CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo hijack log and popupy

hijack log and popupy

od pewnego czasdu mam problem z wyskakujacymi dodatkowymi stronkami kiedy np wchodze na onet.pl czy gdziekolwiek!!
mianowicie otwierajam i sie stronki jedna jakas erotycznajedna o czyms tam...dosyc to uciazliwe!!

niewiem gdzie szukac rozwiazania i co skasowac!!
ewentualnie jakiego programu uzyc!!

skanowalem nortonem z najnowszymi bazami,spybotem,Spy Sweeperem,SpyCatcherem itp...

dalej to samo!!!

zalaczam loga z hijacka...

Logfile of HijackThis v1.97.7
Scan saved at 17:57:26, on 2004–11–05
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:PROGRA~1NORTON~1NORTON~2GHOSTS~2.EXE
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32wdfmgr.exe
C:WINDOWSsystem32oneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1ONELA~1ONEAL~1zlclient.exe
C:Program FilesDU MeterDUMeter.exe
C:Program FilesAlcatelSpeedTouch USBDragdiag.exe
C:PROGRA~1WanadooTaskbarIcon.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesNorton SystemWorksNorton GhostGhostStartTrayApp.exe
C:Program FilesSpyCatcherDeleteSatellite.exe
C:Program FilesD–Toolsdaemon.exe
C:Program FilesWindows AdToolsWinAdTools.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:Program FilesWindows AdToolsWinRatchet.exe
C:Program FilesWanadooEspaceWanadoo.exe
C:Program FilesWanadooComComp.exe
C:Program FilesWanadooWatch.exe
C:WINDOWSSystem32wuauclt.exe
C:WINDOWSdhsvr.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesMicrosoft OfficeOffice10WINWORD.EXE
C:WINDOWSSystem32ctfmon.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:PROGRA~1NORTON~1NORTON~1 avw32.exe
C:Documents and SettingsstxPulpithijackHijackThis.exe

R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: (no name) – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O2 – BHO: (no name) – {D848A3CA–0BFB–4DE0–BA9E–A57F0CCA1C13} – C:WINDOWSdealhlpr.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [Zone Labs Client] C:PROGRA~1ONELA~1ONEAL~1zlclient.exe
O4 – HKLM..Run: [DU Meter] C:Program FilesDU MeterDUMeter.exe
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesAlcatelSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WanadooWatch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WanadooTaskbarIcon.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [ccRegVfy] "C:Program FilesCommon FilesSymantec SharedccRegVfy.exe"
O4 – HKLM..Run: [GhostStartTrayApp] C:Program FilesNorton SystemWorksNorton GhostGhostStartTrayApp.exe
O4 – HKLM..Run: [GhostSurfDelSatellite] "C:Program FilesSpyCatcherDeleteSatellite.exe"
O4 – HKLM..Run: [Windows AdTools] C:Program FilesWindows AdToolsWinAdTools.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeper.exe" /0
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKLM..RunOnce: [GhostSurfDelSatellite] "C:Program FilesSpyCatcherDeleteSatellite.exe" nowait
O4 – HKLM..RunOnce: [SpybotSnD] "C:Program FilesSpybot – Search & DestroySpybotSD.exe" /autocheck
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FE4BBEA8–1EFD–4B8A–BD1B–341CCDBEEAA6} (Dhsigned Control) – http://ads.dealhelper.com/updates/DealHelperNew.cab
O17 – HKLMSystemCCSServicesTcpip..{4E843BF8–18DC–4D05–8DAA–280BAAD8C9C7}: NameServer = 194.204.152.34 217.98.63.164

Odpowiedzi: 7

mistic, rozejrzyj sie po dysku i usun vbsys2.dll z C:WindowsSystem32 w trybie awaryjnym. Przeszukaj rowniez na obecnosc tego pliku rejestr i wyczysc jesli znajdziesz.
EL NINO
Dodano
06.11.2004 20:12:43
Albo slepy jestem abo w logu niczego nie ma

Wklep w wyszukiwarce w edytorze rejestru http://www.free6.se/ i jesli cos znajdzie wywal
Podobnie z innymi

Ponadto usun ale recznie Historie IE
Oraz Tempy z Ustawien lokalnych i %Windir%
Bobi
Dodano
06.11.2004 14:45:46
http://www.turbofind.com/scripts/engine_cttf.php?term=Online%20Gambling&hid=ce1ee40685fd3cadfc46&block=casino&aff=kallekula&o[]=Blackjack&o[]=Slots&o[]=Free%20Bonus&o[]=Free%20Casino&o[]=Internet%20Casino&o[]=Casino%20Online&o[]=Texas%20Holdem&o[]=Sportsbook


kolejna stronka ktora zaczela mi sie wyswietlac :(
mistic
Dodano
06.11.2004 13:49:07
wywalilem to co mowiliscie ale dalej wyskakuja mi jakis stronki przy kazdym otworzeniu przegladarki :(
nie mam pojecia juz jak z tym walczyc!!

adresy tych stronek co mi wyskakuja to:
http://www.free6.se/
http://www.1st–choice–ringtones.co.uk/ringtones/affiliate_view.asp?siteId=957
http://194.237.110.186/randomsites/pages/65.html




glownie te wyskakuje mi za kazdym razem...czasami jeszcze jakies!!

skanuje spywarami roznhymi,nortonem,mks online i nic!!




nie wiem juz co robic:(








Logfile of HijackThis v1.97.7
Scan saved at 12:26:12, on 2004–11–06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:PROGRA~1NORTON~1NORTON~2GHOSTS~2.EXE
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32wdfmgr.exe
C:WINDOWSsystem32oneLabsvsmon.exe
C:PROGRA~1ONELA~1ONEAL~1zlclient.exe
C:Program FilesAlcatelSpeedTouch USBDragdiag.exe
C:PROGRA~1WanadooTaskbarIcon.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesNorton SystemWorksNorton GhostGhostStartTrayApp.exe
C:Program FilesSpyCatcherDeleteSatellite.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesWanadooEspaceWanadoo.exe
C:Program FilesWanadooComComp.exe
C:Program FilesWanadooWatch.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSexplorer.exe
C:Program FilesDU MeterDUMeter.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsstxPulpithijackHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: (no name) – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [Zone Labs Client] C:PROGRA~1ONELA~1ONEAL~1zlclient.exe
O4 – HKLM..Run: [DU Meter] C:Program FilesDU MeterDUMeter.exe
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesAlcatelSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WanadooWatch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WanadooTaskbarIcon.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [ccRegVfy] "C:Program FilesCommon FilesSymantec SharedccRegVfy.exe"
O4 – HKLM..Run: [GhostStartTrayApp] C:Program FilesNorton SystemWorksNorton GhostGhostStartTrayApp.exe
O4 – HKLM..Run: [GhostSurfDelSatellite] "C:Program FilesSpyCatcherDeleteSatellite.exe"
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeper.exe" /0
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKLM..RunOnce: [GhostSurfDelSatellite] "C:Program FilesSpyCatcherDeleteSatellite.exe" nowait
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{4E843BF8–18DC–4D05–8DAA–280BAAD8C9C7}: NameServer = 194.204.152.34 217.98.63.164

mistic
Dodano
06.11.2004 13:27:37
IMO gnoja (AdTools) mozna spod Dodaj/Usun wywalic
Bobi
Dodano
05.11.2004 21:37:59
Oprocz tego co podal Bobi, usun:


C:Program FilesWindows AdToolsWinAdTools.exe
C:Program FilesWindows AdToolsWinRatchet.exe
C:WINDOWSdhsvr.exe
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
O4 – HKLM..Run: [Windows AdTools] C:Program FilesWindows AdToolsWinAdTools.exe
O16 – DPF: {FE4BBEA8–1EFD–4B8A–BD1B–341CCDBEEAA6} (Dhsigned Control) – http://ads.dealhelper.com/updates/DealHelperNew.cab
EL NINO
Dodano
05.11.2004 21:23:48
Ukibluj proces i usun z dysku po uprzednim wyłaczeniu przywracania
dhsvr.exe
dealhlpr.dll

Napraw:
O2 – BHO: (no name) – {D848A3CA–0BFB–4DE0–BA9E–A57F0CCA1C13} – C:WINDOWSdealhlpr.dll

Włacz przywracanie
Bobi
Dodano
05.11.2004 20:11:24
mistic
Dodano:
05.11.2004 19:16:07
Komentarzy:
7
Strona 1 / 1