jak usunąć qooqlle?

Post30 sie 2011, 21:19

niestety OTL mi nie działa gdyż po kilku chwilach zawiesza się.
Dodaję skany zrobione za pomocą DDS-

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24
Run by Magda at 21:15:44 on 2011-08-30
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.qooqlle.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... bmod=TSEG;
uSearch Bar = hxxp://www.google.com/ie
mStart Page =
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... bmod=TSEG;
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Softonic-Polska Toolbar: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - c:\program files\softonic-polska\tbSoft.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Softonic-Polska Toolbar: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - c:\program files\softonic-polska\tbSoft.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_9993303B90FE6C1D.dll
BHO: Softonic-Polska Toolbar: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - c:\program files\softonic-polska\tbSoft.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Softonic-Polska Toolbar: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - c:\program files\softonic-polska\tbSoft.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Odkurzacz-MCD] c:\program files\odkurzacz\odk_mcd.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaReminder.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [csrs] %ALLUSERSPROFILE%\csrs.exe
mRun: [svhost] %COMMONPROGRAMFILES%\svhost.exe
mRun: [winloqon] %ALLUSERSPROFILE%\winloqon.exe
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - Dostępne tylko dla zarejestrowanych użytkowników
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - Dostępne tylko dla zarejestrowanych użytkowników
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 95.178.32.194 217.17.34.10
TCP: Interfaces\{0D5F24B0-55C6-4787-9169-E1456615CEA7} : DhcpNameServer = 95.178.32.194 217.17.34.10
TCP: Interfaces\{7E9F1EED-2A1F-4B7C-9C38-63948491891B} : DhcpNameServer = 10.0.0.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_9993303B90FE6C1D.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? GoogleDesktopManager-051210-111108;Menedľer Google Desktop 5.9.1005.12335
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Usuga Google Update (gupdatem)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? camsvc;TOSHIBA Web Camera Service
S? ConfigFree Service;ConfigFree Service
S? IntcHdmiAddService;Intel(R) High Definition Audio HDMI
S? PGEffect;Pangu effect driver
S? RTL8187B;Realtek RTL8187B bezprzewodowe 802.11b/g 54Mbps USB 2.0 karta sieciowa
S? RtlProt;Realtke RtlProt WLAN Utility Protocol Driver
S? SSPORT;SSPORT
S? TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO)
S? TMachInfo;TMachInfo
S? TOSHIBA eco Utility Service;TOSHIBA eco Utility Service
S? TOSHIBA HDD SSD Alert Service;Program TOSHIBA HDD SSD Alert Service
S? TPCHSrv;TPCH Service
S? TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver
.
=============== Created Last 30 ================
.
2011-08-30 10:35:03 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ea7d7b24-43f3-4941-853f-cdc371cdb482}\mpengine.dll
2011-08-25 08:26:10 -------- d-----w- c:\users\magda\appdata\roaming\ArcaVirMicroScan
2011-08-25 08:24:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-25 08:24:17 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 08:19:12 -------- d-----w- c:\users\magda\appdata\roaming\Malwarebytes
2011-08-25 08:13:25 -------- d-----w- c:\programdata\Malwarebytes
2011-08-25 08:13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 21:28:00 -------- d-----w- c:\program files\ToniArts
2011-08-24 21:27:42 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2011-08-24 21:27:42 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2011-08-24 21:27:42 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2011-08-24 21:27:42 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2011-08-24 21:27:42 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2011-08-24 21:27:40 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2011-08-24 21:27:40 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2011-08-24 21:11:03 -------- d-----w- c:\program files\Odkurzacz
2011-08-24 21:04:48 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2011-08-24 21:01:49 -------- d-----w- c:\program files\RegCleaner
2011-08-21 19:19:54 -------- d-----w- c:\users\magda\appdata\local\searchplugins
2011-08-16 09:18:30 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-08-16 09:08:56 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-08-16 09:08:35 331776 --sha-r- c:\programdata\winloqon.exe
2011-08-16 09:08:32 6855168 --sha-r- c:\program files\common files\svhost.exe
2011-08-16 09:08:32 339968 --sha-r- c:\programdata\csrs.exe
2011-08-10 16:13:50 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
==================== Find3M ====================
.
2011-07-31 07:39:25 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-09 11:16:19 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-06-02 12:59:29 2042368 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:17:27,76 ===============

Attach.txt
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9 - Polish
Archiwizator WinRAR
avast! Free Antivirus
Combined Community Codec Pack 2010-10-10
EA Download Manager
EA.com Update
EasyCleaner
English Translator 3
Eusing Free Registry Cleaner
ffdshow v1.1.3964 [2011-08-06]
Freez FLV to AVI/MPEG/WMV Converter
Gadu-Gadu 10
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel? Matrix Storage Manager
ipla 2.3
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware wersja 1.51.1.1800
Microsoft .NET Framework 3.5 Language Pack SP1 - plk
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office PowerPoint Viewer 2007 (Polish)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (Polish) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Polish) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Odkurzacz 12.6
OpenOffice.org 3.2
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 ? PLK
Pakiet zgodności dla systemu Office 2007
PhotoFiltre
PhotoScape
Picasa 3
PlayReady PC runtime
Podreczniki TOSHIBA
PowerISO
Program TOSHIBA HDD/SSD Alert
Real Alternative 2.0.1
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Realtek WLAN Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Skype web features
Skype? 4.1
Softonic-Polska Toolbar
SPORE?
Sprzęt instalacyjny TOSHIBA
Synaptics Pointing Device Driver
Tomb Raider Legenda
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA Hasło administratora
Toshiba Online Product Information
TOSHIBA PC Health Monitor
TOSHIBA Recovery Disc Creator
TOSHIBA Recovery Disk Creator Reminder
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORDCLauncher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Utility Common Driver
VueScan
Windows Media Player Firefox Plugin
Xerox WorkCentre 3119 Series
.
==== End Of File ===========================

Post30 sie 2011, 22:13

"qooqle" nie usuniemy bez OTL, więc przynajmniej spróbujemy usunąć inną infekcję, widoczną w logach:
1) Do Notatnika wklej:

Kod: Zaznacz cały

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.pl/"

Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).

2) Ściągnij -->Dostępne tylko dla zarejestrowanych użytkowników.
wklej do niego ten tekst:

Kod: Zaznacz cały

Files to delete:
%ALLUSERSPROFILE%\csrs.exe
%COMMONPROGRAMFILES%\svhost.exe
%ALLUSERSPROFILE%\winloqon.exe

Registry values to delete: 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | csrs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | svhost
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | winloqon

Kliknij w "Execute" i zatwierdź restart komputera.
Zrestartuj komputer.
Daj Raport z Avengera z C:\avenger.txt.

3) Ściągnij >Dostępne tylko dla zarejestrowanych użytkowników i wciśnij w nim Clean
Pokaż raport z tego narzędzia.

4) Spróbuj zrobić logi z OTL w Trybie Awaryjnym (F8 przed startem Systemu).

F.