Sqmdata.sqm - Iššokantys langai, Fono pakeitimus, virusas?

**ct122592** · #1 Gruodis 24, 2007, 05:20

Labas. Soo Mano kompiuteris yra užkrėstas. ji pop ups sakydamas, kad kažkas bando ataka Mano sistema siunčiant virusu ir tada Theres rekomenduojamų antivirusinių programų Popping man įdiegti. Tada mano ekrano užsklanda pasikeičia į raudoną su simboliu.

Aš šiuo metu naudoja Spybot Search and Destroy ir Ad Adware nuskaityti mano kompiuterį kiekvieną dieną. ji nueina ir grįžta keletą HRS lters. todėl esu įdomu, kaip atsikratyti jo, kad jis įpratęs grįžti.

Logfile of HijackThis v1.99.1
Skaitymo išsaugotas 4:20:15, 12/24/2007
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ WINDOWS \ system32 \ VTTimer.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jusched.exe
C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ W32x86 \ 3 \ hpztsb1 0.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ Skype \ aim.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ LogitechDesktopMessenger. Exe
C: \ Program Files \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jucheck.exe
C: \ Program Files \ MSN Messenger \ usnsvc.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = localhost
O2 - BHO: (no name) - (0180A7AF-7449-4632-A705-09CB76186F0D) - (no file)
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (1D4B1AF0-833A-AFE9-4B66-888DBA2582CD) - (no file)
O2 - BHO: (no name) - (3f711da5-eed1-496b-9ac7-870af3236ef5) - (no file)
O2 - BHO: (no name) - (56125AE0-2785-4E21-A200-6646C4FFB7FC) - \
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ ssv.dll
O2 - BHO: (no name) - (7A8D213D-2998-4DC2-A09F-4B91903292EF) - \
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 2.1.615.5858 \ SW g.dll
O2 - BHO: (no name) - (EAA38E9A-A84D-467A-9DFB-34CFEAC54F02) - \
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe"
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / Sync
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Enterprise
O4 - HKLM \ .. \ Run: [VTTimer] VTTimer.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [MP10_EnsureFileVer] C: \ Windows \ inf \ unregmp2.exe / EnsureFileVersions
O4 - HKLM \ .. \ Run: [HP Component Manager] "C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe"
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ W32x86 \ 3 \ hpztsb1 0.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [Skype] "C: \ Program Files \ Skype \ aim.exe-cnetwait.odl
O4 - HKCU \ .. \ Run: [LogitechSoftwareUpdate] "C: \ Program Files \ Logitech \ Video \ ManifestEngine.exe" boot
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-tyliai
O4 - HKCU \ .. \ Run: [LDM] C: \ Program Files \ Logitech \ Desktop Messenger \ 8.876.480 \ Program \ BackWeb-8876480.exe
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C: \ Program Files \ Logitech \ Desktop Messenger \ 8.876.480 \ Program \ LogitechDesktopMessenger. Exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Paslaugos - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Skype - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Program Files \ Skype \ aim.exe
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ network diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ network diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (0742B9EF-8C83-41CA-BFBA-830A59E23533) (Microsoft Data Collection Control) -- https: / / support.microsoft.com / OAS / ActiveX / MSDcode.cab
O16 - DPF: (1EF9F042-C2EB-4293-8213-474CAEEF531D) (TmHcmsX Control) -- http://www.trendsecure.com/framework...ex/TmHcmsX.CAB
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient klasė) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: bwfile-8876480 - (9462A756-7B47-47BC-8C80-C34B9B80B32B) - C: \ Program Files \ Logitech \ Desktop Messenger \ 8.876.480 \ Program \ GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø20 - Winlogon Notify: gebaxxv - gebaxxv.dll (file missing)
Ø20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxsrvc.dll
Ø20 - Winlogon Notify: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
Ø20 - Winlogon Notify: pmkjh - C: \ WINDOWS \ system32 \ pmkjh.dll (file missing)
Ø20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O21 - SSODL: MSSQL - (24D6EB4C-3C8C-4355-9CD5-4948138645A3) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (372F9833-A2A9-4597-967D-9C4B6EC4121D) - C: \ WINDOWS \ syscore.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatinė LIVEUPDATE Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: LIVEUPDATE - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: SymWMI tarnybos (SymWSC) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe

Pls help. ačiū.

**Spencer2004** · #2 Gruodis 26, 2007, 09:18

gauti geros antivirusines kaip McAfee, kuri apima šlamštas, adawre, virusai, hakeriai ir tt visi vienu metu, dissconnect nuo intetnet, pašalinkite visas esamas apsaugos programų, įdiekite savo gerą antivirusinę rinktis, atnaujinti per internetą (tai turėtų būti saugus dabar McAfee yra įdiegtas), tada atlikite visišką sistemos skenavimas.

**guccijana** · #3 6 sausis 2008, 10:10

Hi there, ct122592 im asmuo, im'd iš D-narkomanų, aš paprašiau evilfantasy jums padėti, jei jis nėra užimtas tai matysime, ką jis sako, viskas gerai!

**mrdaveyk** · #4 6 sausis 2008, 10:51

Ką gi jūs dont download Rekomenduojama programa

turėjau prieš šį virusą, bet ne toks sunkus, aš negavau turas nustatymu tai kaip jis laiko tai puiku, kai aš nusipirkau naują kompiuterį

Kas antivirusinę Ar turite šiuo metu? Avast Home Edition yra nemokama gera

**Axegrinder** · #5 6 sausis 2008, 11:02

O2 - BHO: (no name) - (0180A7AF-7449-4632-A705-09CB76186F0D) - (no failas)
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
O2 - BHO: (no name) - (1D4B1AF0-833A-AFE9-4B66-888DBA2582CD) - (no file)
O2 - BHO: (no name) - (3f711da5-eed1-496b-9ac7-870af3236ef5) - (no file)
O2 - BHO: (no name) - (56125AE0-2785-4E21-A200-6646C4FFB7FC) - \
O2 - BHO: (no name) - (7A8D213D-2998-4DC2-A09F-4B91903292EF) - \
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: (no name) - (EAA38E9A-A84D-467A-9DFB-34CFEAC54F02) - \
Ø20 - Winlogon Notify: gebaxxv - gebaxxv.dll (file missing)

Tie visi ieško suspiscious ir turėtų būti pašalintas (bet patvirtinkite evilfantasy arba howardhopkinson first)

Ø20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll <<<Ar jūsų Windows Geniune? Kadangi tai yra rodomas tik tada, kai, kai "Windows" kopija yra autentiška.

**evilfantasy** · #6 6 sausis 2008, 12:21

Sveiki ct122592.

Jei Jūs vis dar ieško pagalbos tada atlikite šiuos veiksmus.

Atidaryti HijackThis ir pasirinkite Ar sistema nuskaito tik tada vieta žymės langelį:

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: (no name) - (0180A7AF-7449-4632-A705-09CB76186F0D) - (no file)
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: (no name) - (1D4B1AF0-833A-AFE9-4B66-888DBA2582CD) - (no file)
O2 - BHO: (no name) - (3f711da5-eed1-496b-9ac7-870af3236ef5) - (no file)
O2 - BHO: (no name) - (56125AE0-2785-4E21-A200-6646C4FFB7FC) - \
O2 - BHO: (no name) - (7A8D213D-2998-4DC2-A09F-4B91903292EF) - \
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: (no name) - (EAA38E9A-A84D-467A-9DFB-34CFEAC54F02) - \
Ø20 - Winlogon Notify: gebaxxv - gebaxxv.dll (file missing)
Ø20 - Winlogon Notify: pmkjh - C: \ WINDOWS \ system32 \ pmkjh.dll (file missing)

Dabar uždarykite visus langus, išskyrus HijackThis ir spustelėkite Fix Checked.

----------

Atsisiųskite CCleaner

Du kartus paspauskite ant failo ccsetup.exe pradėti programos įdiegimą.
Pasirinkite kalbą ir spustelėkite Gerai, Tada kitas.
Perskaitykite licencinę sutartį ir spustelėkite Sutinku.
Spauskite kitas naudoti numatytąją diegimo vietą.
Pagal Įdiekite Funkcijos, pasirinkite visus numatytuosius nustatymus
Spauskite Įdiegti tada apdaila Norėdami užbaigti diegimą.
Dukart spustelėkite CCleaner nuorodą darbalaukyje pradėti programą.
Apie "Windows" kortelę, pagal "Internet Explorer", "nuimkite" Cookies ", jei nenorite, kad būtų pašalinti. (Jei ištrinti, jums tikriausiai reikia iš naujo įvesti savo slaptažodžius ne visas svetaines, kuriose slapukas naudojamas atpažinti, kada apsilankysite).
Jei naudojate arba Firefox ar Mozilla naršyklės lange nuimkite varnelę už "Slapukai" yra kortelėje taikomosios programos, pagal Firefox / Mozilla.
Spustelėkite "Options" piktogramą kairėje lango pusėje, tada paspauskite "Advanced".
panaikinkite "Tik i ¹ trinti failus Windows Temp katalogus, vyresni nei 48 valandas."
Spauskite ant "Cleaner" piktogramą kairėje lango pusėje, tada Pradėti Cleaner paleisti programą.
Atsargiai! Naudokite tik "registru" funkciją, jei esate labai gerai susipažinęs su registro, kaip ji buvo žinoma, kad surasti teisėtą elementai.
Visada Atgal į viršų savo registro prieš padaryti pakeitimų.
Po CCleaner baigė procesą, spustelėkite Exit.

----------

Atsisiųsti SUPERAntispyware Free Edition (SAS)

Dukart spustelėkite piktogramą darbalaukyje, kad pradėtumėte įdiegimo procedūrą.
Kai prašoma Atnaujinti Programa apibrėžimai, paspauskite Taip
Kitas paspauskite Parinktys mygtuką.
Spauskite Skenavimo Control tab.
Po Skeneris Funkcijos įsitikinkite, kad tik taip būtų tikrinami:
- Uždaryti naršyklių iki nuskaitymo
- Skaitymo sekimo slapukų
- Nutraukti atminties grėsmių iki karantino
- Prašome palikti kitiems nepatikrintas.
- Spustelėkite mygtuką Uždaryti palikti kontrolės centras ekrane.
Spauskite Uždaryti mygtuką, norėdami išeiti kontrolės centras ekrane.
Dėl pagrindinio ekrano paspauskite Skanuoti kompiuterį
Kairėje patikrinti C: \ Fixed Drive
Dešinėje pasirinkti Atlikti Complete Scan
Spauskite Kitas pradėti nuskaityti. Būkite kantrūs, kol ji nuskaito jūsų kompiuterį.
Po nuskaitymo yra pilnas santrauka langelyje pasirodys. Spauskite Gerai
Įsitikinkite, kad viskas balta lauke turi patikrinti, šalia, tada Kitas
Ji bus karantine, ką ji rado ir jei jis prašo, jei norite iš naujo paleisti kompiuterį, spustelėkite Taip
Norėdami gauti informacijos išsiuntimo atlikite šiuos veiksmus:
- Po perkrovimo, dukart spustelėkite SUPERAntiSpyware piktogramą darbalaukyje.
- Spauskite Parinktys. Spauskite Statistika / Įrašai tab.
- Pagal Skeneris Įrašai, dukart spustelėkite SUPERAntiSpyware Scan Prisijungti.
- Tai atidarys jūsų numatytąjį teksto redaktoriumi (pavyzdžiui, Notepad / Wordpad).
- Prisiminti Notepad failą darbalaukyje, spustelėkite (Notepad)Failas"Save As"
Prisiminti Prisijungti kažkur galite lengvai jį rasti. (paprastai Desktop)
Spustelėkite Uždaryti, uždaryti ir vėl išeiti programą.
Nukopijuokite ir įklijuokite šį puslapį per jūsų pareigas.

----------

Pašalinkite / ištrinti HijackThis turite ir atsisiųsti naują versiją ir paleisti skenavimas su juo ir po žurnalo kopiją.

Atsisiųskite ir pervardinti HijackThis (HJT)

Dukart spustelėkite HJTInstall.
Spauskite Įdiegti mygtuką.
Jis bus automatiškai vieta HJT į C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Po install, HijackThis turėtų atverti jums.
- Uždaryti HijackThis ir pervadinti.
- Eikite į C: \ Program Files \ Trend Micro \HijackThis.exe
- Dešiniuoju pelės mygtuku spustelėkite HijackThis.exe pasirinkite Pervadinti.
- Įveskite sniper.exe paspauskite Registracija.
- Dešiniuoju pelės mygtuku spustelėkite ant sniper.exe pasirinkite Siųsti > Desktop (Sukurti nuorodą)
Nuo darbastalio atidaryti HiackThis.
Jei naudojate "Windows Vista", įsitikinkite, Vykdyti kaip administratorius
Spauskite Ar sistema nuskaito ir išsaugokite failą mygtukas
HijackThis bus nuskaityti ir tada žurnale bus atidaryta Notepad.
Nukopijuokite ir įklijuokite šį puslapį per jūsų pareigas.
- Neturite HijackThis nustatyti kas dar. Daugiausia, ką ji mano bus nekenksmingas ir netgi būtina.

Nors mes pervadintas HijackThis Snaiperis, mes vis dar galime kreiptis į jį kaip HijackThis ar HJT.

----------

Sekantis prašome pridėti
SUPERAntiSpyware Prisijungti
Naujas HijackThis

**ct122592** · #7 Sausis 12, 2008, 02:21

EvilFantasy Ačiū už pagalbą.

SUPERAntispyware scan Prisijungti:

SUPERAntiSpyware Scan Prisijungti
http://www.superantispyware.com

At 00:51 01/12/2008 Generated AM

Application Version: 3.9.1008

Core Taisyklės Database Versija: 3.259
Sekti Taisyklės duomenų bazė Versija: 1.270

Scan Type: Complete Scan
Iš viso nuskaitymo laikas: 00:37:53

Atminties elementai nuskaityta: 537
Atminties grėsmių detected: 0
Registro objektų nuskaitomi: 6842
Registras grėsmių aptikta: 19
Failo elementai nuskaityta: 6.768
Failo grėsmių aptikta: 67

Adware.Tracking Cookie
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ kolektyvinio žiniasklaidos [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ partner2profit [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ Skelbimo [2]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ atwola [2]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ XITI [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@adopt.specificc lick [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ html [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@ar.atwola [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@bridge.admarket vietą [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ WindowsMedia [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@ads.healthcare [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@ads.adbrite [2]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ atdmt [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@a.websponso RS [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ad.admarket vietą [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ad.reunion [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ adknowledge [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@adopt.hbmed iapro [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@adopt.hotba R [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ads.cc21414 2 [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ath.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ atwola [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ banners [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ belnk [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ bigbanners [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@btg.btgrab [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@cts.metrics tiesioginės [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@dist.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ emarketmake RS [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@hits.clicka ndtrack [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ hurricanedi gitalmedia [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ nextag [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ offeroptimi Zer [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@server.cpms tar [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@a.websponsors [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ adknowledge [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@adopt.hbmediapro [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@adopt.hotbar [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@ads.us.e-planning [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@ar.atwola [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@ath.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ atwola [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ azjmp [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@banner3.inet-traffic [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ Banner [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ belnk [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ bigbanners [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@btg.btgrab [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ cassava [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@cts.metricsdirect [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@dist.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ emarketmakers [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ exitexchange [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ interclick [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ leadgenetwork [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ linkstattrack [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ nextag [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ offeroptimizer [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@partypoker.touchc larity [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@sav.coolsavings [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ interneto nexus [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ winfixer [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@www.azoogleads [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@www.riverbelle [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@www.tagworld [1]. Txt

Trojan.WinAntiSpyware / WinAntiVirus 2006/2007
C: \ UWA7P \ Quar
C: \ WINDOWS \ .. \ UWA7P

Trojan.VideoCach / Gen
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226)
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ 0
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ 0 \ Win32
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ VĖLIAVOS
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ HELPDIR
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91)
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ ProxyStubClsid
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ ProxyStubClsid32
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ TypeLib
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ TypeLib # version
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5)
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ ProxyStubClsid
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ ProxyStubClsid32
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ TypeLib
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ TypeLib # version

Trojan.Net-MSV/VPS
HKCR \ MSVPS.MSVPSApp
HKCR \ MSVPS.MSVPSApp \ CLSID
HKCR \ MSVPS.MSVPSApp \ CurVer

I cant find hijackthis.exe, kad i dont know how to do paskutinį žingsnį. All I Have yra nauja versija HJT įdiegta.

**evilfantasy** · #8 Sausis 12, 2008, 10:38

Pašalinti / ištrinti HijackThis. Jis yra pasenusi versija.

Tada naudokite instrukcijas daviau įdiegti naują versiją.

**ct122592** · #9 Sausis 13, 2008, 03:16

Gerai ačiū.

**evilfantasy** · #10 Sausis 13, 2008, 09:44

Ir po naują Prisijungti iš naujo HijackThis.