Wnerwiające reklamy


(Del15piero) #1

Zainstalował mi sie jakiś badziew i teraz co jakieś 5 minut wyskakuje mi jakaś rekamówka.

Spybot - Search & Destroy wykrył jakieś badziewie ale nie poradził sobie z jego usunięciem. Nie wiem co zrobić ciężko sie z tym uporać

Mój log

Logfile of HijackThis v1.98.2

Scan saved at 22:42:30, on 2005-02-12

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Windows AdStatus\WinStatKeep.exe

C:\Program Files\Win Comm\WinLock.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Windows AdStatus\WinStat.exe

C:\Program Files\Win Comm\WinComm.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\ADAMWI~1.002\USTAWI~1\Temp\Rar$EX00.610\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADAMWI~1.002\USTAWI~1\Temp\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe

O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe

O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADAMWI~1.002\USTAWI~1\Temp\se.dll,DllInstall

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe

O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm

O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O15 - Trusted Zone: *.windupdates.com

(Chees) #2

Do usuniecia w trybie awaryjnym"

C:\Program Files\Windows AdStatus\WinStatKeep.exe

C:\Program Files\Windows AdStatus\WinStat.exe

C:\Program Files\Win Comm\WinComm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADAMWI~1.002\USTAWI~1\Temp\se.dll/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O4 - HKLM..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dl

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dl

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O15 - Trusted Zone: *.windupdates.com

Ponowny skan nowym hijackiem. :slight_smile:


(boczi) #3
C:\Program Files\Windows AdStatus\WinStatKeep.exe

C:\Program Files\Win Comm\WinLock.exe

   	C:\Program Files\Windows AdStatus\WinStat.exe

   	C:\Program Files\Win Comm\WinComm.exe

   	R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADAMWI~1.002\USTAWI~1\Temp\se.dll/sp.html

   	O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 auto.search.msn.com

 	O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe

O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe

   	O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADAMWI~1.002\USTAWI~1\Temp\se.dll,DllInstall

O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.ex

O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe

   	O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

   	O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

   	O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

   	O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O15 - Trusted Zone: *.windupdates.com

Wywalasz to, najlepiej w trbie awaryjnym, potem skanujesz programami anty, podanymi w przyklejonych tematach


(Jablek 88) #4

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

tego nie kasuj w hajdżaku! !!


(boczi) #5

Racja, mój błąd:

Więcej info na http://www.searchengines.pl/phpbb203/in ... opic=12510


(Del15piero) #6

POusuwałem tak jak mówliście ale dalej one wyskakuja wśród nich jest reklama kasyna golden place


(Qbek50) #7

przeskanuj dysk :

Ad-Aware :

http://www.dobreprogramy.pl/index.php?dz=2&id=107&t=55

i SpyBotem S&D :

usuń syf 8)


(Del15piero) #8

SpyBotem S&D: nie moze tych wpisów http://img39.exs.cx/img39/9412/beztytuu0ud.jpg

usunąć nawet w trybie awaryjnym a nadal te relamy wystakują w nic nie można pobrać ani filmu spokojnie obejrzeć :frowning:


(boczi) #9

Użyj CWShredder.


(Del15piero) #10

Używałem tego i tez nic

Aktualny Log

Logfile of HijackThis v1.99.0

Scan saved at 23:39:32, on 2005-02-18

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Winamp\Winamp.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\PAVJOBS.EXE

C:\Program Files\AdTools Service\AdToolsKeep.exe

C:\Program Files\AdTools Service\AdTools.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\ADAMWI~1.002\USTAWI~1\Temp\Rar$EX00.969\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADAMWI~1.002\USTAWI~1\Temp\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm

O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xa.chm::/bridge-c46.cab

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

(Musg) #11

Dobrze .Podaj log z najnowszej wersji programu hijack

http://www.klitetools.com/MM/HijackThis.zip

i zaraz wszystko wyjasnie.Pozdrawiam.I nic nie rob ,dopoki odpowiedzi nie bedą sie pokrywały.


(boczi) #12

Nic nie wykryło? Czy nie mógł usunąć? Spróbuj najnowszą wersją 2.13! Ciężko będzie zneutralizować ten syf... Podam Ci trochę linków, które Ci powinny ułatwić...

CWS.BootConf

CWS.Loadbat

CWS.Msconfd

CWS.Oslogo

CWS.Tapicfg

CWS.xmlmimefilter