Zlob, smitfraud, pop ups, red wallpaper izmaiņas

**guccijana** · #1 Septembris 28, 2007, 17:13

Mans vārds ir Tatjana un im izmisis palīgā, mēģināja gandrīz katru virus scan outthere, bet no luck. Es esmu mēģinājis lejuplādēt smitfraud noteikt, bet to nevar safed jo avots nevar atrast ", vai" nezināma kļūda ".. pats precīzu problēmu, jo tas puisis" Es regulāri saņemt stulba pop ups saka mans dators ir saskaņā ar draudiem, izmantojot uzdevumjoslas / rīkjoslu, un lielu sarkanu krustu, mirgo uzdevumjoslā un mana bilde uz galda izmaiņām sarkana fona liels simbols attēlu un Norton cant redzēt šo, viens no pop līdz burbuļi no uzdevumjoslas / rīkjoslu saka tā trojan32.looksky, kā arī manas mājas lapā IE ir mainījusies ucleaner.com, Ultimate tīrāku 2007, whicjh ir nepatiesa spiegprogrammatūra lieta scanner / remover "
Please help me!
my log

Logfile of HijackThis v1.99.1
Scan saglabāts 7:26:18 gada 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ brsvc01a.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ Dell \ Media Experience \ PCMService.exe
C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe
C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ Program Files \ Yahoo! \ Antivīrusi \ CAVTray.exe
C: \ Program Files \ Yahoo! \ Antivīrusi \ CAVRID.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Webroot \ Spy Sweeper \ SpySweeperUI.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ymsgr_tray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ycommon.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Yahoo! \ Antivīrusi \ ISafe.exe
C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ CIFPFiltering \ FilterService.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
C: \ Program Files \ Eset \ nod32krn.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ Program Files \ Yahoo! \ Antivīrusi \ VetMsg.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ Program Files \ Webroot \ Spy Sweeper \ SpySweeper.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Webroot \ Spy Sweeper \ SSU.EXE
C: \ WINDOWS \ explorer.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrowser.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = vietējā
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motora: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6,0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6.328-4.933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Pārlūku \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8.758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [VirusScan Online] c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsshld.exe
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [CaAvTray] "C: \ Program Files \ Yahoo! \ Antivīrusi \ CAVTray.exe"
O4 - HKLM \ .. \ Run: [CAVRID] "C: \ Program Files \ Yahoo! \ Antivīrusi \ CAVRID.exe"
O4 - HKLM \ .. \ Run: [YOP] "C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe" / palaišana
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [nod32kui] "C: \ Program Files \ Eset \ nod32kui.exe" / WAITSERVICE
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SpySweeper] "C: \ Program Files \ Webroot \ Spy Sweeper \ SpySweeperUI.exe" / startintray
O4 - HKCU \ .. \ Run: [Yahoo! Peidžeri] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe"-kluss
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9,0 Tray Icon.lnk = C: \ Program Files \ America Online 9,0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
Ø9 - Extra button: SBC Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
Ø9 - Extra button: MusicMatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer klase) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
Ø16 - DPF: (DBA230D1-8.467-4e69-987E-5FAE815A3B45) --
Ø20 - Winlogon Paziņot: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
Ø20 - Winlogon Paziņot: WRNotifier - C: \ WINDOWS \ SYSTEM32 \ WRLogonNTF.dll
O21 - SSODL: MSSQL - (9516DDA8-E023-4.472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (D5B03680-8.880-4BC8-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmhost - (69F3A520-2471-4FF3-8.139-ECFD56DED8DB) - C: \ WINDOWS \ msmhost.dll
O21 - SSODL: msmdev - (E8E8584D-8FA5-4641-A934-8A93158794E9) - C: \ WINDOWS \ msmdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown īpašnieks - C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown īpašnieks - C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Savienojumi Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Hotkey Poller - Unknown īpašnieks - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - brālis Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc - C: \ Program Files \ Yahoo! \ Antivīrusi \ ISafe.exe
O23 - Service: CIFPLogAggregator - Unknown īpašnieks - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative dienests CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown īpašnieks - C: \ Program Files \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Marķēšanas dienests (LightScribeService) - Unknown īpašnieks - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown īpašnieks - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online reālā Engine (MCVSRte) - Networks Associates Technology, Inc - C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C: \ Program Files \ Eset \ nod32krn.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc - C: \ Program Files \ Yahoo! \ Antivīrusi \ VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc - C: \ Program Files \ Webroot \ Spy Sweeper \ SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc - C: \ WINDOWS \ SYSTEM32 \ YPCSER ~ 1.EXE

**evilfantasy** · #2 Septembris 28, 2007, 17:55

Hi Tatjana, welcome to TCF.

* Svarīgi *
Pārdēvēt Hijackthis.exe failu Analyze.exe. Tas ir svarīgi tāpēc, ka daži jauni ļaunprātīgas programmatūras veidus var paslēpties no HijackThis.exe. Right click HijackThis.exe faila C: \ Program Files \ HijackThis un izvēlieties Rename. Veida Analyze.exe un nospiediet taustiņu Enter.
Right click Analyze.exe failu un nosūtiet to uz darbvirsmas, lai izveidotu saīsni.
============================
Izskatās, ka jums ir vairāk nekā viens Antivirus uzstādīta. Ja jā, lūdzu, dodieties uz Pievienot / noņemt programmas un atinstalēt visas, izņemot vienu.
Kam ir vairāk nekā viens antivīruss ir nevajadzīga un var izraisīt konfliktus.
============================
Disable Spybot's TeaTimer.
Kaut TeaTimer ir lielisks līdzeklis, lai novērstu spiegprogrammatūras, tas reizēm var novērst mūsu līdzekļus no ar ko nosaka dažas lietas.
Lūdzu atslēgt TeaTimer tagad, kamēr ir tīrs. TeaTimer var atkārtoti aktivizēts, kad jūsu žurnāli ir tīrs.
* Open Spybot Search & Destroy.
* In režīmā izvēlnē noklikšķiniet uz "Advanced mode", Ja vēl nav atzīmēta.
* Izvēlieties "Jā"Pēc Warning prompt.
* Expand "Rīki"Izvēlnē.
* Spiediet "Resident".
* Noņemiet atzīmi "Rezidents "TeaTimer" (aizsardzība no vispārējās sistēmas iestatījumiem) aktīvs."Box.
* In Izvēlnē Fails noklikšķiniet uz "Iziet", Lai izietu Spybot Search & Destroy.
+ Jūs varat atkārtoti iespējot TeaTimer kad mums tiek darīts.
=============================
Lūdzu, lejupielādējiet ATF Apkopēja by Atribune. Tas palīdzēs visiem skenē darboties ātrāk. ATF Cleaner.exe Šī programma neprasa instalāciju. Izpild faktiski vada programmu.

PIEZĪME: ATF Apkopēja noņems visus failus no posteņiem, kas ir pārbaudīti tādēļ, ja jums ir kādas cookies vēlaties saglabāt. Lūdzu pārvietot tos uz dažādiem direktoriju pirmās.
* Veiciet dubultklikšķi uz ATF-Cleaner.exe palaist programmu.
* Saskaņā Main izvēlēties: Atlasīt visu
* Click Empty Selected pogu.

Ja Jūs lietojat Firefox pārlūkprogramma
* Spiediet Firefox uz augšu un izvēlieties: Atlasīt visu
* Click Tukšs Selected pogu.
PIEZĪME: Ja vēlaties, lai jūsu saglabātās paroles, lūdzu, noklikšķiniet uz Nē par ātru.

Ja Jūs lietojat Opera pārlūkprogramma
* Click Opera uz augšu un izvēlieties: Atlasīt visu
* Click Empty Selected pogu.
PIEZĪME: Ja vēlaties, lai jūsu saglabātās paroles, lūdzu, noklikšķiniet uz Nē par ātru.

Click Iziet uz Main ATF Apkopēja izvēlni, lai aizvērtu programmu.
===============================
1. Lejupielādēt šo failu combofix.exe
2. Dubultklikšķi combofix.exe un sekojiet norādījumiem.
3. Kad pabeigts, tas uzrāda log for you. Dienests, piesakieties savā nākamajā atbildē.

Piezīme:
Nav mouseclick combofix loga kamēr tas darbojas. Tas var izraisīt to apstāsies.
=====================================

In next pastu, lūdzu pievienot:
Combofix log
Svaigi un pārdēvē HijackThis log

**evilfantasy** · #3 Septembris 28, 2007, 18:31

Arī:
Let me know, kāda ir tagad.

**guccijana** · #4 Septembris 29, 2007, 22:23

Hi evilfantasy-thx par ātru atbildi .. mana datora darbojas ļoti lēni, un tas aizņēma stundu norīkošanu šo .. Es tā ko jūs man to atinstalēt antivīrusu, NOD32, spysweeper un Yahoo online aizsardzība ..

i pievienots combofix žurnālā un šeit ir HijackThis log.

Logfile of HijackThis v1.99.1
Scan saglabāts 1:11:41 gada 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ CIFPFiltering \ FilterService.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ Dell \ Media Experience \ PCMService.exe
C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe
C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe
C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ycommon.exe
C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ymsgr_tray.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ HijackThis \ Analyze.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = vietējā
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motora: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6,0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6.328-4.933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Pārlūku \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8.758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Peidžeri] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe"-kluss
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9,0 Tray Icon.lnk = C: \ Program Files \ America Online 9,0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
Ø9 - Extra button: SBC Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
Ø9 - Extra button: MusicMatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer klase) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
Ø16 - DPF: (DBA230D1-8.467-4e69-987E-5FAE815A3B45) --
Ø20 - Winlogon Paziņot: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: MSSQL - (9516DDA8-E023-4.472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (D5B03680-8.880-4BC8-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (file missing)
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown īpašnieks - C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown īpašnieks - C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Savienojumi Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Hotkey Poller - Unknown īpašnieks - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - brālis Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Unknown īpašnieks - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative dienests CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown īpašnieks - C: \ Program Files \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Marķēšanas dienests (LightScribeService) - Unknown īpašnieks - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown īpašnieks - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online reālā Engine (MCVSRte) - Networks Associates Technology, Inc - C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe

**evilfantasy** · #5 Septembris 30, 2007, 00:49

Open HijackThis un izvēlieties "Vai sistēmas skenēšanu tikai"Un vieta atzīmi blakus šiem ierakstiem.
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8.758-209B6AD74ACC) - (no file)
Ø9 - Extra button: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
Ø9 - Extra button: MusicMatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
Ø16 - DPF: (DBA230D1-8.467-4e69-987E-5FAE815A3B45) --
Aizveriet visus pārlūkprogrammas logus, ieskaitot šo vienu un pēc tam noklikšķiniet uz "Fix pārbaudīja"
Pārstartēt datoru un pēc svaigas HijackThis log.

Man pastāstīt, kāda ir tagad.

**guccijana** · #6 Septembris 30, 2007, 08:16

helllo, ahh mana datora beidzot nav kaitinošas logi pop up brīdinājumu, un trīs virus scan ikonas, kas tika instalēta datorā ir arī aizgājuši, yeeeah ..

Izskatās, viss ir atpakaļ normālas, sarkana fona ir pagājis. Šeit ir log.

Logfile of HijackThis v1.99.1
Scan saglabāts 11:03:37, uz 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ Dell \ Media Experience \ PCMService.exe
C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ycommon.exe
C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ CIFPFiltering \ FilterService.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ HijackThis \ Analyze.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = vietējā
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motora: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6,0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: MSVPS System - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - C: \ WINDOWS \ div32.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: MSVPS System - (88418AA3-16F5-4FC2-A9D8-90B1266DF841) - C: \ WINDOWS \ nsduo.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6.328-4.933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Pārlūku \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8.758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Peidžeri] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe"-kluss
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9,0 Tray Icon.lnk = C: \ Program Files \ America Online 9,0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
Ø9 - Extra button: SBC Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer klase) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
Ø16 - DPF: (DBA230D1-8.467-4e69-987E-5FAE815A3B45) --
Ø20 - Winlogon Paziņot: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll
O21 - SSODL: MSSQL - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown īpašnieks - C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown īpašnieks - C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Savienojumi Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Hotkey Poller - Unknown īpašnieks - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - brālis Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Unknown īpašnieks - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative dienests CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown īpašnieks - C: \ Program Files \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Marķēšanas dienests (LightScribeService) - Unknown īpašnieks - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown īpašnieks - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online reālā Engine (MCVSRte) - Networks Associates Technology, Inc - C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe

**evilfantasy** · #7 Septembris 30, 2007, 08:35

Glad lietas ir labāk. Bet ir vēl daži nasties atrisināt.

Izdzēst kopiju Combofix jums ir un lejupielādēt svaigu kopiju.
Combofix atjauninājumi pastāvīgi, lai tā vienmēr ir labi iegūt jaunu kopiju.

1. Lejupielādēt šo failu combofix.exe
2. Dubultklikšķi combofix.exe un sekojiet norādījumiem.
3. Kad pabeigts, tas uzrāda log for you. Dienests, log jūsu nākamo atbildi.

Piezīme:
Nav mouseclick combofix loga kamēr tas darbojas. Tas var izraisīt to apstāsies.

In next pastu, lūdzu pievienot kā pielikumus. Jūs varat pievienot vairāk nekā viens pielikums, vienkārši atkārtojiet soļus:
Combofix log
Fresh HJT log

**guccijana** · #8 Septembris 30, 2007, 09:03

Sveiki, es mēģināju noklikšķinot uz combofix.exe saiti, taču tas ir tas, kas nāca klajā
404 Not Found

Pieprasītā URL '/ subs / combofix.exe "netika atrasta uz šī servera.

**evilfantasy** · #9 Septembris 30, 2007, 09:12

Paldies. Man ir jāpārskata manu saiti.

Te ir labs download. Combofix.exe

**guccijana** · #10 Septembris 30, 2007, 12:50

Sveiki, jā, ka saite strādā, thank you ... red wallpaper atgriezās: (un arī tā ikonas un pop ups .. vienalga šeit ir combofix un HJT log.

Logfile of HijackThis v1.99.1
Scan saglabāts 3:37:03 gada 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ CIFPFiltering \ FilterService.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ Dell \ Media Experience \ PCMService.exe
C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe
C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe
C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ycommon.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ymsgr_tray.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ HijackThis \ Analyze.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = vietējā
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motora: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6,0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: MSVPS System - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - C: \ WINDOWS \ div32.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6.328-4.933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Pārlūku \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8.758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Peidžeri] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe"-kluss
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9,0 Tray Icon.lnk = C: \ Program Files \ America Online 9,0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
Ø9 - Extra button: SBC Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer klase) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
Ø16 - DPF: (DBA230D1-8.467-4e69-987E-5FAE815A3B45) --
Ø20 - Winlogon Paziņot: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: MSSQL - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (file missing)
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown īpašnieks - C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown īpašnieks - C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Savienojumi Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Hotkey Poller - Unknown īpašnieks - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - brālis Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Unknown īpašnieks - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative dienests CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown īpašnieks - C: \ Program Files \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Marķēšanas dienests (LightScribeService) - Unknown īpašnieks - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown īpašnieks - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online reālā Engine (MCVSRte) - Networks Associates Technology, Inc - C: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe

PS Es mēģināju pievienot HJT log, bet tas nedrīkst papildināt, piedodiet!

Similar Threads
Pavediens	Thread Starter	Forums	Replies	Last Post
Detection of Trojan.Zlob.G - Urgent - Please Help!	teenee23	Vīrusu, spiegprogrammatūru un drošība	14	19 marts 2009 07:45
Kādas problēmas var iegūt ar Trojan.Zlob	hopthwoks	Vīrusu, spiegprogrammatūru un drošība	1	10 marts 2009 11:45
Smitfraud-C Viņš negrib mirt!	PlatSpin	Vīrusu, spiegprogrammatūru un drošība	13	19 augusts 2008 10:24
Smitfraud Virus	PK28	Vīrusu, spiegprogrammatūru un drošība	12	5 februāris 2008 16:17
Smitfraud-c.msvps	guccijana	Vīrusu, spiegprogrammatūru un drošība	158	30 janvāris 2008 20:07