[badproduce]

Moj brat je bio koristeći moj računalo kako bi se za surf * ahem * porno,
i na kraju instalacije winspywareprotect.

Bio sam savjetovao da koristite odstranjivač Rogue, koji nisu posla, zatim program nazvan smithfraudfix i da nije radila da biste dobili osloboditi od Internet either.Anyhow, postoji li neki način da biste dobili osloboditi od ovaj građa.

Hvala, unaprijed.

[Hybr! D]

Slijedite upute i poslati logove da bismo mogli vidjeti što se događa.

http://www.computer-juice.com/forums...476/ # post28109

[badproduce]

Malwarebytes' Anti-zaštita od zlonamjernih programa 1,17
Database version: 849

1:37:11 6/12/2008
mbam-log-6-12-2008 (01-37-11). txt

Scan type: Full Scan (C: \ | D: \ |)
Objekti skenirane: 126833
Proteklo vrijeme: 1 sat (a), 8 minute (s), 12 Drugi (a / e)

Memory Processes zaraženih: 1
Memorijske module zaraženih: 0
Ključevi registra zaraženih: 1
Registry Values zaraženih: 1
Registry Data Items zaraženih: 0
Mape zaraženih: 6
Zaražene datoteke: 13

Memory Processes zaraženih:
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ WinSpywareProtect.exe (Rogue.MalWarrior) -> istovaren proces uspješno.

Memorijske module zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Ključevi registra zaraženih:
HKEY_CURRENT_USER \ Software \ ADSL Software Limited (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.

Registry Values zaraženih:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run \ WinSpywareProtect (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.

Registry Data Items zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Mape zaraženih:
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ BAZA (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ obrisan (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ log (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ spremljene (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.

Zaražene datoteke:
D: \ System Volume Information \ _restore (F589447D-B319-40FA-9054-B0C4E6412CB0) \ RP113 \ A0032499.exe (Trojan.Agent) -> karanteni i uspješno izbrisan.
D: \ System Volume Information \ _restore (F589447D-B319-40FA-9054-B0C4E6412CB0) \ RP113 \ A0032500.exe (Trojan.Agent) -> karanteni i uspješno izbrisan.
D: \ System Volume Information \ _restore (F589447D-B319-40FA-9054-B0C4E6412CB0) \ RP153 \ A0061615.exe (Trojan.Agent) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ WinSpywareProtect.exe (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ LOG \ 20080611031509467.lo g (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ LOG \ 20080611035820890.lo g (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ LOG \ 20080611042934786.lo g (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ LOG \ 20080611094417312.lo g (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ LOG \ 20080611141303089.lo g (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ LOG \ 20080611171519968.lo g (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ LOG \ 20080611184633875.lo g (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ LOG \ 20080611194625578.lo g (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.
D: \ Documents and Settings \ All Users \ Application Data \ ADSL Software Limited \ WinSpywareProtect \ LOG \ 20080612002504703.lo g (Rogue.MalWarrior) -> karanteni i uspješno izbrisan.

[badproduce]

CC čistiju i Superantispyware izvješće kao čistu

[evilfantasy]

Još uvijek je potrebna Hijackthis log.

[badproduce]

žao nam je, ali o tome ovdje ide:


Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 2:05:31 Na 6/12/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Pokretanje procesa:
D: \ WINDOWS \ System32 \ smss.exe
D: \ WINDOWS \ system32 \ Winlogon.exe
D: \ WINDOWS \ system32 \ services.exe
D: \ WINDOWS \ system32 \ lsass.exe
D: \ WINDOWS \ system32 \ Svchost.exe
D: \ WINDOWS \ System32 \ Svchost.exe
D: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
D: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
D: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
D: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
D: \ WINDOWS \ system32 \ LEXBCES.EXE
D: \ WINDOWS \ system32 \ spoolsv.exe
D: \ WINDOWS \ system32 \ LEXPPS.EXE
D: \ WINDOWS \ system32 \ Svchost.exe
D: \ WINDOWS \ explorer.exe
D: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
D: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
D: \ WINDOWS \ system32 \ igfxtray.exe
D: \ WINDOWS \ system32 \ hkcmd.exe
D: \ WINDOWS \ system32 \ igfxpers.exe
D: \ WINDOWS \ RTHDCPL.EXE
D: \ WINDOWS \ mHotkey.exe
D: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,2 \ Apps \ apdproxy.exe
D: \ Program Files \ Lexmark 1200 Series \ lxczbmgr.exe
D: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
D: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
D: \ WINDOWS \ system32 \ igfxsrvc.exe
D: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
D: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
D: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
D: \ WINDOWS \ system32 \ Ctfmon.exe
D: \ Program Files \ Lexmark 1200 Series \ lxczbmon.exe
D: \ Program Files \ OpenOffice.org 2,3 \ program \ soffice.exe
D: \ Program Files \ OpenOffice.org 2,3 \ program \ soffice.BIN
D: \ WINDOWS \ system32 \ taskmgr.exe
D: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - D: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - D: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [IgfxTray] D: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] D: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [upornost] D: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [CHotkey] mHotkey.exe
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "D: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,2 \ Apps \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [Lexmark 1200 Series] "D: \ Program Files \ Lexmark 1200 Series \ lxczbmgr.exe"
O4 - HKLM \ .. \ Run: [RemoteControl] "D: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "D: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "D: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "D: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [avast!] D: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [cdloader] "D: \ Documents and Settings \ Sean \ Application Data \ mjusbsp \ cdloader2.exe" MAGICJACK
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] D: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] D: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [MySpaceIM] D: \ Program Files \ MySpace \ IM \ MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [MySpaceIM] D: \ Program Files \ MySpace \ IM \ MySpaceIM.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = D: \ Program Files \ OpenOffice.org 2,3 \ program \ quickstart.exe
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - D: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - D: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: Absolute Poker - (13C1DBF6-495c-7535-91F6-8C13714ED485) - D: \ Documents and Settings \ Sean \ Start Menu \ Programs \ Absolute Poker \ Absolute Poker.lnk
O9 - Extra 'Tools' MENUITEM: Absolute Poker - (13C1DBF6-495c-7535-91F6-8C13714ED485) - D: \ Documents and Settings \ Sean \ Start Menu \ Programs \ Absolute Poker \ Absolute Poker.lnk
O9 - Extra button: PokerStars - ED16-(3AD14F0C-4e43-B6D8-661B03F6A1EF) - D: \ Program Files \ PokerStars \ PokerStarsUpdate.exe
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - D: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - D: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - D: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - D: \ Program Files \ Messenger \ msmsgs.exe
O12 - Plugin for. Spop: D: \ Program Files \ Internet Explorer \ Plugins \ NPDocBox.dll
O20 - Winlogon Obavijesti:! SASWinLogon - D: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: servis LexBce Server (LexBceS) - Lexmark International, Inc - D: \ WINDOWS \ system32 \ LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe

--
End of file - 5742 bytes

[evilfantasy]

Sve izgleda u redu, kako je PC sada?

[badproduce]

Čini se da je u redu, osim činjenice da trebam novi procesor.

Hvala momci.

[evilfantasy]

Završni koraci.

Postavi novu točku vraćanja za sprečavanje mogućih reinfection od starog
Postavljanje novu točku vraćanja NAKON čišćenja sustava omogućit će računalo roll-back na čisto radno države ako je potrebno.

• Idi na Početak > Programi > Pribor > System Tools i kliknite System Restore
• Odaberite radio gumb označen Napravite Restore Point Na prvom ekranu zatim kliknite Dalje Dajte Restore Point zatim kliknite naziv Napravi.
• The new točku vraćanja će biti ovjerene kod trenutni datum i vrijeme. Voditi zapisnik ovog pa možete ga lako naći Ukoliko morate koristiti System Restore.
• Dalje idite na Početak > Pokrenuti i tip Cleanmgr
• Kliknite U redu
• Kliknite Više opcija Tab.
• Kliknite Clean Up u odjeljku System Restore da biste uklonili sve točke vraćanja prethodnih osim novokreiran čisti jedan.

Koristite Secunia Software inspektor provjeriti za nesuvremen softvera.
Zastario softver sigurnosnih propusta ima zlonamjernih programa koji mogu iskoristiti.

• Kliknite Počnite odmah
• Potvrdite okvir pored Enable temeljita sustav inspekcije.
• Kliknite Početak
• Dopusti da se završi skeniranje i pomaknite se dolje da vidim ako je bilo koji su nadopune potrebne.
• Update ništa navedene.

Check out Imajući Yourself sigurno na Webu Za savjete i slobodne alate da bi vas sigurno u budućnosti.

Također pogledajte Computer Sporo? To ne može biti zaštita od zlonamjernih programa besplatno za čišćenje / održavanje alata za pomoć držati tvoj računalo trčanje glatka.

Javite nam ako ništa drugo dolazi gore.