Reklamiarz


(Patryk96 11 11) #1

Witam. Mam problem z wirusem "Reklamiarz". Avast go wykrył, ale nie może go usunąć. Prosiłbym o pomoc:)


(XMan) #2

Sprawdzałeś Malwarebytes Anti-Malware 1.51.2.1300

Pełne skanowanie?

Dr.WEB CureIt! 6.00.11.07112

Pełne skanowanie?

Nie pomoże to podaj odpowiednie wymagane logi z działu Bezpieczeństwo.


(Patryk96 11 11) #3

Ten wirus mi już tak wszedł, że nie mogę nic zainstalować, ani włączyć tego 2 skanera:(

-- Dodane 27.09.2011 (Wt) 19:48 --

Tutaj zrobiłem skan przez HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 19:42:33, on 2011-09-27

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18639)

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Gadu-Gadu 10\gg.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\BARTOSZ\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (file missing)

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

R3 - URLSearchHook: Hero Fighter Toolbar - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - C:\Program Files\Hero_Fighter\tbHero.dll (file missing)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,,"C:\Program Files\Przyspiesz Komputer\PCSpeedUpNotifier.exe"

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre1.dll (file missing)

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Hero Fighter Toolbar - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - C:\Program Files\Hero_Fighter\tbHero.dll (file missing)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdmcks.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (file missing)

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\BARTOSZ\AppData\Roaming\Nowe Gadu-Gadu_userdata\ggbho.1.dll (file missing)

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL

O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre1.dll (file missing)

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll

O3 - Toolbar: Hero Fighter Toolbar - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - C:\Program Files\Hero_Fighter\tbHero.dll (file missing)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (file missing)

O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU..\Run: [Google Update] "C:\Users\BARTOSZ\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe"

O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - Global Startup: 20Dollars2Surf.lnk = C:\Program Files\20Dollars2Surf\20dollars2surf.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\Poker Party\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\Poker Party\PartyPoker\RunApp.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O19 - User stylesheet: C:\Users\BARTOSZ\Documents\sledzik[1].css (file missing)

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PCSpeedUp Service (PCSpeedUpService) - Unknown owner - C:\Program Files\Przyspiesz Komputer\PCSpeedUpService.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


(krzych5610) #4

Pozostaje skan zewn:

wykonaj skan za pomocą Kaspersky Rescude Disk - http://www.dobreprogramy.pl/Kaspersky-R ... 12771.html

  1. Przygotuj płytę CD z nagranym Kaspersky Rescude Disk 10 - http://www.dobreprogramy.pl/Kaspersky-R ... 12771.html

Należy wykorzystać czysty komputer.

  1. Wyłącz przywracanie systemu na wszystkich partycjach : Start / Wszystkie programy / Akcesoria / Narzędzia systemowe / Przywracanie systemu.

  2. Uruchom komputer z nagraną płytą w nagrywarce CD/DVD. Potwierdź w czasie 9s chęć skanowania, wybierz język komunikacji ( polski ), potwierdzić znajomość przepisów - litania tekstu. Na dole w pasku jest litera A ( pokazać i Enter )

Wchodzimy w menu partycji. Jeżeli masz aktywne łącze internetowe stałe, możesz zrobić dodatkową aktualizację bazy skanera.

W ustawieniach odszukać pozycje zaawansowane i tryb heurystyki ustawić na max.

Uruchom proces skanowania. Skanować należy wszystkie partycje dysku.

Można też wykonać skan za pomocą VIPRE Rescude - http://live.sunbeltsoftware.com/


(Acorus) #5

otl-gmer-rsit-dss-inne-instrukcje-t370405.html