Nid de ajutor! ~ Nu pot elimina acest adware / virus!

jomm43point67 · #1 14 ianuarie 2008, 19:29

Nume: Trojan.Win32.Obfuscated.gx Tip: Trojan Risc de impact: Extrem de ridicat Fake critice eroare de sistem de avertizare

**evilfantasy** · #2 14 ianuarie 2008, 21:18

Sa o HJT log.

Descărcaţi şi redenumiţi HijackThis (HJT)

Faceţi dublu-clic pe HJTInstall.
Click pe Instalaţi buton.
Se va transforma automat în loc HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
După instalare, HijackThis ar trebui să se deschidă pentru tine.
- Inchide HijackThis şi redenumiţi-o.
- Du-te la C: \ Program Files \ Trend Micro \HijackThis.exe
- Click dreapta pe HijackThis.exe şi selectaţi Redenumire.
- Tip în sniper.exe şi apăsaţi Introduceţi.
- Clic-dreapta pe sniper.exe şi selectaţi Pentru a trimite > Spaţiul de lucru (crea shortcut)
De la spaţiul de lucru deschis HiackThis.
Dacă utilizaţi Windows Vista, asiguraţi-vă că Executare ca administrator
Click pe Fă-un sistem de scanare şi salva un fişier de log buton
HijackThis va scana şi apoi un jurnal se va deschide în Notepad.
Copiaţi şi lipiţi apoi conectaţi-vă posta.
- Nu au Hijackthis repara nimic încă. Cea mai mare parte a ceea ce se constată va fi inofensiv sau chiar necesare.

Chiar dacă ne-am redenumit HijackThis la lunetist, ne vom referi în continuare să-l ca HijackThis sau HJT.

Înainte posta, vă rugăm să adăugaţi
Hijackthis jurnal

jomm43point67 · #3 14 ianuarie 2008, 23:55

Logfile de Trend Micro HijackThis v2.0.2
Scan salvat de la 2:49:52, pe 15/01/2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Windows \ system32 \ nvsvc32.exe
C: \ WINDOWS \ Explorer.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Windows \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ PROGRA ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll
O2 - BHO: & Yahoo! Bara de instrumente Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / startup
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: Descarcă toate cu Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
O8 - Extra context menu item: Download Free Download ales cu Manager - file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
O8 - Extra context menu item: Download video cu Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra context menu item: Download cu Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvsvc32.exe

--
Sfârşit de fişier - 5867 bytes

**evilfantasy** · #4 15 ianuarie 2008, 00:47

De jurnal nu arată nici un malware-ului, la toate.

Rulaţi acest post de jurnal şi după aceea.

Vă rugăm să descărcaţi Combofix de sUBs de la unul din link-urile de mai jos.
(Încearcă toate trei, dacă este necesar)

IMPORTANT - Combofix.exe TREBUIE SĂ fi salvate, pentru a-ţi-vă Spaţiul de lucru.

Închideţi orice deschide browsere. (Firefox, Internet Explorer, etc)
Inchide / dezactiva toate anti-virus si anti malware programe astfel încât acestea să nu interfereze cu Combofix. <- IMPORTANT
- Faceţi clic pe acest link pentru a vedea o lista de programe care ar trebui să fie dezactivat. Dacă dumneavoastră nu este în listă şi nu ştiţi cum să dezactivaţi-l, vă rugăm să întrebaţi.
Faceţi dublu clic combofix.exe & urmăriţi solicitările.
- De la tastatura, selectaţi 1 şi apăsaţi Introduceţi
Când aţi terminat, se va produce un jurnal pentru tine.
Post-vă că intraţi în următorul răspuns.

Nu mouseclick combofix fereastra în timp ce se execută.
De scanare va dezactiva temporar pe desktop.
Dacă s-ar putea lăsa întreruptă pe computer congelate.
Dacă se întâmplă acest lucru, vă rugăm să reporniţi sistemul pentru a restaura spaţiul de lucru.

**evilfantasy** · #5 15 ianuarie 2008, 08:52

Thats nu toată jurnal.

Dacă aveţi nevoie pentru a merge la C: \ combofix.txt şi post toată jurnal.

jomm43point67 · #6 15 ianuarie 2008, 09:47

Citat:

Iniţial Adăugată pe site de evilfantasy

Thats nu toată jurnal.

Dacă aveţi nevoie pentru a merge la C: combofix.txt şi post toată jurnal.

ComboFix 08-01-15.4 - Jomel 2008-01-15 22:29:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -8:00]
Rularea de la: C: \ Downloads \ Software \ ComboFix.exe
* Creat un nou punct de restabilire
AVERTISMENT-această maşină nu are instalat Consola de recuperare!!
.
((((((((((((((((((((((((( Fişierele create de 2007-12-16 la 2008-01-16 ))))))))))) ))))))))))))))))))))
.
2008-01-15 22:29. 2000-08-31 08:00 51,200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 14:46. 2008-01-15 14:46 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 13:35. 2008-01-15 13:36 <DIR> d -------- C: \ Program Files \ Common Files \ Adobe
2008-01-15 12:08. 2007-10-10 15:55 6.065.664 ----- c --- C: \ Windows \ system32 \ dllcache \ ieframe.dll
2008-01-15 12:08. 2007-06-30 19:31 2.455.488 ----- c --- C: \ Windows \ system32 \ dllcache \ ieapfltr.dat
2008-01-15 12:08. 2007-06-30 19:36 991.232 ----- c --- C: \ Windows \ system32 \ dllcache \ ieframe.dll.mui
2008-01-15 12:08. 2007-10-10 15:55 459.264 ----- c --- C: \ Windows \ system32 \ dllcache \ msfeeds.dll
2008-01-15 12:08. 2007-10-10 15:55 383.488 ----- c --- C: \ Windows \ system32 \ dllcache \ ieapfltr.dll
2008-01-15 12:08. 2007-10-10 15:55 267.776 ----- c --- C: \ Windows \ system32 \ dllcache \ iertutil.dll
2008-01-15 12:08. 2007-10-10 15:55 63.488 ----- c --- C: \ Windows \ system32 \ dllcache \ icardie.dll
2008-01-15 12:08. 2007-10-10 15:55 52.224 ----- c --- C: \ Windows \ system32 \ dllcache \ msfeedsbs.dll
2008-01-15 12:08. 2007-10-10 02:59 13.824 ----- c --- C: \ Windows \ system32 \ dllcache \ ieudinit.exe
2008-01-15 09:09. 2004-08-03 08:56 221,184 - a ------ C: \ Windows \ system32 \ wmpns.dll
2008-01-15 08:13. 2008-01-15 08:13 <DIR> d -------- C: \ Program Files \ Fraps
2008-01-15 01:15. 2008-01-15 12:49 <DIR> d - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-15 01:15. 2006-09-06 17:43 22.752 - a ------ C: \ Windows \ system32 \ spupdsvc.exe
2008-01-15 00:59. 2008-01-15 00:59 <DIR> d -------- C: \ Program Files \ IObit
2008-01-15 00:55. 2008-01-15 00:55 1.167 - o ------ C: \ WINDOWS \ mozver.dat
2008-01-15 00:00. 2008-01-15 00:01 1.074 - o ------ C: \ Windows \ system32 \ tmp.reg
2008-01-14 23:05. 2008-01-14 23:23 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-14 23:04. 2008-01-14 23:04 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-14 22:39. 2008-01-14 23:00 <DIR> d -------- C: \ Program Files \ EsetOnlineScanner
2008-01-14 22:31. 2008-01-14 22:31 <DIR> d -------- C: \ Downloads
2008-01-13 13:51. 2008-01-13 13:54 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ NCH Swift Sound
2008-01-13 13:51. 2008-01-13 13:52 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ NCH Swift Sound
2008-01-13 13:50. 2008-01-13 17:35 <DIR> d -------- C: \ Program Files \ NCH Swift Sound
2008-01-13 08:30. 2008-01-13 08:30 <DIR> d -------- C: \ Program Files \ HELP
2008-01-13 08:10. 2008-01-13 08:10 <DIR> d -------- C: \ Program Files \ Free Download Manager
2008-01-13 08:10. 2008-01-15 22:29 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Free Download Manager
2008-01-13 08:10. 2008-01-13 08:10 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ FreeDownloadManager.ORG
2008-01-12 20:03. 2008-01-12 20:03 <DIR> d -------- C: \ Program Files \ AVI MPEG RM WMV separator
2008-01-12 18:38. 2008-01-12 18:39 26 - a ------ C: \ Windows \ system32 \ satsukidecodersettings.ini
2008-01-08 06:45. 2008-01-14 19:34 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-01-08 06:44. 2006-05-25 14:52 162.304 - a ------ C: \ Windows \ system32 \ ztvunrar36.dll
2008-01-08 06:44. 2003-02-02 19:06 153.088 - a ------ C: \ Windows \ system32 \ UNRAR3.dll
2008-01-08 06:44. 2005-08-26 00:50 77,312 - a ------ C: \ Windows \ system32 \ ztvunace26.dll
2008-01-08 06:44. 2002-03-06 00:00 75,264 - a ------ C: \ Windows \ system32 \ unacev2.dll
2008-01-08 06:44. 2006-06-19 12:01 69,632 - a ------ C: \ Windows \ system32 \ ztvcabinet.dll
2008-01-07 21:59. 2008-01-07 21:59 <DIR> d --- s ---- C: \ Documents and Settings \ Jomel \ userdata
2008-01-06 20:56. 2004-08-03 23:08 26.496 - a - c --- C: \ Windows \ system32 \ dllcache \ usbstor.sys
2008-01-05 18:55. 2008-01-05 18:55 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ nView_Profiles
2008-01-05 09:16. 2008-01-05 09:16 <DIR> d -------- C: \ Program Files \ K-Lite Codec Pack
2008-01-04 16:13. 2008-01-04 16:13 <DIR> d -------- C: \ Program Files \ ZillaSoft.ws
2008-01-04 16:13. 2004-02-05 13:53 389,120 - a ------ C: \ Windows \ system32 \ actskn43.ocx
2008-01-04 16:13. 2004-01-09 04:54 188.416 - a ------ C: \ Windows \ system32 \ actsplash.ocx
2008-01-04 16:12. 2005-08-27 02:38 1,435,272 - a ------ C: \ Windows \ system32 \ Flash.ocx
2008-01-04 16:12. 2002-03-04 12:27 1,140,472 - a ------ C: \ Windows \ system32 \ IGUltraGrid20.ocx
2008-01-04 16:12. 2000-05-22 04:00 1,066,176 - a ------ C: \ Windows \ system32 \ mscomctl.ocx
2008-01-04 16:12. 2003-11-19 13:59 512.688 - a ------ C: \ Windows \ system32 \ XceedCry.dll
2008-01-04 16:12. 2001-07-28 12:50 265,753 - a ------ C: \ Windows \ system32 \ AS-Exp2.ocx
2008-01-04 16:12. 2004-03-08 23:00 131.856 - a ------ C: \ Windows \ system32 \ MSADODC.ocx
2008-01-04 16:12. 2000-07-14 23:00 118.784 - a ------ C: \ Windows \ system32 \ msstdfmt.dll
2008-01-04 16:12. 2000-07-15 05:00 101,888 - a ------ C: \ Windows \ system32 \ VB6STKIT.DLL
2008-01-04 16:12. 1999-01-26 19:36 11,012 - a ------ C: \ Windows \ system32 \ threadapi.tlb
2007-12-31 20:24. 2007-12-31 20:24 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Ahead
2007-12-31 17:07. 2007-12-31 17:07 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Yahoo!
2007-12-31 17:07. 2007-12-31 17:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Companion
2007-12-30 22:27. 2007-12-30 22:27 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ WebCompiler3
2007-12-30 22:00. 2008-01-15 08:21 49 - a ------ C: \ WINDOWS \ NeroDigital.ini
2007-12-30 21:58. 2007-12-30 21:58 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ FDRLab
2007-12-29 20:21. 2007-12-29 20:21 <DIR> d -------- C: \ Windows \ system32 \ QuickTime
2007-12-29 14:40. 2007-12-29 14:40 <DIR> d -------- C: \ Documents and Settings \ Jomel \ incomplete
2007-12-29 14:39. 2008-01-12 19:10 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ LimeWire
2007-12-29 14:39. 2007-09-24 23:31 69.632 - a ------ C: \ Windows \ system32 \ javacpl.cpl
2007-12-29 14:37. 2007-12-29 14:38 <DIR> d -------- C: \ Program Files \ Java
2007-12-29 14:36. 2007-12-29 14:36 <DIR> d -------- C: \ Program Files \ Common Files \ Java
2007-12-29 11:25. 2008-01-01 20:43 <DIR> d -------- C: \ Program Files \ LimeWire
2007-12-28 23:32. 2007-12-29 21:36 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia
2007-12-28 23:28. 2007-12-29 20:15 <DIR> d -------- C: \ WINDOWS \ Downloaded Instalatii
2007-12-28 22:36. 2007-12-28 22:36 <DIR> d -------- C: \ Program Files \ uTorrent
2007-12-28 22:36. 2008-01-14 22:12 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ uTorrent
2007-12-28 22:13. 2007-12-28 22:13 <DIR> d -------- C: \ Program Files \ CCleaner
2007-12-28 19:48. 2007-12-28 19:50 <DIR> d -------- C: \ WINDOWS \ nView
2007-12-28 19:48. 2006-10-22 12:22 208.896 - a ------ C: \ Windows \ system32 \ nvudisp.exe
2007-12-28 19:48. 2008-01-15 21:49 88.566 - a ------ C: \ Windows \ system32 \ nvapps.xml
2007-12-28 19:48. 2006-10-22 12:22 17,056 - a ------ C: \ Windows \ system32 \ nvdisp.nvu
2007-12-28 19:47. 2006-10-22 15:06 208.896 - a ------ C: \ Windows \ system32 \ NVUNINST.EXE
2007-12-28 15:05. 2007-12-28 15:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo!
2007-12-28 14:55. 2007-12-28 15:03 <DIR> d -------- C: \ Program Files \ Yahoo!
2007-12-28 10:39. 2008-01-14 23:05 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ SUPERAntiSpyware.com
2007-12-28 10:39. 2007-12-28 10:39 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2007-12-28 09:13. 2007-12-28 09:13 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-27 21:37. 2008-01-08 11:43 <DIR> d -------- C: \ Program Files \ EA SPORTS
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ Support
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ principală
2007-12-27 21:05. 2007-12-29 21:36 <DIR> d -------- C: \ Program Files \ Macromedia
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ IE
2007-12-27 21:03. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ DirectX
2007-12-27 19:59. 2008-01-10 22:39 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ AVG7
2007-12-27 19:58. 2007-12-27 19:58 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-27 19:58. 2007-12-27 19:58 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-27 19:58. 2008-01-07 22:53 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ avg7
2007-12-27 19:58. 2007-12-27 19:58 499.712 - a ------ C: \ Windows \ system32 \ msvcp71.dll
2007-12-27 19:58. 2007-12-27 19:58 348.160 - a ------ C: \ Windows \ system32 \ msvcr71.dll
2007-12-27 18:48. 2007-12-27 18:48 <DIR> d -------- C: \ NVIDIA
2007-12-27 18:44. 2004-08-03 23:10 10,880 - a ------ C: \ Windows \ system32 \ drivers \ NdisIP.sys
2007-12-27 18:44. 2004-08-03 23:10 10.880 - a - c --- C: \ Windows \ system32 \ dllcache \ ndisip.sys
2007-12-27 18:44. 2004-08-03 22:58 5.504 - o ------ C: \ Windows \ system32 \ drivers \ MSTEE.sys
2007-12-27 18:44. 2004-08-03 22:58 5.504 - a - c --- C: \ Windows \ system32 \ dllcache \ mstee.sys
2007-12-27 18:37. 2001-11-22 20:08 712.704 - a - c --- C: \ Windows \ system32 \ dllcache \ a3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 07:17 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2007-12-28 01:28 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007-12-04 10:33 682.496 ---- Aw C: \ Windows \ system32 \ divx.dll
2007-11-30 07:30 3.596.288 ---- Aw C: \ Windows \ system32 \ qt-dx331.dll
2007-11-30 07:28 81.920 ---- Aw C: \ Windows \ system32 \ dpl100.dll
2007-11-21 18:23 81.920 ---- Aw C: \ Windows \ system32 \ frapsvid.dll
2007-11-07 09:26 721.920 ---- Aw C: \ Windows \ system32 \ lsasrv.dll
2007-10-29 22:43 1.287.680 ---- Aw C: \ Windows \ system32 \ quartz.dll
2007-10-28 01:40 227.328 ---- Aw C: \ Windows \ system32 \ wmasf.dll
2007-10-22 11:39 267.272 ---- Aw C: \ Windows \ system32 \ xactengine2_10.dll
2007-10-22 11:37 17.928 ---- Aw C: \ Windows \ system32 \ X3DAudio1_2.dll
2007-10-17 17:23 10.752 ---- Aw C: \ Windows \ system32 \ WhoisCL.exe
2001-11-23 04:08 712.704 ---- ar C: \ WINDOWS \ inf \ ALTE \ AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2004-10-13 08:24 1694208]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2004-08-03 08:56 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ Windows \ system32 \ NeroCheck.e XE" [2004-07-07 17:28 155648]
"Cmaudio" = "cmicnfg.cpl" []
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-27 19:58 579072]
"NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz" = "nwiz.exe" [2006-10-22 12:22 1622016 C: \ Windows \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2006-10-22 12:22 86016]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-27 19:58 219136]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Policies \ Explorer]
"NoResolveSearch" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
R2 SetupNT; SetupNT; C: \ Windows \ system32 \ SetupNT.sys [2000-10-25 04:27]
* Newly Created Service * - PROCEXP90
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:31:35
Windows 5.1.2600 Service Pack 2 NTFS
scanare ascuns procese ...
scanare ascuns autostart intrări ...
scanare fişiere ascunse ...
scanare sa finalizat cu succes
fişiere ascunse: 0
************************************************** ************************
.
Completion time: 2008-01-15 22:32:38
.
2008-01-15 20:49:48 --- EOF ---

**evilfantasy** · #7 15 ianuarie 2008, 10:12

În primul rând pentru a merge Acest ghid şi a instala Consola de recuperare.

----------

Descărca FixIEDef ShadowPuterDude de pe desktop.
Faceţi dublu-clic pe FixIEDef.exe
- în cazul în care rulează Vista, faceţi clic pe OK pe FixIEDef se execută ca administrator popup

AVERTISMENT: FixIEDef va ucide toate copiile Internet Explorer şi Explorer care se execută, în timpul îndepărtarea fisiere malware. Pictogramele şi Start Menu pe spaţiul de lucru nu vor fi vizibile în timp ce FixIEDef este de a scoate fisiere malware. Acest lucru este necesar pentru a elimina o parte a infecţiei cu care altfel nu ar fi eliminate.

FixIEDef totul va reveni la normal, atunci când sa terminat procesul de eliminare.

Faceţi clic pe Exit o dată FixIEDef afişează Toate terminate mesaj.
Ataşaţi FixIEDef.log să vă următoarea mesaj. De jurnal va fi pe desktop.

----------

Porneşte o nouă Hijackthis scanare şi post de jurnal.

----------

Înainte posta, vă rugăm să adăugaţi
FixIEDef jurnal
New Hijackthis jurnal

jomm43point67 · #8 15 ianuarie 2008, 17:21

************************************************** ******************************
* *
* * FixIEDef Autentificare
* Version 1.0.0.875 *
* *
************************************************** ******************************
Creat la 08:12:02, miercuri, 16 ianuarie 2008
Sistem de operare: Windows XP
Service Pack Nivel: Service Pack 2
Sistemul de Langauge: engleză
Procesor: X86
-------------------------------------------------- ------------------------------
!!! Fişierele care au fost şterse!!!
Nu fisiere malware găsit
-------------------------------------------------- ------------------------------
!!! Directoarele care au fost eliminate!
Nu rău directoare pentru a fi eliminate
-------------------------------------------------- ------------------------------
!!! Intrările de registry care au fost eliminate!
HKEY_CLASSES_ROOT \ toprates.Video
HKEY_CLASSES_ROOT \ AppID \ toprates.dll
HKEY_CLASSES_ROOT \ AppID \ (038F228B-EED3-4A87-A565-F88FC99EBA91)
HKEY_CLASSES_ROOT \ Interface \ (48D78BE5-CFB9-4B66-9AC4-96D4CF21DE06)
HKEY_CLASSES_ROOT \ TypeLib \ (74D46BBA-5638-473A-83B6-97E7804A7411)
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Datetime
================================================== ==============================
Toate Adoptată:)
ShadowPuterDude
Navigarea în siguranţă!




Logfile de Trend Micro HijackThis v2.0.2
Scan salvat de la 8:13:36, pe 16/01/2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Windows \ system32 \ nvsvc32.exe
C: \ WINDOWS \ Explorer.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Windows \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Windows \ system32 \ svchost.exe
C: \ PROGRA ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ Windows \ system32 \ NOTEPAD.EXE
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll
O2 - BHO: & Yahoo! Bara de instrumente Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / startup
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: Descarcă toate cu Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
O8 - Extra context menu item: Download Free Download ales cu Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
O8 - Extra context menu item: Download video cu Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra context menu item: Download cu Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvsvc32.exe
--
Sfârşit de fişier - 5838 bytes

**evilfantasy** · #9 15 ianuarie 2008, 17:32

Java este din data de a părăsi sistemul de vulnerabile.
Versiuni mai vechi ale Java au vulnerabilities malware care se pot utiliza pentru a infecta sistemul dumneavoastră.

Du-te la>> http://java.sun.com/javase/downloads/index.jsp
Pe de Sun Java pagina defilaţi la a 4-a descărca Java Runtime Environment (JRE) 6 Update 4 pentru a instala noua versiune.
Înainte de a merge pe Adăugare / Eliminare programe si elimina toate versiunile mai vechi.
Nu dezinstalaţi Java (JRE) 6 Update 4.
Apoi, du-te la C: \ Program Files \Java şi şterge dosare vechi.
Asiguraţi-vă că pentru a menţine jre1.6.0_04

Jurnalul arata bine acum.

Cum este acum computer?

jomm43point67 · #10 15 ianuarie 2008, 23:16

wow! În cele din urmă! i demontate 4 adware-troieni!!!

Un mare Multumesc pentru tine domnule!
mai multă putere!

acest site este asa de cool! _m /