да събере информацията;

2) меню File -> Save Log;

3) потвърди с Yes;

4) запази файла на удобно за теб място и го прикачи после към коментара си.