[ct122592]

čau. soo mans dators ir inficēts. tas ir pop ups, sakot, ka kāds mēģina uzbrukt manu sistēmu, iesūtot vīruss un tad theres ieteicamajos vīrusu programmu popping up man instalēt. Tad mana bilde mainīsies uz sarkanu ar simbolu.


i am pašlaik izmanto Spybot Search and Destroy, ad adware skenēt datoru ikdienas. tā iet prom un nāk atpakaļ dažas stundas lters. so i am wondering, kā atbrīvoties no tā, lai tas paradis atgriezties vēlreiz.


Logfile of HijackThis v1.99.1
Scan saglabāts 4:20:15, 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ WINDOWS \ system32 \ VTTimer.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jusched.exe
C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ AIM \ aim.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ LogitechDesktopMessenger. Exe
C: \ Program Files \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jucheck.exe
C: \ Program Files \ MSN Messenger \ usnsvc.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = localhost
O2 - BHO: (no name) - (0180A7AF-7.449-4.632-A705-09CB76186F0D) - (no file)
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (1D4B1AF0-833A-AFE9-4B66-888DBA2582CD) - (no file)
O2 - BHO: (no name) - (3f711da5-eed1-496b-9ac7-870af3236ef5) - (no file)
O2 - BHO: (no name) - (56125AE0-2.785-4E21-A200-6646C4FFB7FC) - \
O2 - BHO: Yahoo! IE Pakalpojumi Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ ssv.dll
O2 - BHO: (no name) - (7A8D213D-2.998-4DC2-A09F-4B91903292EF) - \
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4.638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 2.1.615.5858 \ sw g.dll
O2 - BHO: (no name) - (EAA38E9A-A84D-467A-9DFB-34CFEAC54F02) - \
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Enterprise
O4 - HKLM \ .. \ Run: [VTTimer] VTTimer.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [MP10_EnsureFileVer] C: \ WINDOWS \ inf \ unregmp2.exe / EnsureFileVersions
O4 - HKLM \ .. \ Run: [HP Component Manager] "C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe"
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [AIM] C: \ Program Files \ AIM \ aim.exe-cnetwait.odl
O4 - HKCU \ .. \ Run: [LogitechSoftwareUpdate] "C: \ Program Files \ Logitech \ Video \ ManifestEngine.exe" boot
O4 - HKCU \ .. \ Run: [Yahoo! Peidžeri] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-kluss
O4 - HKCU \ .. \ Run: [LDM] C: \ Program Files \ Logitech \ Desktop Messenger \ 8.876.480 \ Program \ BackWeb-8876480.exe
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C: \ Program Files \ Logitech \ Desktop Messenger \ 8.876.480 \ Program \ LogitechDesktopMessenger. Exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ ssv.dll
Ø9 - Extra button: Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: AIM - (AC9E2541-2.814-11d5-BC6D-00B0D0A1DE45) - C: \ Program Files \ AIM \ aim.exe
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø11 - grupā Opcijas: [INTERNATIONAL] International *
Ø16 - DPF: (0742B9EF-8C83-41CA-BFBA-830A59E23533) (Microsoft Data Collection Control) -- https: / / support.microsoft.com / OAS / ActiveX / MSDcode.cab
Ø16 - DPF: (1EF9F042-C2EB-4.293-8.213-474CAEEF531D) (TmHcmsX Control) -- http://www.trendsecure.com/framework...ex/TmHcmsX.CAB
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient klase) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: bwfile-8.876.480 - (9462A756-7B47-47BC-8C80-C34B9B80B32B) - C: \ Program Files \ Logitech \ Desktop Messenger \ 8.876.480 \ Program \ GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø20 - Winlogon Paziņot: gebaxxv - gebaxxv.dll (file missing)
Ø20 - Winlogon Paziņot: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxsrvc.dll
Ø20 - Winlogon Paziņot: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
Ø20 - Winlogon Paziņot: pmkjh - C: \ WINDOWS \ system32 \ pmkjh.dll (file missing)
Ø20 - Winlogon Paziņot: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O21 - SSODL: MSSQL - (24D6EB4C-3C8C-4355-9CD5-4948138645A3) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (372F9833-A2A9-4.597-967D-9C4B6EC4121D) - C: \ WINDOWS \ syscore.dll
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Antivirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe

Pls help. pateicība.

[Spencer2004]

iegūt labu antivīrusu kā McAfee kas attiecas uz surogātpastu, adawre, vīrusiem, hakeriem utt visus uzreiz, dissconnect no intetnet, atinstalēt visas jūsu pašreizējās aizsardzības programmas, instalēt jūsu labs antivirus izvēles, atjauniniet pa internetu (tas ir droši tagad McAfee ir instalēts) tad do pilnu sistēmas skenēšanu.

[guccijana]

hi there, ct122592 im personai, kurai jūs im'd no D-narkomāniem, es jautāju evilfantasy palīdzēt tevi, ja viņš nav aizņemts, tāpēc mēs redzēsim, ko viņš saka, labi!

[mrdaveyk]

kas kādreiz jūs dont lejupielādēt ieteicamā programma

Man ir bijusi šī vīrusa agrāk, bet ne tik smagi, man nebija ne apiet, lai noteiktu to, ka laika ziņā tas tikai taisnība, kad es nopirku savu jauno datoru

kādi anti vīrusa jums ir šobrīd? Avast bezmaksas Home Edition ir labs

[Axegrinder]

O2 - BHO: (no name) - (0180A7AF-7.449-4.632-A705-09CB76186F0D) - (no fails)
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
O2 - BHO: (no name) - (1D4B1AF0-833A-AFE9-4B66-888DBA2582CD) - (no file)
O2 - BHO: (no name) - (3f711da5-eed1-496b-9ac7-870af3236ef5) - (no file)
O2 - BHO: (no name) - (56125AE0-2.785-4E21-A200-6646C4FFB7FC) - \
O2 - BHO: (no name) - (7A8D213D-2.998-4DC2-A09F-4B91903292EF) - \
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: (no name) - (EAA38E9A-A84D-467A-9DFB-34CFEAC54F02) - \
Ø20 - Winlogon Paziņot: gebaxxv - gebaxxv.dll (file missing)

Šie visi izskatās suspiscious un ir jāsvītro (bet apstiprināt evilfantasy vai howardhopkinson pirmā)

Ø20 - Winlogon Paziņot: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll <<<Vai Jūsu logi Geniune? Kā tas ir redzams tikai tad, ja tad, kad logu kopija nav autentiska.

[evilfantasy]

Hello ct122592.

Ja jūs joprojām meklē palīdzību, tad, lūdzu, izpildiet šos norādījumus.

Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai pēc tam notiek atzīmi blakus:

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: (no name) - (0180A7AF-7.449-4.632-A705-09CB76186F0D) - (no file)
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: (no name) - (1D4B1AF0-833A-AFE9-4B66-888DBA2582CD) - (no file)
O2 - BHO: (no name) - (3f711da5-eed1-496b-9ac7-870af3236ef5) - (no file)
O2 - BHO: (no name) - (56125AE0-2.785-4E21-A200-6646C4FFB7FC) - \
O2 - BHO: (no name) - (7A8D213D-2.998-4DC2-A09F-4B91903292EF) - \
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: (no name) - (EAA38E9A-A84D-467A-9DFB-34CFEAC54F02) - \
Ø20 - Winlogon Paziņot: gebaxxv - gebaxxv.dll (file missing)
Ø20 - Winlogon Paziņot: pmkjh - C: \ WINDOWS \ system32 \ pmkjh.dll (file missing)

Tagad aizveriet visus logus, izņemot HijackThis un noklikšķiniet uz Labot Checked.

----------

Lūdzu, download CCleaner

• Dubultklikšķi uz ccsetup.exe failu, lai sāktu uzstādīšanas programmu.
• Izvēlieties valodu un noklikšķiniet OK, Tad nākamais.
• Izlasiet licences līgumu un noklikšķiniet uz Es piekrītu.
• Click nākamais lai izmantotu noklusēto install atrašanās vietu.
• Zem Install opcijas izvēlēties visus noklusējuma iestatījumus
• Click Install tad apdare lai pabeigtu instalēšanu.
• Dubultklikšķi CCleaner saīsni darbvirsmā, lai sāktu programmu.
• Par "Windows" tab zem "Internet Explorer", neatķeksējiet "Cookies", ja nevēlaties dzēšanu. (Ja izdzēsti, jums, iespējams, nepieciešams reenter jūsu paroles visās vietās, kur sīkfailu izmanto, lai atpazītu jūs, kad apmeklējat).
• Ja Jūs lietojat vai nu Firefox vai Mozilla pārlūkiem, lai neatķeksējiet ailē "Cookies" ir par Programmas cilnes, kas Firefox / Mozilla.
• Noklikšķiniet uz "Options" ikonas pie kreisajā pusē, loga, tad noklikšķiniet uz "Advanced".
  Noņemt "Tikai izdzēst failus Windows Temp mapes pagājuši vairāk nekā 48 stundas."
• Noklikšķiniet uz "tīrāku" ikonu kreisajā pusē, loga, tad noklikšķiniet uz Run Cleaner palaist programmu.
• Uzmanību: Izmanto tikai "reģistrs" funkciju, ja Jums ir ļoti labi pārzina reģistru, kā tas ir zināms, lai rastu likumīgu posteņiem.
• Vienmēr back up your reģistra pirms veikt jebkādas izmaiņas.
• Pēc CCleaner ir pabeidzis savu procesu, noklikšķiniet uz Iziet.

----------

Lejupielādēt SUPERAntispyware Free Edition (SAS)

• Veiciet dubultklikšķi uz ikonas uz darbvirsmas, lai palaistu uzstādītājam.
• Kad mums jautā, Atjaunot programma definīcijas, noklikšķiniet uz Jā
• Next klikšķi Preferences pogu.
• Click Scanning Control tab.
• Zem Skeneris Options pārliecināties tikai šādas pārbaudes:
  • Aizveriet pārlūkprogrammu pirms skanēšanas
  • Scan izsekošanai cookies
  • Pārtraukt atmiņa draudiem pirms quarantining
  • Lūdzu atstājiet citiem nekontrolētu.
  • Noklikšķiniet uz pogas Aizvērt atstāt kontroles centrs ekrānu.
• Click Aizvērt poga atstāt kontroles centrs ekrānu.
• Uz galvenā ekrāna klikšķi Skenēt datoru
• Par kreisi pārbaude C: \ Fiksētie Drive
• Par tiesībām izvēlēties Veikt Complete Scan
• Click Nākamais , lai sāktu skenēšanu. Lūdzu, esiet pacietīgi kamēr skenē datoru.
• Pēc skenēšanas pabeigšanas kopsavilkums lodziņā parādīsies. Click OK
• Pārliecinieties, ka viss baltā kaste ir pārbaude tam blakus, tad noklikšķiniet uz Nākamais
• Tas karantīnas ko tā konstatējusi, un, ja tā jautā, vai vēlaties reboot, noklikšķiniet uz Jā
• Lai ielādētu pārcelšanās informāciju, lūdzu, rīkojieties šādi:
  • Pēc reboot, veiciet dubultklikšķi uz SUPERAntiSpyware ikonas uz darbvirsmas.
  • Click Preferences. Click Statistika / Logs tab.
  • Saskaņā Scanner Baļķi, veiciet dubultklikšķi uz SUPERAntiSpyware Scan Žurnālā.
  • Tā tiks atvērta noklusējuma teksta redaktoru (piemēram, Notepad / Wordpad).
  • Saglabāt notepad failu darbvirsmā noklikšķinot uz (iekš Notepad) "Fails""Save As"
• Saglabāt log kaut kur var viegli atrast. (parasti desktop)
• Noklikšķiniet uz Aizvērt un gandrīz no jauna, lai izietu no programmas.
• Lūdzu nokopējiet un ielīmējiet log in your post.

----------

Lūdzu atinstalēt / delete kopiju HijackThis jums ir un lejupielādēt jauno versiju un vadīt skenēšanu ar to un pēc log.

Lejupielādējiet un pārdēvēt HijackThis (HJT)

• Double-click uz HJTInstall.
• Noklikšķiniet uz Install pogu.
• Tas automātiski novietot HJT in C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
• Pēc instalēšanas, HijackThis jāatver jums.
  • Aizvērt HijackThis un pārdēvēt to.
  • Iet uz C: \ Program Files \ Trend Micro \HijackThis.exe
  • Tiesības, noklikšķiniet uz HijackThis.exe un izvēlieties Pārdēvēt.
  • Tips sniper.exe un nospiediet Enter.
  • Right-click uz sniper.exe un izvēlieties Sūtīt > Desktop (izveidot īsceļu)
• No darbvirsmas atvērts HiackThis.
• Ja lietojat Windows Vista, pārliecinieties, ka Run As Administrator
• Noklikšķiniet uz Vai sistēmas skenēšanu un saglabāt log failu poga
• HijackThis skenēs un tad log atvērsies notepad.
• Nokopējiet un ielīmējiet log in your post.
  • Nav HijackThis noteikt kaut kas vēl. Lielākā daļa no tā konstatē, būs nekaitīgi, vai pat ir.

Pat ja mums ir pārdēvēta HijackThis ir snaiperis, mēs vēl aizvien norādīs uz to, HijackThis vai HJT.

----------

Next post lūdzu, pievienojiet
SUPERAntiSpyware log
New HijackThis log

[ct122592]

Paldies EvilFantasy palīdzēt.

SUPERAntispyware scan žurnāls:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/12/2008 at 00:51

Application Version: 3.9.1008

Core Noteikumi Database Version: 3259
Trace Noteikumi Database Version: 1270

Scan type: Complete Scan
Kopā Scan Time: 00:37:53

Atmiņas vienības skenēts: 537
Memory draudiem detected: 0
Reģistra vienības skenēts: 6.842
Reģistrs draudiem detected: 19
File preces skenēts: 6.768
File draudiem detected: 67

Adware.Tracking Cookie
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ kolektīvo nesēji [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ partner2profit [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ reklāmu [2]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ atwola [2]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ xiti [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@adopt.specificc lick [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ html [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@ar.atwola [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@bridge.admarket vietu [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ WindowsMedia [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@ads.healthcare [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@ads.adbrite [2]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ atdmt [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@a.websponso rs [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ad.admarket vieta [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ad.reunion [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ adknowledge [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@adopt.hbmed iapro [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@adopt.hotba r [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ads.cc21414 2 [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ath.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ atwola [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ baneri [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ belnk [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ bigbanners [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@btg.btgrab [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@cts.metrics DIRECT [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@dist.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ emarketmake rs [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@hits.clicka ndtrack [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ hurricanedi gitalmedia [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ NeoShop [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ offeroptimi Zer [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@server.cpms darvu [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@a.websponsors [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ adknowledge [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@adopt.hbmediapro [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@adopt.hotbar [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@ads.us.e-planning [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@ar.atwola [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@ath.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ atwola [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ azjmp [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@banner3.inet-traffic [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ banner [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ belnk [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ bigbanners [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@btg.btgrab [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ cassava [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@cts.metricsdirect [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@dist.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ emarketmakers [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ exitexchange [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ interclick [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ leadgenetwork [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ linkstattrack [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ NeoShop [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ offeroptimizer [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@partypoker.touchc larity [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@sav.coolsavings [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @-nexus [2 web]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ winfixer [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@www.azoogleads [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@www.riverbelle [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@www.tagworld [1]. Txt

Trojan.WinAntiSpyware / WinAntiVirus 2006/2007
C: \ UWA7P \ Quar
C: \ WINDOWS \ .. \ UWA7P

Trojan.VideoCach / Gen
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226)
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1,0
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ 0
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ 0 \ Win32
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ KAROGI
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ HELPDIR
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91)
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ ProxyStubClsid
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ ProxyStubClsid32
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ TypeLib
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ TypeLib # Version
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5)
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ ProxyStubClsid
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ ProxyStubClsid32
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ TypeLib
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ TypeLib # Version

Trojan.Net-MSV/VPS
HKCR \ MSVPS.MSVPSApp
HKCR \ MSVPS.MSVPSApp \ CLSID
HKCR \ MSVPS.MSVPSApp \ CurVer



nevaru atrast hijackthis.exe, so i dont zina, kā izdarīt pēdējo soli. viss, kas man ir jauna versija HJT uzstādīta.

[evilfantasy]

Atinstalēt / delete HijackThis. Tā ir novecojusi versija.

Pēc tam izmantojiet norādījumus man deva uzstādīt jauno versiju.

[ct122592]

Labi thanks.

[evilfantasy]

Un pēc jauna log no jauna HijackThis.