Your Privacy is in danger na tapecie

Nightingale · 14 Wrzesień 2008 15:36

Witam. Ostatnio przez głupi przypadek ściągnęłam na kompa MicroAV i teraz mi robi demolkę: wyskakują okienka z rzekomym skanowaniem i ochroną kompa, których nie da się wyłączyć; na pulpicie pojawiła się czerwona tapeta (lub coś w tym stylu, bo dało się to wyłączyć krzyżykiem) a na niej było napisane “Your Privacy is in danger”, menadżera zadań nie daje się włączyć (pisze, że został wyłączony przed administratora), itd…

Ratunku! Jakim sposobem mogę usunąć to badziewie? (Dodam, że Kaspersky, skaner Onetu nie mogą go usunąć).

Z góry dziękuję za pomoc!

Venom22 · 14 Wrzesień 2008 16:31

Witam

Gruntowny skan programami : Spyware Doctor , Malwarebytes’Anti-Malware.

Linki :

http://www.pctools.com/mirror/sdstart.exe

http://www.download.com/Malwarebytes-An … 04572.html

Używasz jakiegoś antywirusa , firewall ?

Pozdrawiam.

huber2t · 14 Wrzesień 2008 16:49

Podaj log z Combofix

Nightingale · 14 Wrzesień 2008 18:22

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:19: VIRUS ALERT!, on 2008-09-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS.XP\System32\smss.exe

C:\WINDOWS.XP\system32\csrss.exe

C:\WINDOWS.XP\system32\winlogon.exe

C:\WINDOWS.XP\system32\services.exe

C:\WINDOWS.XP\system32\lsass.exe

C:\WINDOWS.XP\system32\svchost.exe

C:\WINDOWS.XP\System32\svchost.exe

C:\WINDOWS.XP\system32\svchost.exe

C:\WINDOWS.XP\system32\spoolsv.exe

C:\WINDOWS.XP\Explorer.EXE

C:\WINDOWS.XP\system32\RunDll32.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS.XP\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS.XP\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Documents and Settings\Kamilek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS.XP\System32\alg.exe

C:\Program Files\Winamp\winamp.exe

E:\Program Files\direfox\ArcaMicroScan\arcamicroscan.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

E:\Program Files\direfox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS.XP\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = s1.tanoth.pl?kid=dalimar,plimus.com,www.plimus.com,regnow.com,www.regnow.com,

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: QXK Olive - {CAD4711C-D8E5-4184-8745-51AC1F355659} - C:\WINDOWS.XP\vmgspntbbfg.dll

O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)

O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)

O3 - Toolbar: fqbewlna - {7976222E-DC29-45CD-87EA-9D2397B52D0E} - C:\WINDOWS.XP\fqbewlna.dll

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS.XP\system32\NeroCheck.exe

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”

O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS.XP\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe”

O4 - HKLM…\Run: [888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run

O4 - HKLM…\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe

O4 - HKLM…\Run: [iSTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS.XP\system32\ctfmon.exe

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Google Update] “C:\Documents and Settings\Kamilek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe” /c

O4 - HKCU…\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU…\Run: [888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run

O4 - HKCU…\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe

O4 - HKCU…\Run: [eMuleAutoStart] E:\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS.XP\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS.XP\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS.XP\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS.XP\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS.XP\privacy_danger\index.htm

–

o to chodzi??

Gutek · 14 Wrzesień 2008 21:50

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2

O2 - BHO: QXK Olive - {CAD4711C-D8E5-4184-8745-51AC1F355659} - C:\WINDOWS.XP\vmgspntbbfg.dll

O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)

O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)

O3 - Toolbar: fqbewlna - {7976222E-DC29-45CD-87EA-9D2397B52D0E} - C:\WINDOWS.XP\fqbewlna.dll

O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kamilek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

usuń wpisy HJT

Proszę pobrać i użyć Malwarebytes’ Anti-Malware

Wciskamy Skanuj , wybieramy dyski do skanowania i Rozpoczynamy skanowanie , na końcu wciskamy Usuń zaznaczone jak będą i Ok

Daj log z ComboFix