varn
(Varn)
26 Marzec 2008 22:27
#1
Witam
Na moim laptopie zaczęły wyświetlać się niechciane reklamy typu:
Kup program PC-Antispyware czy PC-Cleaner oraz komunikaty w polu Treya o spyware.
Korzystanie z internetu odbywa się wyraźnie wolniej. Ad-Aware wykrywa mi zagrożenia i je usuwam ale przy kolejnym uruchomieniu systemu one ponownie są wyświetlane. Czasem Ad-Aware zawiesza się i nie może dokończyć skanowania systemu. Użycie Spyware Terminator również nie przynosi zadowalających efektów.
W związku z tym proszę was o pomoc.
Mam już ściągnięte programy:
Look2Me-Destroyer, HijackThis,SDFix, SmitfraudFix
Mój log z HijackThis v2.0.2:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42:07, on 2008-03-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tools\Ad-aware\aawservice.exe C:\Program Files\Tools\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Tools\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Grafika\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\orqlofwd.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe C:\Program Files\Tools\DU Meter\DUMeter.exe C:\Program Files\Tools\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Tools\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Tools\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Internet\Ad Muncher\AdMunch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\MMTray.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\evvtvqrn.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Tools\DeskopEarth\DesktopEarth.exe C:\Program Files\Tools\Kalendarz XP\Kalendarz.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Tools\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\notepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo … TbId=61005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo … TbId=61005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.41.71.164:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\Grafika\FlipAlbum 6 Pro\FpLaunch.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing) O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM…\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” O4 - HKLM…\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM…\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM…\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM…\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM…\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM…\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM…\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM…\Run: [NexusServer] “C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe” -SelfLaunch O4 - HKLM…\Run: [ulead Quick-Drop] “C:\Program Files\Grafika\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe” WINDOWCALL O4 - HKLM…\Run: [DU Meter] C:\Program Files\Tools\DU Meter\DUMeter.exe O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Tools\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [Ad Muncher] “C:\Program Files\Internet\Ad Muncher\AdMunch.exe” /bt O4 - HKLM…\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM…\Run: [DMXLauncher] “C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe” O4 - HKLM…\Run: [MMTray] MMTray.exe O4 - HKLM…\Run: [spywareTerminator] “C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe” O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM…\Run: [evvtvqrn] C:\WINDOWS\system32\evvtvqrn.exe O4 - HKCU…\Run: [Komunikator] C:\Program Files\Internet\Tlen.pl\tlen.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKLM…\Policies\Explorer\Run: [raWK5w1QcE] C:\WINDOWS\orqlofwd.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DesktopEarth AutoStart.lnk = ? O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Tools\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_b … u_ie_frame O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_b … u_ie_image O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_b … nu_ie_link O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Don’t filter page with Ad Muncher - http://www.admuncher.com/request_will_b … ie_exclude O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_b … _ie_report O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol … _en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip…{AB2588C4-F351-40AD-AAA2-EA448E53FAA2}: NameServer = 89.101.160.4 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Tools\Ad-aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Tools\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Tools\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Tools\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Tools\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: Menedżer Google Desktop 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Grafika\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe – End of file - 15523 bytes
Pozdrawiam i proszę o pomoc.
huber2t
(huber2t)
12 Kwiecień 2008 06:23
#2
fix w hijackthis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.41.71.164:80 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing) O4 - HKLM…\Run: [evvtvqrn] C:\WINDOWS\system32\evvtvqrn.exe O4 - HKLM…\Policies\Explorer\Run: [raWK5w1QcE] C:\WINDOWS\orqlofwd.exe
Pobierz ComboFix , ale nie uruchamiaj
Wklej do notatnika:
File::
C:\WINDOWS\orqlofwd.exe
C:\WINDOWS\system32\evvtvqrn.exe
Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox