Herman123
(Damian560)
3 Listopad 2005 20:33
#1
Mam problem otóż od kilku dni jest tak że gdy jestem podłączony do internetu ( mam neostrade) wyskakuje mi taka stronka : http://www.deal-pro.com/normal/yyy102.html wcześniej pojawiały mi sie jakieś dziwne skruty na pulpicie. Skanowałem : Trojan Removerem , Spy Cleanerem Gold i Spy Bot Search & Destroy.Skróty przestały sie pojawiać ale strona nadal wyskakuje. Co mam Zrobić ??
Prosze o pomoc…
detektyw
(Qbek50)
3 Listopad 2005 20:33
#2
system
(system)
4 Listopad 2005 13:59
#3
Logfile of HijackThis v1.99.1
Scan saved at 15:00:12, on 2005-11-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\explorer.exe
D:\Gry\Diablo II\D2GSSVC.exe
C:\WINDOWS.000\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS.000\SOUNDMAN.EXE
C:\WINDOWS.000\system32\nvraidservice.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS.000\phvbrrm.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\windows\sp2update00.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS.000\system32\wscntfy.exe
C:\WINDOWS.000\system32\wbem\unsecapp.exe
C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
C:\PROGRA~1\WANADOO\ComComp.exe
C:\PROGRA~1\WANADOO\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Siembor\Pulpit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00065.exe"
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O3 - Toolbar: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - D:\Gry\Cram Toolbar\untitled.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS.000\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS.000\system32\nvraidservice.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TMWVx] C:\WINDOWS.000\phvbrrm.exe
O4 - HKLM\..\Run: [TMWV÷h$vůőš/‚˛‘ĆßfC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS.000\phvbrrm.exe
O4 - HKLM\..\Run: [Áł# é"h'ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS.000\phvbrrm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.000\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.000\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045
O4 - HKLM\..\Run: [Á˛# é"h'ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS.000\phvbrrm.exe
O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00065.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D86A182-37E1-4D70-8BA8-559AF5939DD0}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D86A182-37E1-4D70-8BA8-559AF5939DD0}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - D:\Gry\Diablo II\D2GSSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.000\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
====================================
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.
Pozdrawiam kuz5
Gutek
(Gutek)
4 Listopad 2005 16:52
#4
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00065.exe” O3 - Toolbar: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - D:\Gry\Cram Toolbar\untitled.dll (file missing) O4 - HKLM…\Run: [TMWVx] C:\WINDOWS.000\phvbrrm.exe O4 - HKLM…\Run: [TMWV÷h$vůőš/‚˛‘ĆßfC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS.000\phvbrrm.exe O4 - HKLM…\Run: [Áł# é"h’ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS.000\phvbrrm.exe O4 - HKLM…\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM…\Run: [Á˛# é"h’ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS.000\phvbrrm.exe O4 - HKLM…\Run: [msresearch] C:\windows\msresearch.exe O4 - HKLM…\Run: [sp2update] C:\windows\sp2update00.exe O4 - HKLM…\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00065.exe” O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log
FxIstbar.exe. to naprawiacz do ISTbar
Wpis R3 nie usuwasz hijackiem tylko usuniesz Registrar Lite , opis masz TUTAJ