Dlaczego wywala mi tą strone?

Dla specjalistów Bezpieczeństwo
#1

Mam problem otóż od kilku dni jest tak że gdy jestem podłączony do internetu ( mam neostrade) wyskakuje mi taka stronka : http://www.deal-pro.com/normal/yyy102.html wcześniej pojawiały mi sie jakieś dziwne skruty na pulpicie. Skanowałem : Trojan Removerem , Spy Cleanerem Gold i Spy Bot Search & Destroy.Skróty przestały sie pojawiać ale strona nadal wyskakuje. Co mam Zrobić ??

Prosze o pomoc…

#2

wrzuc loga

http://forum.dobreprogramy.pl/viewtopic.php?t=36654 8)

#3 
Logfile of HijackThis v1.99.1

Scan saved at 15:00:12, on 2005-11-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS.000\System32\smss.exe

C:\WINDOWS.000\system32\winlogon.exe

C:\WINDOWS.000\system32\services.exe

C:\WINDOWS.000\system32\lsass.exe

C:\WINDOWS.000\system32\svchost.exe

C:\WINDOWS.000\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS.000\system32\spoolsv.exe

C:\WINDOWS.000\explorer.exe

D:\Gry\Diablo II\D2GSSVC.exe

C:\WINDOWS.000\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS.000\SOUNDMAN.EXE

C:\WINDOWS.000\system32\nvraidservice.exe

C:\PROGRA~1\WANADOO\TaskbarIcon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS.000\phvbrrm.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\SurfAccuracy\SAcc.exe

C:\windows\sp2update00.exe

C:\Program Files\ISTsvc\istsvc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Desktop Architect\datray.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\WINDOWS.000\system32\wscntfy.exe

C:\WINDOWS.000\system32\wbem\unsecapp.exe

C:\PROGRA~1\WANADOO\EspaceWanadoo.exe

C:\PROGRA~1\WANADOO\ComComp.exe

C:\PROGRA~1\WANADOO\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Siembor\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00065.exe"

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O3 - Toolbar: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - D:\Gry\Cram Toolbar\untitled.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS.000\system32\NVRTCLK\NVRTClk.exe

O4 - HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS.000\system32\nvraidservice.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [TMWVx] C:\WINDOWS.000\phvbrrm.exe

O4 - HKLM\..\Run: [TMWV÷h$vůőš/‚˛‘ĆßfC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS.000\phvbrrm.exe

O4 - HKLM\..\Run: [Áł# é"h'ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS.000\phvbrrm.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.000\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.000\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045

O4 - HKLM\..\Run: [Á˛# é"h'ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS.000\phvbrrm.exe

O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe

O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00065.exe"

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D86A182-37E1-4D70-8BA8-559AF5939DD0}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{1D86A182-37E1-4D70-8BA8-559AF5939DD0}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - D:\Gry\Diablo II\D2GSSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.000\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

#4

  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7

  4. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:

FxIstbar.exe. to naprawiacz do ISTbar

Wpis R3 nie usuwasz hijackiem tylko usuniesz Registrar Lite, opis masz TUTAJ