[hannyp]

Please help !!!!!

Mano kompiuteris neleidžia man eiti į Pridėti ar pašalinti programas, ji sako, ryšys denjė kaip aš neturiu institucijai ir susisiekite su sistemos administratoriumi, tai mano PC (laptop) ir tik aš ir mano vyras turi sąskaitas įsteigtas kompiuteris, bandžiau pagal savo sąskaitą ir sako tą patį. Kaip galėčiau gauti šį rūšiuoti?

Mes laikome šią žinią pasirodys "Windows Security perspėjimas, įspėjimas potencialių šnipinėjimo operacijos. Kaip aš galiu nutraukti šią atsiranda?

Ačiū
Hannah

[philthomas]

Jums gali būti geriau parašėte šio Virus, Spyware & Security forumas

[hannyp]

Temos sujungtos.

[evilfantasy]

Perkelta į virusų, šnipinėjimo ir saugumo forumas.

Pažiūrėkime iš HijackThis prašom.

Atsisiųsti HijackThis darbalaukyje.
Dukart spustelėkite failą, kurį ką tik atsisiųstų.
Paspauskite "Įdiegti"Mygtuką, norėdami nustatyti.
Tai bus pagal numatytąją diegimo Directory -- C: \ Program Files \ Trend Micro \ HijackThis
Please don't pakeisti numatytąją diegimo vietą.
Po install, HijackThis turėtų atverti jums.

Kitas spustelėkite "Ar sistema nuskaito ir išsaugokite failą " mygtuką.
HijackThis bus nuskaityti ir tada žurnale bus atidaryta Notepad.
Į viršų kairėje Notepad lange Failas > "Save As" pavadinimas tai HijackThis tada išsaugokite jį Desktop.
Prašome įrašyti kaip tekstas žurnale (. TXT) Failo arba. Žurnalas
Daryti NĖRA pridėti MS Word . DOC failai, jie negali būti vertinami!
Į savo pranešimą, pridėti Prisijungti su Attachment.
* Neturite HijackThis nustatyti kas dar. Daugiausia, ką ji mano bus nekenksmingas ir netgi būtinas.
** Nenaudokite panagrinėti šį mygtuką. Jis išvados yra pavojingi, jeigu neteisingai.

Vadovas pritvirtinti žurnaluose paštu

[hannyp]

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 7:42:43 dėl 11/25/2007
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
C: \ WINDOWS \ system32 \ bgsvcgen.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
C: \ Program Files \ Norton AntiVirus \ IWP \ NPFMntor.exe
C: \ Program Files \ "Samsung \" Samsung Network Manager \ SNMWLANService.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ printer.exe
C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ Nokia \ Nokia EDS \ EDSAgent.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ Program Files \ Nokia \ AVStation Premium 3,75 \ AVSAgent.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Nokia \ Nokia Battery Manager \ BatteryManager.exe
C: \ Program Files \ SAMSUNG \ MagicKBD \ MagicKBD.exe
C: \ Program Files \ Nokia \ DISPLAYMANAGER \ DisplayManager.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
C: \ WINDOWS \ SM1BG.EXE
C: \ Program Files \ Nokia \ DISPLAYMANAGER \ dmhkcore.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ Common Files \ PCPrivacyTool \ mc.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
C: \ Program Files \ FinePixViewer \ QuickDCF2.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Microsoft Office \ Office \ Osa.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqSTE08.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Nokia \ Nokia Atnaujinti Plus \ SLUTrayNotifier.exe
C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Easy SpyRemover \ EasySpyRemover.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
F2 - REG: System.ini: shell = explorer.exe C: \ WINDOWS \ system32 \ printer.exe
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ GoogleToolbar2.dll
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [SAS] C: \ Program Files \ Nokia \ Nokia EDS \ EDSAgent.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [AVStation Premium 3,75] C: \ Program Files \ Nokia \ AVStation Premium 3,75 \ AVSAgent.exe
O4 - HKLM \ .. \ Run: [MagicKeyboard] C: \ Program Files \ SAMSUNG \ MagicKBD \ PreMKBD.exe
O4 - HKLM \ .. \ Run: [RestoreIT!] "C: \ Program Files \ Phoenix Technologies Ltd \ RecoverPro_XP \ VBPTASK.EXE" VBStart
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [BatteryManager] C: \ Program Files \ Nokia \ Nokia Battery Manager \ BatteryManager.exe
O4 - HKLM \ .. \ Run: [DMHotKey] C: \ Program Files \ Nokia \ DISPLAYMANAGER \ DMLoader.exe
O4 - HKLM \ .. \ Run: [DISPLAYMANAGER] C: \ Program Files \ Nokia \ DISPLAYMANAGER \ DisplayManager.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe"
O4 - HKLM \ .. \ Run: [SM1BG] C: \ WINDOWS \ SM1BG.EXE
O4 - HKLM \ .. \ Run: [adiras] adiras.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / vartotojų
O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / autorun
O4 - HKLM \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKLM \ .. \ Run: [Salestart] "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; AD = http://avsystemcare.com
O4 - HKLM \ .. \ Run: [Salestart (1)] "C: \ Program Files \ Common Files \ PCPrivacyTool \ mc.exe" dm = http://pcprivacytool.com; AD = http://pcprivacytool.com
O4 - HKLM \ .. \ Run: [rtasks] C: \ Program Files \ AVSystemCare \ rtasks.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Microsoft Rasti Fast.lnk = C: \ Program Files \ Microsoft Office \ Office \ FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C: \ Program Files \ Microsoft Office \ Office \ Osa.exe
O4 - Startup: system.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: DSLMON.lnk = C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
O4 - Global Startup: Exif Launcher 2.lnk =?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O7 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Pol icies \ System, DisableRegedit = 1
O8 - Extra kontekstinio meniu punktą: & D & ownload ir su BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra kontekstinio meniu punktą: & D & ownload visus vaizdo BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra kontekstinio meniu punktą: & D & ownload visus su BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddAllLink.htm
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.tiscali.co.uk/broadband
Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (6309F0DB-E1B6-4D47-83F0-111ED3BCCD32): NameServer = 212.139.132.24 212.139.132.25
Ø20 - AppInit_DLLs: sulimo.dat
O23 - Service: ATI HotKey Rinkėjas - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Automatinė LIVEUPDATE Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
O23 - Service: B Recorder GOLD biblioteka Bendrosios paslaugos (bgsvcgen) - BHA Corporation - C: \ WINDOWS \ system32 \ bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling tarnybos (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LIVEUPDATE - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Norton AntiVirus, Firewall Monitorius paslaugos (NPFMntor) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ IWP \ NPFMntor.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Samsung Atnaujinti plius - Unknown owner - C: \ Program Files \ Nokia \ Nokia Atnaujinti Plus \ SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking tarnybos (SBService) - Symantec Corporation - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C: \ Program Files \ "Samsung \" Samsung Network Manager \ SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
--
End of file - 9608 bytes

Hope this helps?

[evilfantasy]

Jūs tikrai turi keletą labai nemalonių infekcijų.

1. Atsisiųsti Malwarebytes 'RogueRemover Laisvas
2. Dukart spustelėkite piktogramą, norėdami įdiegti RogueRemover ir paleiskite programą.
3. Spauda Check for Updates.
4. Tai parodys, jei yra naujesne versija bazėje. Spauda Atsisiųsti.
5. Grįžti į pagrindinį ekraną ir paspauskite Scan.
6. Jei ir kai infekcija nustatoma, pašalinti visus objektus, nustatyta,.

=====

Atsisiųskite, įdiekite ir atnaujinkite Superantispyware (SAS) Don't run tai dar.

SUPERAntispyware Free Edition

=====
Jei norite, galite atsispausdinti arba nukopijuoti ir įklijuoti į instrukcijas poilsio ir įrašykite juos į teksto dokumentą darbalaukyje. Jūs negalite matyti juos iš Safe Mode.

Paleiskite "Safe Mode

* Iš naujo paleiskite kompiuterį.
* Jei norite pamatyti juodai-balta Starting Windows juostoje ekrano apačioje, pradėti sriegikliai F8 raktas.
* Jei norite patekti į boot meniu, naudokite rodyklių klavišus pasirinkite Safe Mode
* Tada paspauskite Registracija.
* Kompiuteris paleidžiamas iš naujo imu.

=====

Atidaryti HijackThis ir pasirinkite "Ar sistema nuskaito tik"

Vieta žymės langelį: (jei rasta)

F2 - REG: System.ini: shell = explorer.exe C: \ WINDOWS \ system32 \ printer.exe
O4 - HKLM \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKLM \ .. \ Run: [Salestart] "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; AD = http://avsystemcare.com
O4 - HKLM \ .. \ Run: [Salestart (1)] "C: \ Program Files \ Common Files \ PCPrivacyTool \ mc.exe" dm = http://pcprivacytool.com; AD = http://pcprivacytool.com
O4 - HKLM \ .. \ Run: [rtasks] C: \ Program Files \ AVSystemCare \ rtasks.exe
O4 - HKCU \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O7 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Pol icies \ System, DisableRegedit = 1

Dabar paspauskite mygtuką "Fix checked"

Išeitis HijackThis

=====

Dabar konfigūruoti ir paleisti SUPERAntiSpyware imu.

* Pagal Konfigūracija ir nustatymaiPaspauskite Parinktys mygtuką.
* Paspauskite Skenavimo Control tab.
* Pagal Skeneris Funkcijos Įsitikinkite, kad taip būtų tikrinami:
+ Uždaryti naršyklių iki nuskaitymo
+ Scan sekimo slapukų
+ Nutraukti atminties grėsmių iki karantino.
+ Prašome palikti kitiems nepatikrintas.
+ Spauskite Uždaryti mygtuką, norėdami išeiti kontrolės centras ekrane.
* Nuo pagrindinio ekrano, pagal Nuskaityti Kenksminga programinė įranga Spauskite Skanuoti kompiuterį.
* Kairėje patikrinti C: \ Fixed Drive.
* Dešinėje pagal Visiškas nuskaitymasPasirinkite Atlikti Complete Scan.
* Paspauskite Kitas pradėti nuskaityti. Būkite kantrūs, kol ji nuskaito jūsų kompiuterį.
* Po nuskaitymo pilnas santrauka langelyje pasirodys. Spauskite Gerai.
* Įsitikinkite, kad viskas balta lauke turi patikrinti, šalia, tada Kitas.
* Jis bus karantine, ką ji rado ir jei jis prašo, jei norite iš naujo paleisti kompiuterį, spustelėkite Taip.
* Norėdami gauti pašalinus informacija atlikite šiuos veiksmus:
+ Po perkrovimo, dukart spustelėkite SUPERAntiSpyware piktogramą darbalaukyje.
+ Spauskite Parinktys. Spauskite Statistika / Įrašai tab.
+ Pagal Skeneris Įrašai, dukart spustelėkite SUPERAntiSpyware Scan Prisijungti.
+ Tai atidarys jūsų numatytąjį teksto redaktoriumi (pavyzdžiui, Notepad / Wordpad).
+ Išsaugoti Notepad failą darbalaukyje, spustelėkite (Notepad)Failas"Save As"
* Išsaugoti Prisijungti kažkur galite lengvai jį rasti. (paprastai Desktop)
* Spustelėkite Uždaryti, uždaryti ir vėl išeiti programą.
* Prašome įrašyti Prisijungti su areštas kartu su nauja HijackThis į šį pranešimą.

=====

Sekantis pridėkite kaip priedą
SUPERAntiSpyware Prisijungti
Naujas HijackThis

[hannyp]

Tai SuperAntiSpyware rezultatai:

SUPERAntiSpyware Scan Prisijungti
http://www.superantispyware.com
At 08:56 11/26/2007 Generated AM
Application Version: 3.9.1008
Core Taisyklės Database Versija: 3.259
Sekti Taisyklės duomenų bazė Versija: 1.270
Scan Type: Quick Scan
Iš viso nuskaitymo laikas: 00:09:24
Atminties elementai nuskaityta: 564
Atminties grėsmių detected: 0
Registro objektų nuskaityta: 720
Registras grėsmių detected: 0
Failo elementai nuskaityta: 8656
Failo grėsmių aptikta: 84
Adware.Tracking Cookie
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@www.burstbeacon [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@archant.122.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfmigoajiko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfk4widpifo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ Overture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wflokpczkbq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@stat.errclean [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ads.associatedconte NT [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1070878818 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ DoubleClick "[1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ burstnet [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjmywjdjokp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ atdmt [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ roiservice [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@122.2o7 [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ apmebf [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyehcjkdo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wblogncpagp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ indextools [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgmyagajsdo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@phillyburbscom.112. 2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1069870899 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ serving-sys [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ questionmarket [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfk4cpcjshq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1057062368 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ AdServer [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ Haymarket [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyalcpcfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ adrevolver [3]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ adrevolver [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ehg-autotrader.hitbox [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ revsci [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wckigncpmfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ whatcar [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjkoejdjmgp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@tracking.webdiversi ty.co [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wglyuiazacp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ TradeDoubler "[1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ pistonheads [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgl4qic5mlp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ Next [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6whkiaodzcfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ hitbox [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@haynet.adbureau [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfliujajshp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1066670941 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgliglc5aco.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@h.starware [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@edge.ru4 [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgkiohcpmgo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfkysjazkgp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@amazonms.122.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ Bluestreak [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@stat.dealtime [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfliemdzahq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1071238990 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1070144314 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlycmajsfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ reklamos [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1066767647 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@media.adrevolver [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ adtech [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyqgd5ido.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ dealtime [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ tacoda [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@tracking.summitmedi a.co [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjmikjczihq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@www.burstnet [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ StatCounter [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@try.starware [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@statse.webtrendsliv E [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ Clickbank [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wbliskcjibo.stats.esomniture [2]. Txt


Ir čia yra HijackThis:

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 9:02:38 dėl 11/26/2007
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
C: \ WINDOWS \ system32 \ bgsvcgen.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
C: \ Program Files \ Norton AntiVirus \ IWP \ NPFMntor.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ Program Files \ "Samsung \" Samsung Network Manager \ SNMWLANService.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ Nokia \ Nokia EDS \ EDSAgent.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ Program Files \ Nokia \ AVStation Premium 3,75 \ AVSAgent.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Nokia \ Nokia Battery Manager \ BatteryManager.exe
C: \ Program Files \ SAMSUNG \ MagicKBD \ MagicKBD.exe
C: \ Program Files \ Nokia \ DISPLAYMANAGER \ DisplayManager.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
C: \ WINDOWS \ SM1BG.EXE
C: \ Program Files \ Nokia \ DISPLAYMANAGER \ dmhkcore.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
C: \ Program Files \ FinePixViewer \ QuickDCF2.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Microsoft Office \ Office \ Osa.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqSTE08.exe
C: \ Program Files \ Nokia \ Nokia Atnaujinti Plus \ SLUTrayNotifier.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ GoogleToolbar2.dll
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [SAS] C: \ Program Files \ Nokia \ Nokia EDS \ EDSAgent.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [AVStation Premium 3,75] C: \ Program Files \ Nokia \ AVStation Premium 3,75 \ AVSAgent.exe
O4 - HKLM \ .. \ Run: [MagicKeyboard] C: \ Program Files \ SAMSUNG \ MagicKBD \ PreMKBD.exe
O4 - HKLM \ .. \ Run: [RestoreIT!] "C: \ Program Files \ Phoenix Technologies Ltd \ RecoverPro_XP \ VBPTASK.EXE" VBStart
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [BatteryManager] C: \ Program Files \ Nokia \ Nokia Battery Manager \ BatteryManager.exe
O4 - HKLM \ .. \ Run: [DMHotKey] C: \ Program Files \ Nokia \ DISPLAYMANAGER \ DMLoader.exe
O4 - HKLM \ .. \ Run: [DISPLAYMANAGER] C: \ Program Files \ Nokia \ DISPLAYMANAGER \ DisplayManager.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe"
O4 - HKLM \ .. \ Run: [SM1BG] C: \ WINDOWS \ SM1BG.EXE
O4 - HKLM \ .. \ Run: [adiras] adiras.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / vartotojų
O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / autorun
O4 - HKLM \ .. \ Run: [Easy SpyRemover] C: \ Program Files \ Easy SpyRemover \ EasySpyRemover.exe / smart
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Microsoft Rasti Fast.lnk = C: \ Program Files \ Microsoft Office \ Office \ FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C: \ Program Files \ Microsoft Office \ Office \ Osa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
O4 - Global Startup: Exif Launcher 2.lnk =?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O8 - Extra kontekstinio meniu punktą: & D & ownload ir su BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra kontekstinio meniu punktą: & D & ownload visus vaizdo BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra kontekstinio meniu punktą: & D & ownload visus su BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddAllLink.htm
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.tiscali.co.uk/broadband
Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (6309F0DB-E1B6-4D47-83F0-111ED3BCCD32): NameServer = 212.139.132.24 212.139.132.25
Ø20 - AppInit_DLLs: sulimo.dat
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: ATI HotKey Rinkėjas - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Automatinė LIVEUPDATE Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
O23 - Service: B Recorder GOLD biblioteka Bendrosios paslaugos (bgsvcgen) - BHA Corporation - C: \ WINDOWS \ system32 \ bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling tarnybos (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LIVEUPDATE - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Norton AntiVirus, Firewall Monitorius paslaugos (NPFMntor) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ IWP \ NPFMntor.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Samsung Atnaujinti plius - Unknown owner - C: \ Program Files \ Nokia \ Nokia Atnaujinti Plus \ SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking tarnybos (SBService) - Symantec Corporation - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C: \ Program Files \ "Samsung \" Samsung Network Manager \ SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
--
End of file - 9.092 baitų

Didžiosios priemonių laikytis, net man pavyko jį.

Ačiū, whats Next?

[evilfantasy]

Ar galite pridėti / šalinti programas?

Jei taip ten ir ieškoti ir pašalinti Rytų Spy Remover.

[hannyp]

Ne, aš vis dar atsiranda įspėjimas, kuriame rašoma:
"Ši operacija buvo panaikinta dėl apribojimų poveikį šiame kompiuteryje, kreipkitės į sistemos administator".

[MJM]

Įkėlimo į saugų režimą.

Perkraukite kompiuterį ir laikykite pataikyti F8. Turėtumėte gauti meniu. Pasirinkite viską (Safe Mode). Renkantis sąskaitų būtinai paimti administratoriaus sąskaitą.
Grįžti į Add / Remove Programs. Jis turėtų veikti. Kitu atveju bandykite žudymo procesą (kuris gali ar negali būti vadinamas "EasySpyRemover.exe" ar panašiai). Bandykite prisijungti prie Add / Remove kartą.