Nid help! ~ Negaliu pašalinti šį Adware / virusas!

jomm43point67 · #1 Sausis 14, 2008, 19:29

Vardas: Trojan.Win32.Obfuscated.gx Tipas: Trojos Rizikos poveikio trukmė: Itin didelis Pranešk apie netikrą kritinė klaida sistemos įspėjimo

**evilfantasy** · #2 Sausis 14, 2008, 21:18

Lets Get HJT žurnalas.

Atsisiųskite ir pervardinti HijackThis (HJT)

Dukart spustelėkite HJTInstall.
Spauskite Įdiegti mygtuką.
Jis bus automatiškai vieta HJT į C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Po install, HijackThis turėtų atverti jums.
- Uždaryti HijackThis ir pervadinti.
- Eikite į C: \ Program Files \ Trend Micro \HijackThis.exe
- Dešiniuoju pelės mygtuku spustelėkite HijackThis.exe pasirinkite Pervadinti.
- Įveskite sniper.exe paspauskite Registracija.
- Dešiniuoju pelės mygtuku spustelėkite ant sniper.exe pasirinkite Siųsti > Desktop (Sukurti nuorodą)
Nuo darbastalio atidaryti HiackThis.
Jei naudojate "Windows Vista", įsitikinkite, Vykdyti kaip administratorius
Spauskite Ar sistema nuskaito ir išsaugokite failą mygtukas
HijackThis bus nuskaityti ir tada žurnale bus atidaryta Notepad.
Nukopijuokite ir įklijuokite savo pranešimą Prisijungti.
- Ne turi nustatyti HijackThis nieko nėra. Daugiausia, ką ji mano bus nekenksmingas ir netgi būtina.

Nors mes pervadintas HijackThis Snaiperis, mes vis dar galime kreiptis į jį kaip HijackThis ar HJT.

Sekantis prašome pridėti
HijackThis

jomm43point67 · #3 Sausis 14, 2008, 23:55

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 2:49:52 dėl 15/01/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ explorer.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ PROGRA ~ 1 \ Freedo ~ 1 \ fdm.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] Rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / autostart
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra kontekstinio meniu punktą: Atsisiųsti visus su Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
O8 - Extra kontekstinio meniu punktą: Atsisiųsti eiga su Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
O8 - Extra kontekstinio meniu punktą: Atsisiųsti video su Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra kontekstinio meniu punktą: Atsisiųsti su Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Paslaugos - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe

--
End of file - 5.867 baitų

**evilfantasy** · #4 Sausis 15, 2008, 00:47

Prisijungti nerodo jokių visuose kenkėjiškų programų.

Pradėti šio ir po Prisijungti vėliau.

Atsisiųskite Combofix iki einantys iš vienos iš žemiau nuorodų.
(Pabandykite visi trys, jei reikia)

SVARBU - Combofix.exe TURI bus išsaugotas jūsų Desktop.

Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt)
Uždaryti / išjungti visi antivirusinę ir kovos kenkėjiškų programų kad jie netrukdytų Combofix. <- DĖMESIO
- Spauskite šį saitą pamatyti programų sąrašą, kurios turi būti išjungta. Jei Jūsų nėra šiame sąraše, ir jūs nežinote, kaip ją išjungti, kreipkitės.
Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas.
- Iš klaviatūros pasirinkite 1 paspauskite Registracija
Kai bus baigta, bus pateikti žurnalas Jums.
Skelbti kad Prisijungti kitą atsakymą.

Don't mouseclick combofix lango, o tai veikia.
Scan bus laikinai išjungti savo darbalaukyje.
Jeigu nutraukiamas, jis gali palikti kompiuterį užšaldyti.
Jei taip atsitinka, prašom perkrauti atkurti darbastalio.

**evilfantasy** · #5 Sausis 15, 2008, 08:52

Thats not visą prisijunkite.

Jeigu jums reikia eiti į C: \ combofix.txt ir po visą žurnalą.

jomm43point67 · #6 Sausis 15, 2008, 09:47

Citata:

Originally Posted by evilfantasy

Thats not visą prisijunkite.

Jeigu jums reikia eiti į C: combofix.txt ir po visą žurnalą.

ComboFix 08-01-15.4 - Jomel 2008-01-15 22:29:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -8:00]
Veikia nuo: C: \ Downloads \ Software \ ComboFix.exe
* Sukurtas naujas atkūrimo taškas
ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!!
.
((((((((((((((((((((((((( Failus, sukurtus nuo 2007/12/16 iki 2008/01/16 ))))))))))) ))))))))))))))))))))
.
2008-01-15 22:29. 2000-08-31 08:00 51.200 - ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 14:46. 2008-01-15 14:46 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 13:35. 2008-01-15 13:36 <DIR> d -------- C: \ Program Files \ Common Files \ Adobe
2008-01-15 12:08. 2007-10-10 15:55 6.065.664 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll
2008-01-15 12:08. 2007-06-30 19:31 2.455.488 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dat
2008-01-15 12:08. 2007-06-30 19:36 991.232 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll.mui
2008-01-15 12:08. 2007-10-10 15:55 459.264 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ msfeeds.dll
2008-01-15 12:08. 2007-10-10 15:55 383.488 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dll
2008-01-15 12:08. 2007-10-10 15:55 267.776 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ iertutil.dll
2008-01-15 12:08. 2007-10-10 15:55 63.488 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ icardie.dll
2008-01-15 12:08. 2007-10-10 15:55 52.224 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ msfeedsbs.dll
2008-01-15 12:08. 2007-10-10 02:59 13.824 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ ieudinit.exe
2008-01-15 09:09. 2004-08-03 08:56 221.184 - ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008-01-15 08:13. 2008-01-15 08:13 <DIR> d -------- C: \ Program Files \ Fraps
2008-01-15 01:15. 2008-01-15 12:49 <DIR> D - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-15 01:15. 2006-09-06 17:43 22.752 - ------ C: \ WINDOWS \ system32 \ spupdsvc.exe
2008-01-15 00:59. 2008-01-15 00:59 <DIR> d -------- C: \ Program Files \ IObit
2008-01-15 00:55. 2008-01-15 00:55 1.167 - ------ C: \ WINDOWS \ mozver.dat
2008-01-15 00:00. 2008-01-15 00:01 1.074 - ------ C: \ WINDOWS \ system32 \ tmp.reg
2008-01-14 23:05. 2008-01-14 23:23 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-14 23:04. 2008-01-14 23:04 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-14 22:39. 2008-01-14 23:00 <DIR> d -------- C: \ Program Files \ EsetOnlineScanner
2008-01-14 22:31. 2008-01-14 22:31 <DIR> d -------- C: \ Downloads
2008-01-13 13:51. 2008-01-13 13:54 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ NCH Swift Garsas
2008-01-13 13:51. 2008-01-13 13:52 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ NCH Swift Garsas
2008-01-13 13:50. 2008-01-13 17:35 <DIR> d -------- C: \ Program Files \ NCH Swift Garsas
2008-01-13 08:30. 2008-01-13 08:30 <DIR> d -------- C: \ Program Files \ PAGALBA
2008-01-13 08:10. 2008-01-13 08:10 <DIR> d -------- C: \ Program Files \ Free Download Manager
2008-01-13 08:10. 2008-01-15 22:29 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Free Download Manager
2008-01-13 08:10. 2008-01-13 08:10 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ FreeDownloadManager.ORG
2008-01-12 20:03. 2008-01-12 20:03 <DIR> d -------- C: \ Program Files \ AVI MPEG RM WMV Splitter
2008-01-12 18:38. 2008-01-12 18:39 26 - ------ C: \ WINDOWS \ system32 \ satsukidecodersettings.ini
2008-01-08 06:45. 2008-01-14 19:34 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-01-08 06:44. 2006-05-25 14:52 162.304 - ------ C: \ WINDOWS \ system32 \ ztvunrar36.dll
2008-01-08 06:44. 2003-02-02 19:06 153.088 - ------ C: \ WINDOWS \ system32 \ UNRAR3.dll
2008-01-08 06:44. 2005-08-26 00:50 77.312 - ------ C: \ WINDOWS \ system32 \ ztvunace26.dll
2008-01-08 06:44. 2002-03-06 00:00 75.264 - ------ C: \ WINDOWS \ system32 \ unacev2.dll
2008-01-08 06:44. 2006-06-19 12:01 69.632 - ------ C: \ WINDOWS \ system32 \ ztvcabinet.dll
2008-01-07 21:59. 2008-01-07 21:59 <DIR> d --- s ---- C: \ Documents and Settings \ Jomel \ UserData
2008-01-06 20:56. 2004-08-03 23:08 26.496 - - --- C C: \ WINDOWS \ system32 \ dllcache \ usbstor.sys
2008-01-05 18:55. 2008-01-05 18:55 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ nView_Profiles
2008-01-05 09:16. 2008-01-05 09:16 <DIR> d -------- C: \ Program Files \ K-Lite Codec Pack
2008-01-04 16:13. 2008-01-04 16:13 <DIR> d -------- C: \ Program Files \ ZillaSoft.ws
2008-01-04 16:13. 2004-02-05 13:53 389.120 - ------ C: \ WINDOWS \ system32 \ actskn43.ocx
2008-01-04 16:13. 2004-01-09 04:54 188.416 - ------ C: \ WINDOWS \ system32 \ actsplash.ocx
2008-01-04 16:12. 2005-08-27 02:38 1.435.272 - ------ C: \ WINDOWS \ system32 \ Flash.ocx
2008-01-04 16:12. 2002-03-04 12:27 1.140.472 - ------ C: \ WINDOWS \ system32 \ IGUltraGrid20.ocx
2008-01-04 16:12. 2000-05-22 04:00 1.066.176 - ------ C: \ WINDOWS \ system32 \ mscomctl.ocx
2008-01-04 16:12. 2003-11-19 13:59 512.688 - ------ C: \ WINDOWS \ system32 \ XceedCry.dll
2008-01-04 16:12. 2001-07-28 12:50 265.753 - ------ C: \ WINDOWS \ system32 \ AS-Exp2.ocx
2008-01-04 16:12. 2004-03-08 23:00 131.856 - ------ C: \ WINDOWS \ system32 \ MSADODC.ocx
2008-01-04 16:12. 2000-07-14 23:00 118.784 - ------ C: \ WINDOWS \ system32 \ msstdfmt.dll
2008-01-04 16:12. 2000-07-15 05:00 101.888 - ------ C: \ WINDOWS \ system32 \ VB6STKIT.DLL
2008-01-04 16:12. 1999-01-26 19:36 11.012 - ------ C: \ WINDOWS \ system32 \ threadapi.tlb
2007-12-31 20:24. 2007-12-31 20:24 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Ahead
2007-12-31 17:07. 2007-12-31 17:07 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Yahoo!
2007-12-31 17:07. 2007-12-31 17:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Kompanionas
2007-12-30 22:27. 2007-12-30 22:27 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ WebCompiler3
2007-12-30 22:00. 2008-01-15 08:21 49 - ------ C: \ WINDOWS \ NeroDigital.ini
2007-12-30 21:58. 2007-12-30 21:58 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ FDRLab
2007-12-29 20:21. 2007-12-29 20:21 <DIR> d -------- C: \ WINDOWS \ system32 \ QuickTime
2007-12-29 14:40. 2007-12-29 14:40 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Incomplete
2007-12-29 14:39. 2008-01-12 19:10 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ LimeWire
2007-12-29 14:39. 2007-09-24 23:31 69.632 - ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2007-12-29 14:37. 2007-12-29 14:38 <DIR> d -------- C: \ Program Files \ Java
2007-12-29 14:36. 2007-12-29 14:36 <DIR> d -------- C: \ Program Files \ Common Files \ Java
2007-12-29 11:25. 2008-01-01 20:43 <DIR> d -------- C: \ Program Files \ LimeWire
2007-12-28 23:32. 2007-12-29 21:36 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia
2007-12-28 23:28. 2007-12-29 20:15 <DIR> d -------- C: \ WINDOWS \ Downloaded Installations
2007-12-28 22:36. 2007-12-28 22:36 <DIR> d -------- C: \ Program Files \ uTorrent
2007-12-28 22:36. 2008-01-14 22:12 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ uTorrent
2007-12-28 22:13. 2007-12-28 22:13 <DIR> d -------- C: \ Program Files \ CCleaner
2007-12-28 19:48. 2007-12-28 19:50 <DIR> d -------- C: \ WINDOWS \ nView
2007-12-28 19:48. 2006-10-22 12:22 208.896 - ------ C: \ WINDOWS \ system32 \ nvudisp.exe
2007-12-28 19:48. 2008-01-15 21:49 88.566 - ------ C: \ WINDOWS \ system32 \ nvapps.xml
2007-12-28 19:48. 2006-10-22 12:22 17.056 - ------ C: \ WINDOWS \ system32 \ nvdisp.nvu
2007-12-28 19:47. 2006-10-22 15:06 208.896 - ------ C: \ WINDOWS \ system32 \ NVUNINST.EXE
2007-12-28 15:05. 2007-12-28 15:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo!
2007-12-28 14:55. 2007-12-28 15:03 <DIR> d -------- C: \ Program Files \ Yahoo!
2007-12-28 10:39. 2008-01-14 23:05 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ SUPERAntiSpyware.com
2007-12-28 10:39. 2007-12-28 10:39 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2007-12-28 09:13. 2007-12-28 09:13 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-27 21:37. 2008-01-08 11:43 <DIR> d -------- C: \ Program Files \ EA SPORTS
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ Support
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ Main
2007-12-27 21:05. 2007-12-29 21:36 <DIR> d -------- C: \ Program Files \ Macromedia
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ Internet Explorer
2007-12-27 21:03. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ DirectX "
2007-12-27 19:59. 2008-01-10 22:39 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ AVG7
2007-12-27 19:58. 2007-12-27 19:58 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-27 19:58. 2007-12-27 19:58 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-27 19:58. 2008-01-07 22:53 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ avg7
2007-12-27 19:58. 2007-12-27 19:58 499.712 - ------ C: \ WINDOWS \ system32 \ msvcp71.dll
2007-12-27 19:58. 2007-12-27 19:58 348.160 - ------ C: \ WINDOWS \ system32 \ msvcr71.dll
2007-12-27 18:48. 2007-12-27 18:48 <DIR> d -------- C: \ NVIDIA
2007-12-27 18:44. 2004-08-03 23:10 10.880 - ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007-12-27 18:44. 2004-08-03 23:10 10.880 - - --- C C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-27 18:44. 2004-08-03 22:58 5.504 - ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007-12-27 18:44. 2004-08-03 22:58 5.504 - - --- C C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-27 18:37. 2001-11-22 20:08 712.704 - A - C --- C: \ WINDOWS \ system32 \ dllcache \ a3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 07:17 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2007-12-28 01:28 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007-12-04 10:33 682.496 ---- AW C: \ WINDOWS \ system32 \ divx.dll
2007-11-30 07:30 3.596.288 ---- AW C: \ WINDOWS \ system32 \ qt-dx331.dll
2007-11-30 07:28 81.920 ---- AW C: \ WINDOWS \ system32 \ dpl100.dll
2007-11-21 18:23 81.920 ---- AW C: \ WINDOWS \ system32 \ frapsvid.dll
2007-11-07 09:26 721.920 ---- AW C: \ WINDOWS \ system32 \ Lsasrv.dll
2007-10-29 22:43 1.287.680 ---- AW C: \ WINDOWS \ system32 \ Quartz.dll
2007-10-28 01:40 227.328 ---- AW C: \ WINDOWS \ system32 \ wmasf.dll
2007-10-22 11:39 267.272 ---- AW C: \ WINDOWS \ system32 \ xactengine2_10.dll
2007-10-22 11:37 17.928 ---- AW C: \ WINDOWS \ system32 \ X3DAudio1_2.dll
2007-10-17 17:23 10.752 ---- AW C: \ WINDOWS \ system32 \ WhoisCL.exe
2001-11-23 04:08 712.704 ---- ar C: \ Windows \ inf \ Other \ AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2004-10-13 08:24 1694208]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-03 08:56 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2004-07-07 17:28 155648]
"Cmaudio" = "cmicnfg.cpl" []
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-27 19:58 579072]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz" = "nwiz.exe" [2006-10-22 12:22 1622016 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2006-10-22 12:22 86016]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-27 19:58 219136]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Policies \ Explorer]
"NoResolveSearch" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "= C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
R2 SetupNT; SetupNT, C: \ WINDOWS \ system32 \ SetupNT.sys [2000-10-25 04:27]
* Naujai sukurta tarnyba * - PROCEXP90
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:31:35
Windows 5.1.2600 Service Pack 2 NTFS
skenavimo paslėptus procesus ...
skenavimo paslėptas autostart entries ...
skenavimo paslėptus failus ...
skenavimas baigtas sėkmingai
paslėptus failus: 0
************************************************** ************************
.
Atlikimo laikas: 2008-01-15 22:32:38
.
2008-01-15 20:49:48 --- EOF ---

**evilfantasy** · #7 Sausis 15, 2008, 10:12

Pirmiausia eikite į Šiame pavyzdyje ir įdiegti atkūrimo konsolę.

----------

Atsisiųsti FixIEDef iki ShadowPuterDude prie darbastalio.
Dukart spustelėkite FixIEDef.exe
- jei veikia Vista Spauskite Gerai apie FixIEDef veikia kaip administratorius popup

ĮSPĖJIMAS: FixIEDef bus nužudyti visas kopijas Internet Explorer ir Explorer kad dirbate per šalinti failus kenksminga. Piktogramos ir meniu darbalaukyje nebus matomas, o FixIEDef pašalinamos kenksmingos failus. Tai būtina siekiant pašalinti dalys infekcija, kuri kitu atveju nebūtų galima nuimti.

FixIEDef grįš viskas normaliai, kai jis baigė pašalinimo procesą.

Spauskite Atsijungti kartą FixIEDef rodomas Visi Pasibaigę žinutę.
Prisegti FixIEDef.log į šį pranešimą. Log bus darbalaukyje.

----------

Pradėti naują HijackThis skenavimo ir po žurnalą.

----------

Sekantis prašome pridėti
FixIEDef Prisijungti
Naujas HijackThis

jomm43point67 · #8 Sausis 15, 2008, 17:21

************************************************** ******************************
*
* FixIEDef Prisijungti *
* Versija 1.0.0.875 *
*
************************************************** ******************************
Sukurta 08:12:02 d. trečiadienis 16 sausis, 2008
Operacinė sistema: Windows XP
Service Pack Lygis: Service Pack 2
Sistemos Langauge: anglų
Processor: x86
-------------------------------------------------- ------------------------------
! Failai, kurie buvo ištrintas!
Nr kenksminga failai rasta
-------------------------------------------------- ------------------------------
! Katalogus, kurie buvo pašalinti!
Nr kenksminga katalogus reikia pašalinti
-------------------------------------------------- ------------------------------
! Registro įrašus, kurie buvo pašalinti!
HKEY_CLASSES_ROOT \ toprates.Video
HKEY_CLASSES_ROOT \ AppID \ toprates.dll
HKEY_CLASSES_ROOT \ AppID \ (038F228B-EED3-4A87-A565-F88FC99EBA91)
HKEY_CLASSES_ROOT \ Interface \ (48D78BE5-CFB9-4B66-9AC4-96D4CF21DE06)
HKEY_CLASSES_ROOT \ TypeLib \ (74D46BBA-5638-473A-83B6-97E7804A7411)
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ DateTime
================================================== ==============================
Visi Priimta:)
ShadowPuterDude
Saugus Surfing!




Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 8:13:36 dėl 16/01/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ explorer.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ PROGRA ~ 1 \ Freedo ~ 1 \ fdm.exe
C: \ WINDOWS \ system32 \ Notepad.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] Rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / autostart
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra kontekstinio meniu punktą: Atsisiųsti visus su Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
O8 - Extra kontekstinio meniu punktą: Atsisiųsti eiga su Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
O8 - Extra kontekstinio meniu punktą: Atsisiųsti video su Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra kontekstinio meniu punktą: Atsisiųsti su Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Paslaugos - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
--
End of file - 5.838 baitų

**evilfantasy** · #9 Sausis 15, 2008, 17:32

Java yra pasenusi palieka jūsų sistema yra pažeidžiama.
Senesnės versijos Java yra pažeidžiamas, kad programinė įranga gali naudoti užkrėsti savo sistemą.

Eiti į>> http://java.sun.com/javase/downloads/index.jsp
On Sun Java puslapis pereikite prie 4-Download Java Runtime Environment (JRE) 6 Update 4 įdiegti naują versiją.
Toliau eiti į Add / Remove Programs ir pašalinkite visus senesnės versijos.
Negalima pašalinti Java (JRE) 6 Update 4.
Tada eikite į C: \ Program Files \Java ir i ¹ trinti senus aplankus.
Būtinai išlaikyti jre1.6.0_04

Prisijungti atrodo gerai dabar.

Kaip kompiuterį?

jomm43point67 · #10 Sausis 15, 2008, 23:16

Wow! Pagaliau! I išmontuoti 4 Adware-Trojos arklys!

Big Thanks to you sir!
MORE POWER!

This site is so cool! _m /