[euphotix]

tāpēc es lejupielādēt winzix. yah im mēms es zinu tagad. bet es noņem to un izdarīja dažas vīrusu skenēšanu. lieto AVG un pēc tam McAfee. bet i got 2 iexplorers atvērts mans Windows Task manager. un kad es aizvērtu vai do end process tree, MATHA ~ 1.exe vai RECTBO ~ 1.exe paver tikai otrais un reopens iexplorers. un tad viņi tuvu. soo yah Nezinu ko darīt. bet redzu daudz ppl saku izmantot ļaunprātīgi to. soo heres my nolaupīt šo žurnālu. any help būtu soo appreciated

Logfile of HijackThis v1.99.1
Scan saglabāts 1:04:01 gada 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
c: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ MNA \ mcnasvc.exe
c: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcshield.exe
C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
c: \ PROGRA ~ 1 \ mcafee.com \ aģents \ mcagent.exe
C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcsysmon.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ Creative \ MediaSource \ lapas \ CTCMSGo.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ OpenOffice.org 2,3 \ program \ soffice.exe
C: \ Program Files \ OpenOffice.org 2,3 \ program \ soffice.BIN
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: scriptproxy - (7DB2D5A0-7.241-4E79-B68D-6309F01C5231) - C: \ Program Files \ McAfee \ VirusScan \ scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8.333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar2.dll
O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [saliekt logo pulksteni filma] C: \ Documents and Settings \ All Users \ Application Data \ Frag Great Bend logo \ četras tick.exe
O4 - HKCU \ .. \ Run: [trustlive] C: \ DOCUME ~ 1 \ DANIEL ~ 1 \ Applic ~ 1 \ RECTLO ~ 1 \ Math Mags.exe
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Creative MediaSource Go] C: \ Program Files \ Creative \ MediaSource \ lapas \ CTCMSGo.exe / SYS
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C: \ Program Files \ OpenOffice.org 2,3 \ program \ quickstart.exe
Ø8 - ārpus konteksta menu item: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar2.dll/cmsearch.html
Ø8 - ārpus konteksta izvēlnes vienums: Atpakaļsaites - res: / / C: \ Program Files \ Google \ GoogleToolbar2.dll/cmbacklinks.html
Ø8 - ārpus konteksta izvēlnes vienums: Cached Snapshot Page - res: / / C: \ Program Files \ Google \ GoogleToolbar2.dll/cmcache.html
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ EXCEL.EXE/3000
Ø8 - ārpus konteksta izvēlnes vienums: Līdzīgas lapas - res: / / C: \ Program Files \ Google \ GoogleToolbar2.dll/cmsimilar.html
Ø8 - ārpus konteksta izvēlnes vienums: Tulko angļu valodā - res: / / C: \ Program Files \ Google \ GoogleToolbar2.dll/cmtrans.html
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: UltimateBet - (94148DB5-B42D-4.915-95DA-2CBB4F7095BF) - C: \ Program Files \ UltimateBet \ UltimateBet.exe
Ø9 - Extra 'Tools' MENUITEM: UltimateBet - (94148DB5-B42D-4.915-95DA-2CBB4F7095BF) - C: \ Program Files \ UltimateBet \ UltimateBet.exe
Ø9 - Extra button: AIM - (AC9E2541-2.814-11d5-BC6D-00B0D0A1DE45) - C: \ Program Files \ AIM \ aim.exe
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ YPager.exe
Ø9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ YPager.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø11 - grupā Opcijas: [INTERNATIONAL] International *
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø20 - Winlogon Paziņot: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Adobe LM Service - Unknown īpašnieks - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe (file missing)
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee Network Aģents (McNASvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee Real-time skeneris (McShield) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe

[evilfantasy]

Welcome to TCF.

Ļauj redzēt, ja mēs varam izārstēt šo.

Lūdzu, lejupielādējiet OTMoveIt2 ar oldtimer OTMoveIt2.exe un saglabājiet to savā datorā. Nelietojiet to vēl.

---------------

Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai tad vieta atzīmi blakus:

O4 - HKLM \ .. \ Run: [saliekt logo pulksteni filma] C: \ Documents and Settings \ All Users \ Application Data \ Frag Great Bend logo \ četras tick.exe
O4 - HKCU \ .. \ Run: [trustlive] C: \ DOCUME ~ 1 \ DANIEL ~ 1 \ Applic ~ 1 \ RECTLO ~ 1 \ Math Mags.exe

Aizveriet visus logus, izņemot HijackThis un noklikšķiniet uz Fix pārbaudīja

Iziet HijackThis.

---------------

Dubultklikšķis OTMoveIt2.exe to uzsākt.

Esi pārliecināts, ka tur ir atzīme blakus Unregister dll's un OCX's

• Kopēt divas lietas ceļus zem starpliktuvē uzsverot ALL no tiem.
• Tad labo pogu un izvēlieties kopiju.

C: \ Documents and Settings \ All Users \ Application Data \ Frag Great Bend logo \ četras tick.exe
C: \ DOCUME ~ 1 \ DANIEL ~ 1 \ Applic ~ 1 \ RECTLO ~ 1 \ Math Mags.exe

• Atgriezties OTMoveIt labo klikšķi Ielīmēt saraksts failus / mapes pārvietot logu un izvēlēties Ielīmēt.
• Click sarkans MoveIt! pogu.
• Saraksts tiks apstrādāti un rezultāti parādīsies labajā rūtī.
• Kopēt visu, uz rezultātu logā uz starpliktuvi uzsverot ALL no tiem.
• Tad labo pogu un izvēlieties kopiju un ielīmējiet to savā nākamajā atbildi.
• Kad pabeigta, noklikšķiniet Iziet lai izietu no programmas.
• Lūdzu, ieejiet savā nākamajā atbildi.

• Ja faila vai mapes nevar pārvietot uzreiz, Jūs var lūgt atsāknēšana mašīna pabeigt pārvietoties procesu. Ja tiek prasīts atsāknēšana mašīna, izvēlēties Jā.

• Ja reboot bija nepieciešams, vai arī jums nepieciešams, lai izietu Pirms ievietot žurnālā, atradīsiet kopiju žurnāla pie saknes disks, kurā OTMoveIt ir uzstādīts, parasti: C: \ _OTMoveIt \ MovedFiles \ ********_******. log
• (ja "********_******" ir "date_time")

Click Iziet aizvērt OTMoveIt.

---------------

Next post lūdzu, pievienojiet OTMoveIt log

[Axegrinder]

Ø20 - Winlogon Paziņot: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll

Vai jūsu Windows geniune?

Edit: Evilfantasy pārspēt mani arī tā

[euphotix]

Yay!! im diezgan pārliecināts, ka tas strādā. thanks daudz, bet es esmu mazliet nesakārtots, ko neizdevās pārvietot failu.

File pārvietot neizdevās. C: \ Documents and Settings \ All Users \ Application Data \ Frag Great Bend logo \ četras tick.exe paredzēts pārvietot uz reboot.
C: \ DOCUME ~ 1 \ DANIEL ~ 1 \ Applic ~ 1 \ RECTLO ~ 1 \ Math Mags.exe pārvietots veiksmīgi.

OTMoveIt2 v1.0.7 log izveidota 01162008_145132

EDIT: Im diezgan pārliecināts, ka mana Windows ir autentiska, i got my comp pasūtījuma izgatavotu dažus gadus atpakaļ

[evilfantasy]

Did you reboot?


Mums joprojām ir nepieciešams veikt dažas vairāk. Parasti infekcijas skartajām teritorijām, kas parāda ir tikai galu problēmu. Ļauj pārliecināties, viss ir pagājis.

Lejupielādēt SUPERAntispyware Free Edition (SAS)

• Veiciet dubultklikšķi uz ikonas uz darbvirsmas, lai palaistu uzstādītājam.
• Kad mums jautā, Atjaunot programma definīcijas, noklikšķiniet uz Jā
• Next klikšķi Preferences pogu.
• Click Scanning Control tab.
• Zem Skeneris Options pārliecināties tikai šādas pārbaudes:
  • Aizveriet pārlūkprogrammu pirms skanēšanas
  • Scan izsekošanai cookies
  • Pārtraukt atmiņa draudiem pirms quarantining
  • Lūdzu atstājiet citiem nekontrolētu.
  • Noklikšķiniet uz pogas Aizvērt atstāt kontroles centrs ekrānu.
• Click Aizvērt poga atstāt kontroles centrs ekrānu.
• Uz galvenā ekrāna klikšķi Skenēt datoru
• Par kreisi pārbaude C: \ Fiksētie Drive
• Par tiesībām izvēlēties Veikt Complete Scan
• Click Nākamais , lai sāktu skenēšanu. Lūdzu, esiet pacietīgi kamēr skenē datoru.
• Pēc skenēšanas pabeigšanas kopsavilkums lodziņā parādīsies. Click OK
• Pārliecinieties, ka viss baltā kaste ir pārbaude tam blakus, tad noklikšķiniet uz Nākamais
• Tas karantīnas ko tā konstatējusi, un, ja tā jautā, vai vēlaties reboot, noklikšķiniet uz Jā
• Lai ielādētu pārcelšanās informāciju, lūdzu, rīkojieties šādi:
  • Pēc reboot, veiciet dubultklikšķi uz SUPERAntiSpyware ikonas uz darbvirsmas.
  • Click Preferences. Click Statistika / Logs tab.
  • Saskaņā Scanner Baļķi, veiciet dubultklikšķi uz SUPERAntiSpyware Scan Žurnālā.
  • Tā tiks atvērta noklusējuma teksta redaktoru (piemēram, Notepad / Wordpad).
  • Saglabāt notepad failu darbvirsmā noklikšķinot uz (iekš Notepad) "Fails""Save As"
• Saglabāt log kaut kur var viegli atrast. (parasti desktop)
• Noklikšķiniet uz Aizvērt un gandrīz no jauna, lai izietu no programmas.
• Lūdzu nokopējiet un ielīmējiet log in your post.

---------------

Palaist jaunu HijackThis skenēšanas un pēc šo žurnālu arī.

---------------

Next post
SuperAntispyware log
New HijackThis log

[euphotix]

hey hey, piedodiet man bija tik ilgi. Man bija strādāt uzreiz pēc mana pēdējā post.

bet heres apaļkoku!!

Nolaupīt tas log

Logfile of HijackThis v1.99.1
Scan saglabāts 3:26:25 gada 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
c: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ MNA \ mcnasvc.exe
c: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcshield.exe
C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
c: \ PROGRA ~ 1 \ mcafee.com \ aģents \ mcagent.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Creative \ MediaSource \ lapas \ CTCMSGo.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ OpenOffice.org 2,3 \ program \ soffice.exe
C: \ Program Files \ OpenOffice.org 2,3 \ program \ soffice.BIN
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcsysmon.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ BitComet \ BitComet.exe
C: \ Program Files \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: scriptproxy - (7DB2D5A0-7.241-4E79-B68D-6309F01C5231) - C: \ Program Files \ McAfee \ VirusScan \ scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8.333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar2.dll
O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Creative MediaSource Go] C: \ Program Files \ Creative \ MediaSource \ lapas \ CTCMSGo.exe / SYS
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C: \ Program Files \ OpenOffice.org 2,3 \ program \ quickstart.exe
Ø8 - ārpus konteksta menu item: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar2.dll/cmsearch.html
Ø8 - ārpus konteksta izvēlnes vienums: Atpakaļsaites - res: / / C: \ Program Files \ Google \ GoogleToolbar2.dll/cmbacklinks.html
Ø8 - ārpus konteksta izvēlnes vienums: Cached Snapshot Page - res: / / C: \ Program Files \ Google \ GoogleToolbar2.dll/cmcache.html
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ EXCEL.EXE/3000
Ø8 - ārpus konteksta izvēlnes vienums: Līdzīgas lapas - res: / / C: \ Program Files \ Google \ GoogleToolbar2.dll/cmsimilar.html
Ø8 - ārpus konteksta izvēlnes vienums: Tulko angļu valodā - res: / / C: \ Program Files \ Google \ GoogleToolbar2.dll/cmtrans.html
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: UltimateBet - (94148DB5-B42D-4.915-95DA-2CBB4F7095BF) - C: \ Program Files \ UltimateBet \ UltimateBet.exe
Ø9 - Extra 'Tools' MENUITEM: UltimateBet - (94148DB5-B42D-4.915-95DA-2CBB4F7095BF) - C: \ Program Files \ UltimateBet \ UltimateBet.exe
Ø9 - Extra button: AIM - (AC9E2541-2.814-11d5-BC6D-00B0D0A1DE45) - C: \ Program Files \ AIM \ aim.exe
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ YPager.exe
Ø9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ YPager.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø11 - grupā Opcijas: [INTERNATIONAL] International *
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Paziņot: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Adobe LM Service - Unknown īpašnieks - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe (file missing)
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee Network Aģents (McNASvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee Real-time skeneris (McShield) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe

un heres my SUPERspyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/17/2008 at 03:11

Application Version: 3.9.1008

Core Noteikumi Database Version: 3.381
Trace Noteikumi Database Version: 1375

Scan type: Complete Scan
Kopā Scan Time: 04:41:27

Atmiņas vienības skenēts: 544
Memory draudiem detected: 0
Reģistra vienības skenēts: 5.928
Reģistrs draudiem detected: 0
File preces skenēts: 173.662
File draudiem detected: 71

Adware.Tracking Cookie
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@www.findagrave [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ clicksor [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight@ontarget.122.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ eyewonder [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight @ partypoker [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ TOPlist [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@highbeam.122.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@counter.inkfrog [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@community.finditquick [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight@eas.apm.emediate [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ atwola [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ads.adengage [3]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight@ads.vlaze [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ads.str8up [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ uvertīra [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight @ tacoda [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ pitchforkmedia [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight @ azjmp [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@try.starware [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ adinterax [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@nhl.112.2o7 [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ylwbook.findlinks [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@www.epilot [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight @ adultfriendfinder [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@mcclatchy.112.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@servedby.adorigin [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@roi.admarketplace [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ adcentriconline [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ads.tnt [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight @ 2o7 [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ clicktorrent [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@richmedia.yahoo [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ html [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ findagrave [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ adorigin [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight@partygaming.122.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ WindowsMedia [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@2.go.globaladsales [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ 2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ adinterax [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ads.adengage [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ads.realtechnetwork [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@bridge.admarketplace [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@buzznet.112.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ cpvfeed [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ Brivi.lv Piedāvājumi [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ palielināt [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@h.starware [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ interclick [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ localhelpfinder [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@nhl.112.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ optimost [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ partypoker [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@publishers.clickbooth [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ smileycentral [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ tacoda [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@tremor.adbureau [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@waterfrontmedia.112.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@www.dealtime [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@www.geeksfind [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@www.popundersupply [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel bruņinieks @ xiti [1]. Txt

Adware.Search2Find
C: \ SYSTEM apjoma informācija \ _RESTORE (9ABC731F-C847-4CA4-821A-E6D2ED1D4D39) \ RP565 \ A0305240.EXE

Trojan.Downloader-ConHook
C: \ WINDOWS \ SYSTEM32 \ DDAYA.EXE

Trojan.Downloader-Gen/BigTkt
C: \ WINDOWS \ SYSTEM32 \ DRVSIPR.DLL

Adware.Vundo Variants / Rel
C: \ WINDOWS \ SYSTEM32 \ TSTWA.BAK1

Adware.Lop
C: \ _OTMOVEIT \ MOVEDFILES \ 01162008_145132 \ Documents and Settings \ All Users \ Application Data \ Frag GREAT BEND LOGO \ FOUR TICK.EXE

[evilfantasy]

Logs izskatās naudas tagad. Kā datorā?


Laiks darīt kādu tīrīšana un drošu darbu, jums ir darīts.

• Click START tad RUN
• Tagad tips Combofix / u in runbox
• Pārliecinieties, ka tur starp Combofix un telpas / u
• Tad hit Enter.

• Iepriekš minēto procedūru paredz:
• Dzēst tekstu:
• ComboFix un ar to saistītos failus un mapes.
• Reset pulksteņa uzstādījumus.
• Paslēpt failu paplašinājumus, ja nepieciešams.
• Paslēpt System / Hidden failus, ja nepieciešams.
• Uzstādīt jaunu, tīru Restore Point.

Let's izputināt programmas, mēs esam izmantojuši, lai attīrītu datoru, tie nav piemēroti
vispārējā malware atcelšana var radīt kaitējumu, ja sākusi nejauši.

Lūdzu, lejupielādējiet OTMoveIt2 ar oldtimer OTMoveIt2.exe un novietojiet to uz darbvirsmas.

1. Dubultklikšķis OTMoveIt2.exe to uzsākt.
2. Noklikšķiniet uz Cleanup! pogu.
3. OTMoveIt2 lejupielādēt sarakstu no interneta, ja jūsu ugunsmūra vai citas aizsardzības programmas jūs brīdina, ļauj tai piekļūt.
4. Click JĀ pie nākamā ātru (saraksts lejupielādēt, Vai vēlaties sākt cleanup process)?

• Kad pabeigts izejas no OTMoveIt2

Izbraukšana Uzturētu sevi droši On Web par padomiem un bezmaksas rīki, lai saglabātu jums droši nākotnē.

Apskatiet arī Lēns dators? To nedrīkst Malware bezmaksas tīrīšanas / uzkopšanas līdzekļus, lai palīdzētu saglabāt jūsu datorā, kurā darbojas gluda.


Let me know, cik viss ir tagad.

[euphotix]

ok man tas viss, bet es couldnt do Combixfix thingy. tas saka logi cant atrast.

un es tomēr OTMoveIt2, un atkal teica neveiksmīgi, to darīs uz starta bet doesn't uzsākt darbības uzsākšanas

Es gribu parādīt u žurnālā. bet Es izdzēsu to cuz i got kinda bail kad u teica kāds varētu netīšām izdzēst kaut ko par manu comp ar to. lols


EDIT: oh ya mans dators ir atpakaļ normālā tagad, bet im goin, lai pārbaudītu izmeta lēns dators nevar malware vītne
BTW paldies LOT JŪS AWESOME persona AWESOMENESS

[evilfantasy]

Nekādu problēmu Esmu pārliecināts, ka viss ir labi.

Vai dators darbojas OK vēl?