[1carly1]

Čau! nesen esmu expieriencing problēmas ar pop ups viņi neko prom tie pop up katru minūti, un jā man palaist norton 360 un reklāmas zina, bet nekas nav mainījies. Man arī ir ievērojuši problēma ar iexplore ekspluatācijas process, kad es ciešu internets šo procesu joprojām darbojas. ļoti kaitinošas, var kāds zināt, kā šo problēmu risināt?

[hAvAAck]

palaist nolaupīt šajā tīmekļa vietnē http://www.trendsecure.com/portal/en...HJTInstall.exe
Publicēt jūsu žurnālu, un pagaidīt, lai kāds, piemēram, evilfantasy, lai palīdzētu jums, kas:)

[1carly1]

heres my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 07:50:55, uz 15/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running procesiem:
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Windows \ RtHDVCpl.exe
C: \ Acer \ Empowering Technology \ eDataSecurity \ eDSLoader.exe
C: \ Program Files \ Acer \ Acer Arcade \ PCMService.exe
C: \ Windows \ System32 \ hkcmd.exe
C: \ Windows \ System32 \ igfxpers.exe
C: \ Program Files \ Launch Manager \ LManager.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jusched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Lexmark 3500-4500 Series \ lxdimon.exe
C: \ Program Files \ Lexmark 3500-4500 Series \ lxdiamon.exe
C: \ Program Files \ Windows sānjoslas \ sidebar.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ IVT Corporation \ BlueSoleil \ BlueSoleil.exe
C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
C: \ Acer \ Empowering Technology \ ENET \ ENMTRAY.EXE
C: \ Acer \ Empowering Technology \ EPOWER \ EPOWER_DMC.EXE
C: \ ACER \ Empowering Technology \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C: \ Acer \ Empowering Technology \ eRecovery \ ERAGENT.EXE
C: \ Windows \ system32 \ igfxsrvc.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Windows sānjoslas \ sidebar.exe
C: \ Users \ carly \ AppData \ Local \ Temp \ RtkBtMnt.exe
C: \ Program Files \ Apoint2K \ ApMsgFwd.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O1 - Hosts::: 1 localhost
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (1E8A6170-7.264-4D0F-BEAE-D42A53123C75) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 1.5 \ NppBho.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: ShowBarObj Class - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - C: \ Windows \ system32 \ ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8.333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4.638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 2.1.1119.1736 \ s wg.dll
O2 - BHO: Windows Live Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - (5CBE3B7C-1E47-477e-A7DD-396DB0476E29) - C: \ Windows \ system32 \ eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O3 - Toolbar: Rādīt Norton Toolbar - (90.222.687-F593-4.738-B738-FBEE9C7B26DF) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 1.5 \ UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar1.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% programfiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [ALaunch] C: \ Acer \ ALaunch \ AlaunchClient.exe
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [eDataSecurity Loader] C: \ Acer \ Empowering Technology \ eDataSecurity \ eDSloader.exe
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Acer \ Acer Arcade \ PCMService.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ Windows \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ Windows \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [noturīgums] C: \ Windows \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [LManager] C: \ PROGRA ~ 1 \ UZSĀK ~ 1 \ LManager.exe
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [Acer Tour Atgādinājums] C: \ Acer \ AcerTour \ Reminder.exe
O4 - HKLM \ .. \ Run: [WarReg_PopUp] C: \ Acer \ WR_PopUp \ WarReg_PopUp.exe
O4 - HKLM \ .. \ Run: [SetPanel] C: \ Acer \ APanel \ APanel.cmd
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [lxdimon.exe] "C: \ Program Files \ Lexmark 3.500-4.500 Sērija \ lxdimon.exe"
O4 - HKLM \ .. \ Run: [lxdiamon] "C: \ Program Files \ Lexmark 3.500-4.500 Sērija \ lxdiamon.exe"
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Program Files \ Windows sānjoslas \ sidebar.exe / Autorun
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [oozestore] "C: \ programdata \ Winbonebone.z4bj6"
O4 - HKCU \ .. \ Run: [Somas Else Hole Lite] "C: \ programdata \ Build Pieci Store.e0cte"
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% programfiles% \ Windows sānjoslas \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% programfiles% \ Windows sānjoslas \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BlueSoleil.lnk =?
O4 - Global Startup: Empowering Technology Launcher.lnk =?
O4 - Global Startup: Google Updater.lnk = C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
Ø8 - ārpus konteksta menu item: & Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000
Ø9 - Extra button: Nosūtīt OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
Ø9 - Extra 'Tools' MENUITEM: S & galu OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ REFIEBAR.DLL
Ø16 - DPF: (4F1E5B1A-2A80-42CA-8.532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.hotmail.com/mail/w2/reso...PUplden-gb.cab
Ø20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C: \ Windows \ system32 \ agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown īpašnieks - C: \ Acer \ ALaunch \ ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: BlueSoleil HID Service - Unknown īpašnieks - C: \ Program Files \ IVT Corporation \ BlueSoleil \ BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown īpašnieks - C: \ Program Files \ Acer \ Acer Arcade \ Kernel \ TV \ CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown īpašnieks - C: \ Program Files \ Acer \ Acer Arcade \ Kernel \ TV \ CLSched.exe
O23 - Service: Symantec Lic NetConnect dienests (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe
O23 - Service: CyberLink Media Library Service - CyberLink - C: \ Program Files \ Acer \ Acer Arcade \ Kernel \ CLML_NTService \ CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C: \ Acer \ Empowering Technology \ eDataSecurity \ eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc - C: \ Acer \ Empowering Technology \ eLock \ Service \ eLockServ.exe
O23 - Service: ENET Service - Acer Inc - C: \ Acer \ Empowering Technology \ ENET \ ENET Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc - C: \ Acer \ Empowering Technology \ eRecovery \ eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown īpašnieks - C: \ Acer \ Empowering Technology \ eSettings \ Service \ capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Marķēšanas dienests (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc - C: \ Windows \ system32 \ spool \ drivers \ W32X86 \ 3 \ \ lxdise rv.exe
O23 - Service: lxdi_device - - C: \ Windows \ system32 \ lxdicoms.exe
O23 - Service: MobilityService - Unknown īpašnieks - C: \ Acer \ mobilitātes centrs \ MobilityService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: ePower Service (WMIService) - ACER - C: \ Acer \ Empowering Technology \ ePower \ ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc - C: \ Windows \ system32 \ drivers \ xaudio.exe

--
End of failu - 11.546 bytes

[evilfantasy]

Download NoLop Jūsu datorā no vienas no saitēm ...

• Link 1
• Link 2

• Aizveriet visas programmas, ir darbojusies kopš reboot ir vajadzīga
• Dubultklikšķis NoLop.exe lai tā varētu darboties
• Pēc tam noklikšķiniet uz pogas ar nosaukumu: Search and Destroy
  • Jūsu dators tagad būs skenēti inficēto failu
• Kad skenēšana ir pabeigta, ja inficēti, jums tiek piedāvāts atsāknēšana
• Noklikšķiniet uz OK
• Tagad noklikšķiniet: Reboot
• Message vajadzētu popup no NoLop. Ja ne, divreiz uzklikšķiniet programmu vēlreiz, un tā beigsies.
• Post saturs C: \ NoLop.log ar nākamo atbildi.

Piezīme: Ja saņemat kļūdas, "mscomctl.ocx vai vienā no tās atkarības nav pareizi reģistrēta," lūdzu, lejupielādējiet mscomctl.ocx jūsu system32 mapē pēc tam atkārto programmu.


----------

Lejupielādēt Vundofix.exe uz Jūsu rakstāmgalda.

• Veiciet dubultklikšķi uz VundoFix.exe lai tā varētu darboties.
• Put pārbaude blakus Run VundoFix kā uzdevums.
• Jūs saņemsiet ziņojumu, kurā teikts vundofix slēgs un atkārtotu reģistrēšanu, minūte vai mazāks. Click OK
• Kad VundoFix atkal atveras, noklikšķiniet uz Meklēt Vundo pogu.
• Kad tas ir izdarīts skenēšanai, noklikšķiniet uz Noņemt Vundo pogu.
• Jūs saņemsiet ātru jautā, ja jūs vēlaties izņemt failus, noklikšķiniet uz JĀ
• Kad jūs noklikšķiniet uz Jā, darbvirsmā būs iet tukšā, jo tas sāk likvidēt Vundo.
• Kad pabeigts, tas liks, ka tas shutdown jūsu datorā, noklikšķiniet uz OK.
• Pārvērtiet savu datoru atpakaļ.
• Lūdzu, sūtiet C saturs: \vundofix.txt

Piezīme: Ir iespējams, ka VundoFix radās failu nevar noņemt. Šādā gadījumā VundoFix darbosies reboot, vienkārši izpildiet iepriekš instrukcijas, sākot no "Click Meklēt Vundo pogu", kad VundoFix parādās reboot.

Please let Vundo apdare, dažreiz to var veikt vairākas iet

----------

Lūdzu, lejupielādējiet Combofix ar subs no vienas no saitēm.
(Try visi trīs, ja nepieciešams)

• Link # 1
• Link # 2
• Link # 3

Svarīgi! Combofix.exe Jābūt saglabāt un ilga no Desktop.

• Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc) pirms uzsākt Combofix.
• Svarīgi! Laiku sakropļot jūsu antivīruss, script bloķēšana un visiem antispyware reāllaika aizsardzību pirms veic skenēšanu.
  • Click šo saiti redzēt sarakstu drošības programmas, kas ir invalīdi un to, kā pārtraukt to darbību.
  • Ja jūsu valsts nav sarakstā, un jūs nezināt, kā atspējot, lūdzu, jautājiet.
• Brīdinājums: Combofix atvieno datoru no interneta. Savienojums tiek automātiski atjaunots pirms Combofix pabeidz palaist.
• Dubultklikšķi combofix.exe un sekojiet norādījumiem.
  • No tastatūras izvēlētos 1 un nospiediet Enter
• Kad pabeigts, tas rada log for you.
• Dienests, log jūsu nākamo atbildi.

Brīdinājums: Nav mouseclick combofix loga kamēr tas darbojas. Tas var izraisīt to stall

• Ja Combofix nokļūst grūtībās, un to beidz priekšlaicīgi, savienojumu var manuāli atjaunoja restartējot datoru.
• Svarīgi: Atcerieties, ka jauna aktivizētu jūsu antivīrusu un antispyware, pirms atjaunot saikni ar internetu.

----------

Next post lūdzu, pievienojiet
NoLop log
Vundofix log
Combofix log