Nid help! ~ Es nevaru noņemt šo adware / vīrusu!

jomm43point67 · #1 Janvāris 14, 2008, 19:29

Vārds: Trojan.Win32.Obfuscated.gx Tips: Trojan Riska ietekme: Ļoti augsts Fake kritisks sistēmas kļūda brīdinājums

**evilfantasy** · #2 Janvāris 14, 2008, 21:18

Lets get HJT log.

Lejupielādējiet un pārdēvēt HijackThis (HJT)

Double-click uz HJTInstall.
Noklikšķiniet uz Install pogu.
Tas automātiski novietot HJT in C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Pēc instalēšanas, HijackThis jāatver jums.
- Aizvērt HijackThis un pārdēvēt to.
- Iet uz C: \ Program Files \ Trend Micro \HijackThis.exe
- Tiesības, noklikšķiniet uz HijackThis.exe un izvēlieties Pārdēvēt.
- Tips sniper.exe un nospiediet Enter.
- Right-click uz sniper.exe un izvēlieties Sūtīt > Desktop (izveidot īsceļu)
No darbvirsmas atvērts HiackThis.
Ja lietojat Windows Vista, pārliecinieties, ka Run As Administrator
Noklikšķiniet uz Vai sistēmas skenēšanu un saglabāt log failu poga
HijackThis skenēs un tad log atvērsies notepad.
Nokopējiet un ielīmējiet log in your post.
- Nav ir HijackThis noteikt kaut kas vēl. Lielākā daļa no tā konstatē, būs nekaitīgi, vai pat ir.

Pat ja mums ir pārdēvēta HijackThis ir snaiperis, mēs vēl aizvien norādīs uz to, HijackThis vai HJT.

Next post lūdzu, pievienojiet
HijackThis log

jomm43point67 · #3 Janvāris 14, 2008, 23:55

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 2:49:52 gada 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Windows \ Explorer.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ PROGRA ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Pakalpojumi Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] RunDll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
Ø8 - ārpus konteksta menu item: Download visām Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
Ø8 - ārpus konteksta menu item: Download izvēlētas, Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
Ø8 - ārpus konteksta menu item: Download video ar Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
Ø8 - ārpus konteksta menu item: Download ar Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
Ø16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe

--
End of failu - 5.867 bytes

**evilfantasy** · #4 Janvāris 15, 2008, 00:47

Log neuzrāda malware vispār.

Aktivizēt šo un pēc log vēlāk.

Lūdzu, lejupielādējiet Combofix ar subs no vienas no saitēm.
(Try visi trīs, ja nepieciešams)

SVARĪGI - Combofix.exe Jābūt saglabāta jūsu savu Desktop.

Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc)
Aizvērt / izslēgt visi pret vīrusu un pret ļaunprātīgu programmatūru programmas lai viņi netraucē Combofix. <- IMPORTANT
- Noklikšķiniet uz šo saiti redzēt programmu sarakstu, kas ir atspējota. Ja jūsu valsts nav sarakstā, un jūs nezināt, kā atspējot, lūdzu, jautājiet.
Dubultklikšķi combofix.exe un sekojiet norādījumiem.
- No tastatūras izvēlētos 1 un nospiediet Enter
Kad pabeigts, tas rada log for you.
Dienests, log jūsu nākamo atbildi.

Nav mouseclick combofix loga kamēr tas darbojas.
Skenēšana uz laiku apturēt jūsu darbvirsmas.
Ja pārtraukta tā var atstāt datoru iesaldēti.
Ja tā notiek, lūdzu pārstartējiet atjaunošanai darbvirsmas.

**evilfantasy** · #5 Janvāris 15, 2008, 08:52

Thats ne visu žurnālu.

Ja jums iet uz C: \ combofix.txt un pēc visu žurnālu.

jomm43point67 · #6 Janvāris 15, 2008, 09:47

Quote:

Originally Posted by evilfantasy

Thats ne visu žurnālu.

Ja jums jādodas uz C: combofix.txt un pēc visu žurnālu.

ComboFix 08-01-15.4 - Jomel 2008-01-15 22:29:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -8:00]
Sākot no: C: \ Downloads \ Software \ ComboFix.exe
* Izveido jaunu atjaunošanas punktu
WARNING, šī mašīna nav atkop Installed!
.
((((((((((((((((((((((((( Faili Created no 2007/12/16 līdz 2008/01/16 ))))))))))) ))))))))))))))))))))
.
2008/01/15 22:29. 2000/08/31 08:00 51.200 - ------ C: \ WINDOWS \ NirCmd.exe
2008/01/15 14:46. 2008/01/15 14:46 <DIR> d -------- C: \ Program Files \ Trend Micro
2008/01/15 13:35. 2008/01/15 13:36 <DIR> d -------- C: \ Program Files \ Common Files \ Adobe
2008/01/15 12:08. 2007/10/10 15:55 6.065.664 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll
2008/01/15 12:08. 2007/06/30 19:31 2.455.488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dat
2008/01/15 12:08. 2007/06/30 19:36 991.232 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll.mui
2008/01/15 12:08. 2007/10/10 15:55 459.264 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ msfeeds.dll
2008/01/15 12:08. 2007/10/10 15:55 383.488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dll
2008/01/15 12:08. 2007/10/10 15:55 267.776 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ iertutil.dll
2008/01/15 12:08. 2007/10/10 15:55 63.488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ icardie.dll
2008/01/15 12:08. 2007/10/10 15:55 52.224 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ msfeedsbs.dll
2008/01/15 12:08. 2007/10/10 02:59 13.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieudinit.exe
2008/01/15 09:09. 2004/08/03 08:56 221.184 - ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008/01/15 08:13. 2008/01/15 08:13 <DIR> d -------- C: \ Program Files \ Fraps
2008/01/15 01:15. 2008/01/15 12:49 <DIR> d - h ----- C: \ WINDOWS \ $ hf_mig $
2008/01/15 01:15. 2006/09/06 17:43 22.752 - ------ C: \ WINDOWS \ system32 \ spupdsvc.exe
2008/01/15 00:59. 2008/01/15 00:59 <DIR> d -------- C: \ Program Files \ IObit
2008/01/15 00:55. 2008/01/15 00:55 1.167 - ------ C: \ WINDOWS \ mozver.dat
2008/01/15 00:00. 2008/01/15 00:01 1.074 - ------ C: \ WINDOWS \ system32 \ tmp.reg
2008/01/14 23:05. 2008/01/14 23:23 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008/01/14 23:04. 2008/01/14 23:04 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/01/14 22:39. 2008/01/14 23:00 <DIR> d -------- C: \ Program Files \ EsetOnlineScanner
2008/01/14 22:31. 2008/01/14 22:31 <DIR> d -------- C: \ Downloads
2008/01/13 13:51. 2008/01/13 13:54 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ NCH Swift Sound
2008/01/13 13:51. 2008/01/13 13:52 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ NCH Swift Sound
2008/01/13 13:50. 2008/01/13 17:35 <DIR> d -------- C: \ Program Files \ NCH Swift Sound
2008/01/13 08:30. 2008/01/13 08:30 <DIR> d -------- C: \ Program Files \ HELP
2008/01/13 08:10. 2008/01/13 08:10 <DIR> d -------- C: \ Program Files \ Free Download Manager
2008/01/13 08:10. 2008/01/15 22:29 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Free Download Manager
2008/01/13 08:10. 2008/01/13 08:10 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ FreeDownloadManager.ORG
2008/01/12 20:03. 2008/01/12 20:03 <DIR> d -------- C: \ Program Files \ AVI MPEG RM WMV Splitter
2008/01/12 18:38. 2008/01/12 18:39 26 - ------ C: \ WINDOWS \ system32 \ satsukidecodersettings.ini
2008/01/08 06:45. 2008/01/14 19:34 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008/01/08 06:44. 2006/05/25 14:52 162.304 - ------ C: \ WINDOWS \ system32 \ ztvunrar36.dll
2008/01/08 06:44. 2003/02/02 19:06 153.088 - ------ C: \ WINDOWS \ system32 \ UNRAR3.dll
2008/01/08 06:44. 2005/08/26 00:50 77.312 - ------ C: \ WINDOWS \ system32 \ ztvunace26.dll
2008/01/08 06:44. 2002/03/06 00:00 75.264 - ------ C: \ WINDOWS \ system32 \ unacev2.dll
2008/01/08 06:44. 2006/06/19 12:01 69.632 - ------ C: \ WINDOWS \ system32 \ ztvcabinet.dll
2008/01/07 21:59. 2008/01/07 21:59 <DIR> d --- s ---- C: \ Documents and Settings \ Jomel \ lietotāju datu
2008/01/06 20:56. 2004/08/03 23:08 26.496 - - c --- C: \ WINDOWS \ system32 \ dllcache \ usbstor.sys
2008/01/05 18:55. 2008/01/05 18:55 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ nView_Profiles
2008/01/05 09:16. 2008/01/05 09:16 <DIR> d -------- C: \ Program Files \ K-Lite Codec Pack
2008/01/04 16:13. 2008/01/04 16:13 <DIR> d -------- C: \ Program Files \ ZillaSoft.ws
2008/01/04 16:13. 2004/02/05 13:53 389.120 - ------ C: \ WINDOWS \ system32 \ actskn43.ocx
2008/01/04 16:13. 2004/01/09 04:54 188.416 - ------ C: \ WINDOWS \ system32 \ actsplash.ocx
2008/01/04 16:12. 2005/08/27 02:38 1.435.272 - ------ C: \ WINDOWS \ system32 \ Flash.ocx
2008/01/04 16:12. 2002/03/04 12:27 1.140.472 - ------ C: \ WINDOWS \ system32 \ IGUltraGrid20.ocx
2008/01/04 16:12. 2000/05/22 04:00 1.066.176 - ------ C: \ WINDOWS \ system32 \ mscomctl.ocx
2008/01/04 16:12. 2003/11/19 13:59 512.688 - ------ C: \ WINDOWS \ system32 \ XceedCry.dll
2008/01/04 16:12. 2001/07/28 12:50 265.753 - ------ C: \ WINDOWS \ system32 \ AS-Exp2.ocx
2008/01/04 16:12. 2004/03/08 23:00 131.856 - ------ C: \ WINDOWS \ system32 \ MSADODC.ocx
2008/01/04 16:12. 2000/07/14 23:00 118.784 - ------ C: \ WINDOWS \ system32 \ msstdfmt.dll
2008/01/04 16:12. 2000/07/15 05:00 101.888 - ------ C: \ WINDOWS \ system32 \ VB6STKIT.DLL
2008/01/04 16:12. 1999/01/26 19:36 11.012 - ------ C: \ WINDOWS \ system32 \ threadapi.tlb
2007/12/31 20:24. 2007/12/31 20:24 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Ahead
2007/12/31 17:07. 2007/12/31 17:07 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Yahoo!
2007/12/31 17:07. 2007/12/31 17:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Companion
2007/12/30 22:27. 2007/12/30 22:27 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ WebCompiler3
2007/12/30 22:00. 2008/01/15 08:21 49 - ------ C: \ WINDOWS \ NeroDigital.ini
2007/12/30 21:58. 2007/12/30 21:58 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ FDRLab
2007/12/29 20:21. 2007/12/29 20:21 <DIR> d -------- C: \ WINDOWS \ system32 \ QuickTime
2007/12/29 14:40. 2007/12/29 14:40 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Nepilnīga
2007/12/29 14:39. 2008/01/12 19:10 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ limewire
2007/12/29 14:39. 2007/09/24 23:31 69.632 - ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2007/12/29 14:37. 2007/12/29 14:38 <DIR> d -------- C: \ Program Files \ Java
2007/12/29 14:36. 2007/12/29 14:36 <DIR> d -------- C: \ Program Files \ Common Files \ Java
2007/12/29 11:25. 2008/01/01 20:43 <DIR> d -------- C: \ Program Files \ limewire
2007/12/28 23:32. 2007/12/29 21:36 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia
2007/12/28 23:28. 2007/12/29 20:15 <DIR> d -------- C: \ WINDOWS \ Downloaded Iekārtas
2007/12/28 22:36. 2007/12/28 22:36 <DIR> d -------- C: \ Program Files \ uTorrent
2007/12/28 22:36. 2008/01/14 22:12 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ uTorrent
2007/12/28 22:13. 2007/12/28 22:13 <DIR> d -------- C: \ Program Files \ CCleaner
2007/12/28 19:48. 2007/12/28 19:50 <DIR> d -------- C: \ WINDOWS \ nView
2007/12/28 19:48. 2006/10/22 12:22 208.896 - ------ C: \ WINDOWS \ system32 \ nvudisp.exe
2007/12/28 19:48. 2008/01/15 21:49 88.566 - ------ C: \ WINDOWS \ system32 \ nvapps.xml
2007/12/28 19:48. 2006/10/22 12:22 17.056 - ------ C: \ WINDOWS \ system32 \ nvdisp.nvu
2007/12/28 19:47. 2006/10/22 15:06 208.896 - ------ C: \ WINDOWS \ system32 \ NVUNINST.EXE
2007/12/28 15:05. 2007/12/28 15:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo!
2007/12/28 14:55. 2007/12/28 15:03 <DIR> d -------- C: \ Program Files \ Yahoo!
2007/12/28 10:39. 2008/01/14 23:05 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ SUPERAntiSpyware.com
2007/12/28 10:39. 2007/12/28 10:39 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2007/12/28 09:13. 2007/12/28 09:13 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007/12/27 21:37. 2008/01/08 11:43 <DIR> d -------- C: \ Program Files \ EA SPORTS
2007/12/27 21:05. 2006/09/29 20:42 <DIR> d -------- C: \ Program Files \ Support
2007/12/27 21:05. 2006/09/29 20:42 <DIR> d -------- C: \ Program Files \ galvenā
2007/12/27 21:05. 2007/12/29 21:36 <DIR> d -------- C: \ Program Files \ Macromedia
2007/12/27 21:05. 2006/09/29 20:42 <DIR> d -------- C: \ Program Files \ IE
2007/12/27 21:03. 2006/09/29 20:42 <DIR> d -------- C: \ Program Files \ DirectX
2007/12/27 19:59. 2008/01/10 22:39 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ AVG7
2007/12/27 19:58. 2007/12/27 19:58 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007/12/27 19:58. 2007/12/27 19:58 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007/12/27 19:58. 2008/01/07 22:53 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ avg7
2007/12/27 19:58. 2007/12/27 19:58 499.712 - ------ C: \ WINDOWS \ system32 \ msvcp71.dll
2007/12/27 19:58. 2007/12/27 19:58 348.160 - ------ C: \ WINDOWS \ system32 \ msvcr71.dll
2007/12/27 18:48. 2007/12/27 18:48 <DIR> d -------- C: \ NVIDIA
2007/12/27 18:44. 2004/08/03 23:10 10.880 - ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007/12/27 18:44. 2004/08/03 23:10 10.880 - - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007/12/27 18:44. 2004/08/03 22:58 5.504 - ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007/12/27 18:44. 2004/08/03 22:58 5.504 - - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007/12/27 18:37. 2001/11/22 20:08 712.704 - - c --- C: \ WINDOWS \ system32 \ dllcache \ a3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/01/15 07:17 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2007/12/28 01:28 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007/12/04 10:33 682.496 ---- aw C: \ WINDOWS \ system32 \ divx.dll
2007/11/30 07:30 3.596.288 ---- aw C: \ WINDOWS \ system32 \ qt-dx331.dll
2007/11/30 07:28 81.920 ---- aw C: \ WINDOWS \ system32 \ dpl100.dll
2007/11/21 18:23 81.920 ---- aw C: \ WINDOWS \ system32 \ frapsvid.dll
2007/11/07 09:26 721.920 ---- aw C: \ WINDOWS \ system32 \ lsasrv.dll
2007/10/29 22:43 1.287.680 ---- aw C: \ WINDOWS \ system32 \ quartz.dll
2007/10/28 01:40 227.328 ---- aw C: \ WINDOWS \ system32 \ wmasf.dll
2007/10/22 11:39 267.272 ---- aw C: \ WINDOWS \ system32 \ xactengine2_10.dll
2007/10/22 11:37 17.928 ---- aw C: \ WINDOWS \ system32 \ X3DAudio1_2.dll
2007/10/17 17:23 10.752 ---- aw C: \ WINDOWS \ system32 \ WhoisCL.exe
2001/11/23 04:08 712.704 ---- ar C: \ WINDOWS \ inf \ CITI \ AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007/06/21 14:06 1.318.912]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2004/10/13 08:24 1.694.208]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004/08/03 08:56 15.360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2004/07/07 17:28 155.648]
"Cmaudio" = "cmicnfg.cpl" []
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007/12/27 19:58 579.072]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006/10/22 12:22 7.700.480]
"nwiz" = "nwiz.exe" [2006/10/22 12:22 1.622.016 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2006/10/22 12:22 86.016]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007/09/25 01:11 132.496]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2007/10/10 19:51 39.792]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007/12/27 19:58 219.136]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ Explorer]
"NoResolveSearch" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006/12/20 13:55 77.824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007/04/19 13:41 294.912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
R2 SetupNT; SetupNT, C: \ WINDOWS \ system32 \ SetupNT.sys [2000/10/25 04:27]
* Jaunizveidoto Service * - PROCEXP90
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/01/15 22:31:35
Windows 5.1.2600 Service Pack 2 NTFS
skenēšana slēptās procesi ...
skenēšana slēptās palaišana ieraksti ...
skenēšana slēptos failus ...
scan sekmīgi pabeigta
slēptos failus: 0
************************************************** ************************
.
Pabeigšanas laiks: 2008/01/15 22:32:38
.
2008/01/15 20:49:48 --- EOF ---

**evilfantasy** · #7 Janvāris 15, 2008, 10:12

Pirmais iet uz šī apmācība un instalētu atkopšanas konsoli.

----------

Lejupielādēt FixIEDef ar ShadowPuterDude uz Desktop.
Veiciet dubultklikšķi uz FixIEDef.exe
- ja darbojas Vista, noklikšķiniet uz OK par FixIEDef darbojas kā administrators popup

WARNING: FixIEDef būs nogalināt visus eksemplārus Internet Explorer un Explorer , kas darbojas, veicot izraidīšanas ļaunprātīgu failus. Ikonas un izvēlnes Sākt savā datorā nebūs redzams, kamēr FixIEDef ir novērst ļaunprātīgu failus. Tas ir nepieciešams, lai novērstu daļas infekcija, kas citādi nevar noņemt.

FixIEDef atgriezīsies viss normālas, un, kad tas ir pabeigts noņemšanas process.

Click Iziet vienreiz FixIEDef parāda visas gatavās ziņu.
Pievienot FixIEDef.log uz nākamo ziņojumu. Log būs uz jūsu rakstāmgalda.

----------

Palaist jaunu HijackThis skenēšanas un pasta žurnālā.

----------

Next post lūdzu, pievienojiet
FixIEDef log
New HijackThis log

jomm43point67 · #8 Janvāris 15, 2008, 17:21

************************************************** ******************************
* *
* FixIEDef Log *
* Version 1.0.0.875 *
* *
************************************************** ******************************
Created at 08:12:02 no trešdiena 16 janvāris, 2008
Operating System: Windows XP
Service Pack Level: Service Pack 2
Sistēma Langauge: Angļu
Procesors: X86
-------------------------------------------------- ------------------------------
! Failus, kas ir izdzēsti!
Nav ļaunprātīga faili atrasti
-------------------------------------------------- ------------------------------
! Katalogi, kas ir noņemtas!
Nav ļaunprātīga katalogi noņemt
-------------------------------------------------- ------------------------------
! Reģistra ieraksti, kas ir noņemtas!
HKEY_CLASSES_ROOT \ toprates.Video
HKEY_CLASSES_ROOT \ AppID \ toprates.dll
HKEY_CLASSES_ROOT \ AppID \ (038F228B-EED3-4A87-A565-F88FC99EBA91)
HKEY_CLASSES_ROOT \ Interface \ (48D78BE5-CFB9-4B66-9AC4-96D4CF21DE06)
HKEY_CLASSES_ROOT \ TypeLib \ (74D46BBA-5.638-473A-83B6-97E7804A7411)
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ DateTime
================================================== ==============================
Visi Done:)
ShadowPuterDude
Drošu sērfošanu!




Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 8:13:36 gada 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Windows \ Explorer.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ PROGRA ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ WINDOWS \ system32 \ NOTEPAD.EXE
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Pakalpojumi Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] RunDll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
Ø8 - ārpus konteksta menu item: Download visām Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
Ø8 - ārpus konteksta menu item: Download izvēlētas, Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
Ø8 - ārpus konteksta menu item: Download video ar Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
Ø8 - ārpus konteksta menu item: Download ar Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
Ø16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
--
End of failu - 5.838 bytes

**evilfantasy** · #9 Janvāris 15, 2008, 17:32

Java ir novecojusi neizejot no sistēmas neaizsargātību.
Vecākas versijas Java ir ievainojamības, ka ļaundabīgās programmas var izmantot, lai inficēt jūsu sistēmā.

Iet uz>> http://java.sun.com/javase/downloads/index.jsp
On Sun Java lapā atrodiet 4. lejupielādēt Java Runtime Environment (JRE) 6 Update 4 uzstādīt jauno versiju.
Blakus iet uz Pievienot / noņemt programmas un noņemt visus vecākas versijas.
Vai nevar atinstalēt Java (JRE) 6 Update 4.
Tad iet uz C: \ Program Files \Java un dzēst vecās mapes.
Noteikti saglabāt jre1.6.0_04

Log izskatās naudas tagad.

Kā dators tagad?

jomm43point67 · #10 Janvāris 15, 2008, 23:16

wow! beidzot! i nomontēt 4 adware-trojans!

Liels paldies jums sir!
vairāk varas!

šī lapa ir tik foršs! _m /