[hannyp]

Prosím pomôžte !!!!!

Môj počítač nedovolí, abych šel do pridať alebo odstrániť programy, hovorí, že prístup deniery ako nemám orgánu a obráťte sa na správcu systému, to je môj počítač (laptop) a len ja a môj manžel má účtov zriadených na počítač, som sa pokúsil v rámci svojho účtu, a hovorí to isté. Ako môžem získať tento Zoradené?

Sme neustále túto správu objaví na Windows bezpečnostné varovanie, varovanie potenciálny spyware prevádzky. Ako môžem zabrániť objavuje?

Vďaka
Hannah

[philthomas]

Tie môžu byť lepšie vysielania v tomto Virus, spyware a bezpečnosť fórum

[hannyp]

Závity sloučeny.

[evilfantasy]

Premiestnená do vírus, spyware a bezpečnosť fóre.

Dovoľte nám navštíviť log z HijackThis, prosím.

Stiahnuť HijackThis do počítača.
Double-kliknite na súbor, ktorý ste práve prevzali.
Kliknite na "Inštalácia"Tlačidlo nainštalovať.
Bude implicitne nainštaluje do adresára -- C: \ Program Files \ Trend Micro \ HijackThis
Prosím, nemeňte predvolenú inštaláciu umiestnenie.
Po inštalácii, HijackThis mala otvoriť pre vás.

Ďalej kliknite na "Do systému kontroly a uložiť log súbor " tlačidlo.
HijackThis bude skenovať a potom prihlásiť sa otvorí v programe Poznámkový blok.
V ľavom hornom rohu okna kliknite notepad "Súbor" > "Uložiť ako" názov hijackthis a uložte ho do Desktop.
Prosím uložte ako textový log (. Txt) Alebo súboru. Log
Robiť NIE attach MS-Word . DOC súbory nebudú pozerať!
Za svoj príspevok, pridajte sa prihlásiť ako Prílohu.
* Nemáte Hijackthis opraviť niečo. Väčšina toho, čo zistí, bude neškodné alebo dokonca nevyhnutné.
** Nepoužívajte Analyse Toto tlačidlo. Jeho závery sú nebezpečné, keď nesprávne vyložil.

Sprievodca pre prichytenie prihlási na pracovné miesto

[hannyp]

Logfile Trend Micro HijackThis v2.0.2
Scan uložené v 7:42:43 PM na 11.25.2007
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Zavádzacia mód: Normálny
Bežiace procesy:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ WINDOWS \ system32 \ bgsvcgen.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
C: \ Program Files \ Norton AntiVirus \ IWP \ NPFMntor.exe
C: \ Program Files \ Samsung \ Samsung Network Manager \ SNMWLANService.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ printer.exe
C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ Samsung \ Samsung EDS \ EDSAgent.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ Program Files \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Samsung \ Samsung Batérie Manager \ BatteryManager.exe
C: \ Program Files \ SAMSUNG \ MagicKBD \ MagicKBD.exe
C: \ Program Files \ Samsung \ DisplayManager \ DisplayManager.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ WINDOWS \ SM1BG.EXE
C: \ Program Files \ Samsung \ DisplayManager \ dmhkcore.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ Common Files \ PCPrivacyTool \ mc.exe
C: \ Program Files \ Messenger \ Msmsgs.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
C: \ Program Files \ FinePixViewer \ QuickDCF2.exe
C: \ Program Files \ HP \ Digital Zobrazovacie \ bin \ hpqtra08.exe
C: \ Program Files \ Microsoft Office \ Office \ OSA.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ HP \ Digital Zobrazovacie \ bin \ hpqSTE08.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Samsung \ Samsung Update Plus \ SLUTrayNotifier.exe
C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Easy SpyRemover \ EasySpyRemover.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
F2 - REG: system.ini: Shell = Explorer.exe C: \ WINDOWS \ system32 \ printer.exe
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-oneskoriť
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [EDS] C: \ Program Files \ Samsung \ Samsung EDS \ EDSAgent.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [AVStation Premium 3,75] C: \ Program Files \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
O4 - HKLM \ .. \ Run: [MagicKeyboard] C: \ Program Files \ SAMSUNG \ MagicKBD \ PreMKBD.exe
O4 - HKLM \ .. \ Run: [RestoreIT!] "C: \ Program Files \ Phoenix technológie Ltd \ RecoverPro_XP \ VBPTASK.EXE" VBStart
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [BatteryManager] C: \ Program Files \ Samsung \ Samsung Batérie Manager \ BatteryManager.exe
O4 - HKLM \ .. \ Run: [DMHotKey] C: \ Program Files \ Samsung \ DisplayManager \ DMLoader.exe
O4 - HKLM \ .. \ Run: [DisplayManager] C: \ Program Files \ Samsung \ DisplayManager \ DisplayManager.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [SM1BG] C: \ WINDOWS \ SM1BG.EXE
O4 - HKLM \ .. \ Run: [adiras] adiras.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / spotrebiteľov
O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AutoRun
O4 - HKLM \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKLM \ .. \ Run: [Salestart] "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; ad = http://avsystemcare.com
O4 - HKLM \ .. \ Run: [Salestart (1)] "C: \ Program Files \ Common Files \ PCPrivacyTool \ mc.exe" dm = http://pcprivacytool.com; ad = http://pcprivacytool.com
O4 - HKLM \ .. \ Run: [rtasks] C: \ Program Files \ AVSystemCare \ rtasks.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ Msmsgs.exe" / pozadia
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'systém')
O4 - HKUS \. DEFAULT \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Predvolené užívateľ')
O4 - spustenie: Microsoft Nájsť Fast.lnk = C: \ Program Files \ Microsoft Office \ Office \ FINDFAST.EXE
O4 - spustenie: Úrad Startup.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA.EXE
O4 - spustenie: system.exe
O4 - Global spustení: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global spustení: autorun.exe
O4 - Global spustení: DSLMON.lnk = C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
O4 - Global spustení: Exif Launcher 2.lnk =?
O4 - Global spustení: HP Digital Zobrazovacie Monitor.lnk = C: \ Program Files \ HP \ Digital Zobrazovacie \ bin \ hpqtra08.exe
O7 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Politická icies \ System, DisableRegedit = 1
O8 - Extra kontextového menu položku: & D & ownload & s BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra kontextového menu položku: & D & ownload všetky videá s BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra kontextového menu položku: & D & ownload všetko s BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddAllLink.htm
O9 - Extra tlačidlá: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.tiscali.co.uk/broadband
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (6309F0DB-E1B6-4D47-83F0-111ED3BCCD32): nameserver = 212.139.132.24 212.139.132.25
O20 - AppInit_DLLs: sulimo.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Plánovač automatické LiveUpdate - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: B Rekordér GOLD Lesser General Service (bgsvcgen) - BHA Corporation - C: \ WINDOWS \ system32 \ bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Heslo Validácia (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc značenia Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Norton AntiVirus Auto-Neuchovávajte Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ IWP \ NPFMntor.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Samsung Update Plus - Neznámy vlastník - C: \ Program Files \ Samsung \ Samsung Update Plus \ SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec sieť Ovládače Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SNM WLAN Service - Neznámy vlastník - C: \ Program Files \ Samsung \ Samsung Network Manager \ SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
--
Koniec súboru - 9608 bytes

Dúfam, že to pomôže?

[evilfantasy]

Ty určite mať niektoré veľmi škaredé infekcie.

1. Stiahnuť Malwarebytes' RogueRemover Voľný
2. Dvojitým kliknutím na ikonu RogueRemover nainštalovať a spustiť program.
3. Tlač Vyhľadať aktualizácie.
4. To vám ukáže, či existuje novšia verzia databázy. Tlač Na stiahnutie.
5. Vráťte sa späť na hlavnú obrazovku a stlačte Scan.
6. Či a kedy sa infekcia zistí, odstráni všetky objekty zistilo.

=====

Stiahnutie, inštalácia a aktualizácia SuperAntiSpyware (SAS) Nie sú v rozpore tejto doteraz.

SuperAntiSpyware Free Edition

=====
Možno budete chcieť vytlačiť alebo skopírovať a vložiť zvyšku návode a ukladať ich do textového dokumentu do počítača. Nebudete mať možnosť vidieť od núdzovom režime.

Reštartovať v núdzovom režime

* Reštartujte počítač.
* Keď vidíte, čierna-a-biela Počnúc Windows bar v dolnej časti obrazovky, spustite kliknutím na F8 kľúč.
* Keď sa dostanete do boot menu, použite klávesy so šípkami vyberte Núdzový režim
* Potom Tlač Vstup.
* K reštartovanie počítača v núdzovom režime.

=====

HijackThis Otvoriť a vyberte možnosť "Do systému scan only"

Umiestnite zatržítko vedľa: (ak nájdených)

F2 - REG: system.ini: Shell = Explorer.exe C: \ WINDOWS \ system32 \ printer.exe
O4 - HKLM \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKLM \ .. \ Run: [Salestart] "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; ad = http://avsystemcare.com
O4 - HKLM \ .. \ Run: [Salestart (1)] "C: \ Program Files \ Common Files \ PCPrivacyTool \ mc.exe" dm = http://pcprivacytool.com; ad = http://pcprivacytool.com
O4 - HKLM \ .. \ Run: [rtasks] C: \ Program Files \ AVSystemCare \ rtasks.exe
O4 - HKCU \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - spustenie: system.exe
O4 - Global spustení: autorun.exe
O7 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Politická icies \ System, DisableRegedit = 1

Teraz kliknite na tlačidlo "Opraviť kontrolované"

Koniec HijackThis

=====

Teraz SuperAntiSpyware nakonfigurovať a spustiť v núdzovom režime.

* V Konfigurácia a nastavenia, Kliknite na Preference tlačidlo.
* Kliknite na Skenovanie kontrolu tab.
* V Možnosti skenera uistite sa, že tieto sú kontrolované:
+ Zavrieť prehliadacov pred skenovanie
+ Scan pre monitorovanie cookies
+ Ukončiť pamäte pred hrozbami karantény.
+ Prosím, nechajte ostatné slepé.
+ Kliknite na Zavrieť Tlačidlo opustiť kontrolné centrum obrazovke.
* Na hlavnej obrazovke pod Vyhľadávať Škodlivý softvér kliknite Prehledávať počítač.
* Na ľavej check C: \ Pevný disk.
* Na pravej podľa Kompletné Scan, Vyberte Vykoná Kompletné Scan.
* Kliknite Příští pre spustenie skenovania. Buďte trpezliví a zároveň ho prehľadáva počítač.
* Po skenovanie je kompletný súhrn okno sa. Kliknite OK.
* Uistite sa, že všetko v bielom rámčeku má kontrolovať vedľa nej, potom kliknite na Příští.
* Bude karantény, čo zistil, a ak sa opýta, či chcete reštartovať, kliknite na tlačidlo Áno.
* Pre načtení odstránenie informácií prosím nasledujúce:
+ Po reštarte double-click na SuperAntiSpyware ikony na ploche.
+ Zobraz Preference. Kliknite na Štatistiky / Záznamy tab.
+ Podľa Scanner Protokolovací double-click SuperAntiSpyware Scan Log.
+ Bude otvorený v predvolenom textovom editore (napríklad Poznámkový blok / WordPad).
+ Notepad Uložte súbor do počítača kliknutím (v notepadu) "Súbor""Save As"
* Uložte si niekam prihlásiť, aby ste mohli ľahko nájsť. (normálně na ploche)
* Kliknutím zatvorte a opäť zavrite a ukončite program.
* Prosím, pridajte prihlásiť ako připojovací spolu s novým HijackThis log v ďalšom post.

=====

Ďalšie Doručovací prosím pridávať ako prílohy
SuperAntiSpyware log
Nový HijackThis log

[hannyp]

To je SuperAntiSpyware Výsledky:

SuperAntiSpyware Scan Prihlásenie
http://www.superantispyware.com
Generated 11.26.2007 v 08:56
Verzia aplikácie: 3.9.1008
Pravidlá databázy Core Version: 3259
Stopový Pravidlá databázy Version: 1270
Vyhľadávať typ: Quick Scan
Celkom Scan Time: 00:09:24
Memory položiek testovány: 564
Memory ohrozenia odhalené: 0
Položky databázy Registry skenovaná: 720
Registre ohrozenia odhalené: 0
Súbor položiek skenovaná: 8656
Súbor zistených ohrozenia: 84
Adware.Tracking Cookie
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@www.burstbeacon [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@archant.122.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfmigoajiko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfk4widpifo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ predohra [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wflokpczkbq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@stat.errclean [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ads.associatedconte nt [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1070878818 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ burstnet [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjmywjdjokp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ atdmt [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ roiservice [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@122.2o7 [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ apmebf [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyehcjkdo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wblogncpagp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ mediaplex [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ indextools [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgmyagajsdo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@phillyburbscom.112. 2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1069870899 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ slúžiace sys-[1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ questionmarket [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfk4cpcjshq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1057062368 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ adserver [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ Haymarket [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyalcpcfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ adrevolver [3]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ adrevolver [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ehg-autotrader.hitbox [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ revsci [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ a [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wckigncpmfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ whatcar [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjkoejdjmgp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@tracking.webdiversi ty.co [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wglyuiazacp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ TradeDoubler [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ pistonheads [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgl4qic5mlp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ @ Hannah Ďalšie [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6whkiaodzcfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ hitbox [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@haynet.adbureau [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfliujajshp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1066670941 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgliglc5aco.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@h.starware [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@edge.ru4 [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgkiohcpmgo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfkysjazkgp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@amazonms.122.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ bluestreak [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@stat.dealtime [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfliemdzahq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1071238990 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1070144314 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlycmajsfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ reklamy [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1066767647 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@media.adrevolver [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ Adtech [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyqgd5ido.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ dealtime [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ tacoda [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@tracking.summitmedi a.co [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjmikjczihq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@www.burstnet [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ statcounter [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@try.starware [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ clickbank [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wbliskcjibo.stats.esomniture [2]. Txt


A tu je HiJackThis Prihlásenie:

Logfile Trend Micro HijackThis v2.0.2
Scan uložené v 9:02:38 PM na 11.26.2007
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Zavádzacia mód: Normálny
Bežiace procesy:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ WINDOWS \ system32 \ bgsvcgen.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
C: \ Program Files \ Norton AntiVirus \ IWP \ NPFMntor.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ Program Files \ Samsung \ Samsung Network Manager \ SNMWLANService.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ Samsung \ Samsung EDS \ EDSAgent.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ Program Files \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Samsung \ Samsung Batérie Manager \ BatteryManager.exe
C: \ Program Files \ SAMSUNG \ MagicKBD \ MagicKBD.exe
C: \ Program Files \ Samsung \ DisplayManager \ DisplayManager.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ WINDOWS \ SM1BG.EXE
C: \ Program Files \ Samsung \ DisplayManager \ dmhkcore.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ Messenger \ Msmsgs.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
C: \ Program Files \ FinePixViewer \ QuickDCF2.exe
C: \ Program Files \ HP \ Digital Zobrazovacie \ bin \ hpqtra08.exe
C: \ Program Files \ Microsoft Office \ Office \ OSA.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ HP \ Digital Zobrazovacie \ bin \ hpqSTE08.exe
C: \ Program Files \ Samsung \ Samsung Update Plus \ SLUTrayNotifier.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-oneskoriť
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [EDS] C: \ Program Files \ Samsung \ Samsung EDS \ EDSAgent.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [AVStation Premium 3,75] C: \ Program Files \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
O4 - HKLM \ .. \ Run: [MagicKeyboard] C: \ Program Files \ SAMSUNG \ MagicKBD \ PreMKBD.exe
O4 - HKLM \ .. \ Run: [RestoreIT!] "C: \ Program Files \ Phoenix technológie Ltd \ RecoverPro_XP \ VBPTASK.EXE" VBStart
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [BatteryManager] C: \ Program Files \ Samsung \ Samsung Batérie Manager \ BatteryManager.exe
O4 - HKLM \ .. \ Run: [DMHotKey] C: \ Program Files \ Samsung \ DisplayManager \ DMLoader.exe
O4 - HKLM \ .. \ Run: [DisplayManager] C: \ Program Files \ Samsung \ DisplayManager \ DisplayManager.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [SM1BG] C: \ WINDOWS \ SM1BG.EXE
O4 - HKLM \ .. \ Run: [adiras] adiras.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / spotrebiteľov
O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AutoRun
O4 - HKLM \ .. \ Run: [Easy SpyRemover] C: \ Program Files \ Easy SpyRemover \ EasySpyRemover.exe / chytrý
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ Msmsgs.exe" / pozadia
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [SuperAntiSpyware] C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'systém')
O4 - HKUS \. DEFAULT \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Predvolené užívateľ')
O4 - spustenie: Microsoft Nájsť Fast.lnk = C: \ Program Files \ Microsoft Office \ Office \ FINDFAST.EXE
O4 - spustenie: Úrad Startup.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA.EXE
O4 - Global spustení: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global spustení: DSLMON.lnk = C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
O4 - Global spustení: Exif Launcher 2.lnk =?
O4 - Global spustení: HP Digital Zobrazovacie Monitor.lnk = C: \ Program Files \ HP \ Digital Zobrazovacie \ bin \ hpqtra08.exe
O8 - Extra kontextového menu položku: & D & ownload & s BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra kontextového menu položku: & D & ownload všetky videá s BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra kontextového menu položku: & D & ownload všetko s BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddAllLink.htm
O9 - Extra tlačidlá: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.tiscali.co.uk/broadband
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (6309F0DB-E1B6-4D47-83F0-111ED3BCCD32): nameserver = 212.139.132.24 212.139.132.25
O20 - AppInit_DLLs: sulimo.dat
O20 - Winlogon Upozornenie:! SASWinLogon - C: \ Program Files \ SuperAntiSpyware \ SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Plánovač automatické LiveUpdate - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: B Rekordér GOLD Lesser General Service (bgsvcgen) - BHA Corporation - C: \ WINDOWS \ system32 \ bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Heslo Validácia (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc značenia Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Norton AntiVirus Auto-Neuchovávajte Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ IWP \ NPFMntor.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Samsung Update Plus - Neznámy vlastník - C: \ Program Files \ Samsung \ Samsung Update Plus \ SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec sieť Ovládače Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SNM WLAN Service - Neznámy vlastník - C: \ Program Files \ Samsung \ Samsung Network Manager \ SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
--
Koniec súboru - 9092 bytes

Veľká kroky sledovať, dokonca sa mi podarilo ju.

Vďaka, co dál??

[evilfantasy]

Dostanete sa na Pridať / Odobrať programy teraz?

Ak tomu tak je tam ísť a hľadať a odinštalovať East Spy odstraňovač.

[hannyp]

Nie, ešte som vám zobrazí upozornenie, ktoré znie:
'Táto operácia bola zrušená z dôvodu obmedzení vplyvu na tomto počítači, obráťte sa na váš systém Administátori'.

[MJM]

Zaviesť do núdzového režimu.

Reštartujte počítač a udržiavať zasahujúcu F8. Tie by mali dostať ponuku. Vyberte si čo najviac (núdzový režim). Pri výbere účtov nezabudnite vyzdvihnúť administrátorského konta.
Choďte do Pridať / Odstrániť programy. Malo by fungovat. Inak skúste zabitie procesu (ktorá môže alebo nemusí byť nazývaný "EasySpyRemover.exe" alebo podobný). Skúste prístupu pridať / odobrať znova.