Złośliwe reklamy

flacznik · 27 Sierpień 2012 15:56

Witam od kilku dni pojawiają mi się reklamy przy wizytach na stronach typu hotmail, facebook itp. Jest to uciążliwe gdyż są to reklamy ze stron dla doroslych, samotnych itp… zalaczam log z Hijackthis - jak coz zobaczycie dajcie znać jak to obrzydlistwo usunąć…

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:50:00, on 27/08/2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\Explorer.EXE C:\windows\system32\Dwm.exe C:\windows\system32\taskeng.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Samsung\SFB\SmartRestarter.exe C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe C:\windows\System32\rundll32.exe C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Boxore\BoxoreClient\boxore.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\windows\system32\wuauclt.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\PROGRA~1\samsung\SAMSUN~4\SUPNOT~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe C:\windows\system32\SearchFilterHost.exe C:\Users\Mine\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O4 - HKLM…\Run: [igfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM…\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM…\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM…\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe O4 - HKLM…\Run: [APLangApp] “C:\Program Files\AnyPC Client\APLangApp.exe” O4 - HKLM…\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM…\Run: [fsi] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe O4 - HKLM…\Run: [uCam_Menu] “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” UpdateWithCreateOnce “Software\CyberLink\YouCam\2.0” O4 - HKLM…\Run: [avast] “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui O4 - HKLM…\Run: [boxore Client] C:\Program Files\Boxore\BoxoreClient\boxore.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe” O4 - HKLM…\Run: [bCSSync] “C:\Program Files\Microsoft Office\Office14\BCSSync.exe” /DelayServices O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘SERVICE LOCAL’) O4 - HKUS\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘SERVICE LOCAL’) O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘SERVICE RÉSEAU’) O4 - HKUS\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘SERVICE RÉSEAU’) O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra ‘Tools’ menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Software Update Service (supdate) (supdate) - Boxore OU. - C:\Program Files\Software\Update\SoftwareUpdate.exe O23 - Service: wampapache - Apache Software Foundation - D:\PHP_DEVELOPPEMENT\wamp\bin\apache\apache2.2.22\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - D:\PHP_DEVELOPPEMENT\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe – End of file - 9442 bytes

Atis · 27 Sierpień 2012 16:18

Wszystkie logi na http://wklej.org/
OTL - Raport obowiązkowy:

analiza-dezynfekcja-zestaw-nieingerencyjnych-narzedzi-t485632.html#p3059741

flacznik · 27 Sierpień 2012 17:25

Log OTL : http://wklej.org/id/819605/

Thx

Acorus · 27 Sierpień 2012 18:04

Odinstaluj Spybot - Search && Destroy .Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL SRV - File not found [Auto | Running] – C:\Program Files\Spybot – (SBSDWSCService) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000…\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) [2012/08/19 11:04:56 | 000,000,000 | —D | C] – C:\Users\Mine\AppData\Local\Macromedia [2012/08/18 18:30:04 | 000,000,304 | ---- | M] () – C:\user.js :Commands [emptytemp]

Kliknij Wykonaj skrypt.

W OTL użyj opcji Sprzątanie.

.Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwarebytes.org/products/malwarebytes_free

Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW Malwarebytesa “Uruchom Malwarebytes, przejdź do zakładki Aktualizacja, Sprawdź aktualizacje.”

flacznik · 27 Sierpień 2012 19:26

OK, ale moim zdaniem SPY BOT nie ma tutaj nic do rzeczy, wręcz przeciwnie… zabezpiecza kompa :roll:

Acorus · 28 Sierpień 2012 07:48

Spybot - Search & Destroy to przestarzały program (nierównomierne i stosunkowo rzadkie dostarczanie aktualizacji, brak odpornej techniki montażowej, słaba skuteczność.

W tej chwili nowoczesne antywirusy zajmują sie spyware.