Witam wszystkich serdecznie,
jestem tu nowa i od razu zaczynam od problemu… Mam problem z czerwoną tapetą z napisem “your privacy is in danger” i co chwilę wyskakującymi okienkami. Były już takie tematy, ale są już chyba rzadko odwiedzane, więc zakładam nowy. Potraktowałam już system hijackiem i fixwareoutem. Czy ktos pomoże? Plisss… Oto rezultaty:
Hijack:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:17:50, on 2007-09-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.sgh.waw.pl:8080 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSVPS System - {ACD85107-9CF9-4C9E-B0B7-39940A0017C0} - C:\WINDOWS\nsduo.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOCAL SERVICE’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETWORK SERVICE’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &WordWeb… - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_73.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8023073562 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 8025004546 O21 - SSODL: msmhost - {F2711711-165D-4534-99CC-F32326618DF4} - C:\WINDOWS\msmhost.dll O21 - SSODL: msmdev - {88A16386-C263-4C2E-964A-1F8E83E8FFFA} - C:\WINDOWS\msmdev.dll O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O24 - Desktop Component 0: (no name) - http://www.zalogag.pl/repository/articl … rhands.jpg O24 - Desktop Component 1: (no name) - http://fw.dreamhosters.com/kt/tapety/ak … lxq2tn.jpg O24 - Desktop Component 2: (no name) - http://i.wp.pl/a/f/pjpeg/8761/armia_terakotowa11.jpg O24 - Desktop Component 3: (no name) - http://fw.dreamhosters.com/kt/tapety/ak … sb3s1h.jpg O24 - Desktop Component 4: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm – End of file - 8664 bytes
FixWareOut
Username “Karolina” - 2007-09-16 12:22:26 [Fixwareout edited 9/01/2007] ~Prerun check Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~ Postrun check HKLM\SOFTWARE~\Winlogon\ “System”="" … … ~Misc files. … ~ Checking for older varients. … C:\Program Files\VideoAccessCodec < Found Additional tools are recommended. ~Current runs (hklm hkcu “run” Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “TkBellExe”="“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" “AVP”="“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe”" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “Spyware Doctor”="“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q" … Hosts file was reset, If you use a custom hosts file please replace it… ~ End report ~~~~~
Proszę o pomoc co z tym zrobić,
i pozdrawiam,
Karolina
Leon1
(Leon$)
16 Wrzesień 2007 11:23
#2
Widzę że masz dwa antywirusy
powinnaś się tego drugiego pozbyć z dysku dodaj/usuń programy
tu masz narzędzie do pozbycia się Nortona http://forum.dobreprogramy.pl/viewtopic.php?t=75075&highlight=norton
potem daj nowy log HijackThis
Monczkin
(Monczkin)
16 Wrzesień 2007 11:32
#3
jessica
(jessica)
16 Wrzesień 2007 11:36
#4
Użyj -->SmitfraudFix .
Użyj go z opcji “Clean”, czyli wpisz 2 i naciśnij ENTER.
Po jego użyciu może zajść potrzeba ustawiania od nowa tapety (czyli prawoklik na ekranie>>właściwości, itd. )
Daj z niego raport z C:\SmitfraudFix.txt
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2 O2 - BHO: MSVPS System - {ACD85107-9CF9-4C9E-B0B7-39940A0017C0} - C:\WINDOWS\nsduo.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O21 - SSODL: msmhost - {F2711711-165D-4534-99CC-F32326618DF4} - C:\WINDOWS\msmhost.dll O21 - SSODL: msmdev - {88A16386-C263-4C2E-964A-1F8E83E8FFFA} - C:\WINDOWS\msmdev.dll O24 - Desktop Component 4: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Potem te w/w wpisy (jeśli jeszcze będą) sfiksuj w Hijacku:
>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked .
Potem daj tu:
raport z C:\SmitfraudFix.txt
log z Hijacka
log z ComboFix (na dole tej strony z linku) -
Log wklej na http://wklej.org/ , a w poście daj tylko link.(czyli skopiuj adres z paska adresów).
jessi
Trochę to zajęło, ale już mam:
Smitfraudfix:
SmitFraudFix v2.225 Scan done at 14:00:24,95, 2007-09-16 Run from C:\Documents and Settings\Karolina\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\main_uninstaller.exe Deleted C:\WINDOWS\msmdev.dll Deleted Deleting [HKEY_CLASSES_ROOT\CLSID{88A16386-C263-4C2E-964A-1F8E83E8FFFA}] Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID{88A16386-C263-4C2E-964A-1F8E83E8FFFA}] C:\WINDOWS\msmhost.dll Deleted Deleting [HKEY_CLASSES_ROOT\CLSID{F2711711-165D-4534-99CC-F32326618DF4}] C:\WINDOWS\nsduo.dll Deleted C:\WINDOWS\privacy_danger\ Deleted C:\DOCUME~1\Karolina\Desktop\Error Cleaner.url Deleted C:\DOCUME~1\Karolina\Desktop\Privacy Protector.url Deleted C:\DOCUME~1\Karolina\Desktop\Spyware?Malware Protection.url Deleted C:\DOCUME~1\Karolina\FAVORI~1\Error Cleaner.url Deleted C:\DOCUME~1\Karolina\FAVORI~1\Privacy Protector.url Deleted C:\Program Files\VideoAccessCodec\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: SURECOM EP-320X-R 100/10/M PCI Adapter - Packet Scheduler Miniport DNS Server Search Order: 10.101.255.254 HKLM\SYSTEM\CCS\Services\Tcpip…{6B60B05C-52AE-4B11-9D8C-A2585A5DF1CD}: DhcpNameServer=10.101.255.254 HKLM\SYSTEM\CS1\Services\Tcpip…{6B60B05C-52AE-4B11-9D8C-A2585A5DF1CD}: DhcpNameServer=10.101.255.254 HKLM\SYSTEM\CS3\Services\Tcpip…{6B60B05C-52AE-4B11-9D8C-A2585A5DF1CD}: DhcpNameServer=10.101.255.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.101.255.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.101.255.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.101.255.254 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End
Usunęłam i wszystko już ok:)
Jessi, dziękuję za pomoc. Jak dla mnie masz niesamowitą wiedzę. Zazdroszczę:)
Pozdrawiam serdecznie,
Karolina