Nie działają niektóre strony, wyskakują popupy


(Psota) #1

Problem wygląda następująco.

Nie otwierają się niektóre strony internetowe, np. gmail.com, dobreprogramy.pl

Avast wykrył kilka trojanów ale se nie radzi

Wyskakują popupy reklamujące "antywirusy" np. "antivirus2009", "frescan.php"

Logfile of Trend Micro HijackThis v2.0.2 

Scan saved at 02:53:10, on 2008-08-05 

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) 

MSIE: Internet Explorer v7.00 (7.00.6000.16674) 

Boot mode: Normal 


Running processes: 

C:\WINDOWS\System32\smss.exe 

C:\WINDOWS\system32\winlogon.exe 

C:\WINDOWS\system32\services.exe 

C:\WINDOWS\system32\lsass.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\System32\svchost.exe 

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 

C:\Program Files\Alwil Software\Avast4\ashServ.exe 

C:\WINDOWS\Explorer.EXE 

C:\WINDOWS\system32\spoolsv.exe 

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe 

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe 

C:\WINDOWS\system32\ICO.EXE 

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe 

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe 

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 

C:\WINDOWS\system32\igfxtray.exe 

C:\WINDOWS\system32\hkcmd.exe 

C:\WINDOWS\system32\igfxpers.exe 

C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe 

C:\Program Files\Common Files\LightScribe\LSSrvc.exe 

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe 

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 

C:\Program Files\Vongo\VongoService.exe 

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 

C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe 

C:\WINDOWS\system32\wscntfy.exe 

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe 

C:\Program Files\Winamp\winampa.exe 

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE 

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe 

C:\Program Files\Konnekt\konnekt.exe 

C:\Program Files\Skype\Phone\Skype.exe 

C:\WINDOWS\system32\ctfmon.exe 

C:\WINDOWS\System32\svchost.exe 

C:\Program Files\Vongo\Tray.exe 

C:\WINDOWS\system32\rundll32.exe 

C:\WINDOWS\system32\igfxsrvc.exe 

C:\Program Files\Skype\Plugin Manager\skypePM.exe 

C:\Program Files\Mozilla Firefox\firefox.exe 

C:\Program Files\Common Files\Teleca Shared\Generic.exe 

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe 

C:\WINDOWS\system32\rundll32.exe 

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe 

C:\Program Files\WinRAR\WinRAR.exe 

C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX02.625\HijackThis.exe 

C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX20.250\HijackThis.exe 


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 

O2 - BHO: (no name) - {3DA79C82-2C67-42E9-BE4A-406BC596E1E5} - C:\WINDOWS\system32\iifdefEW.dll 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 

O2 - BHO: (no name) - {9160B539-1B91-409A-98BA-985C2349FEEB} - C:\WINDOWS\system32\cbXRLFYR.dll 

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe 

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE 

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start 

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe 

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 

O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe 

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe 

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe 

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe 

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" 

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" 

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup 

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start 

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions 

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 

O4 - HKLM\..\Run: [BMc3c3f8a7] Rundll32.exe "C:\WINDOWS\system32\rvqinwme.dll",s 

O4 - HKLM\..\Run: [c0f0cb3b] rundll32.exe "C:\WINDOWS\system32\puorinjy.dll",b 

O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart 

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized 

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') 

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') 

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 

O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe 

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL 

O20 - Winlogon Notify: cbXRLFYR - C:\WINDOWS\SYSTEM32\cbXRLFYR.dll 

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe 

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe 

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe 

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe 

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) 

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe 


-- 

End of file - 8514 bytes

(huber2t) #2

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj Otwórz notatnik i wklej do niego:

File::

C:\WINDOWS\system32\iifdefEW.dll

C:\WINDOWS\system32\cbXRLFYR.dll

C:\WINDOWS\system32\rvqinwme.dll

C:\WINDOWS\system32\puorinjy.dll

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl lub na http://wklej.org a w poście dajesz tylko link