"Advertisment - NSIS Media" - Jak usunąć?

zbigi7 · 10 Sierpień 2006 09:54

Co chwile wyskakuje mi takie okienko jak w temacie, a w nim reklamy - np. kursory, grafiki itp… Spy Boot i Ad adware mi tego nie wykrywa lub nie usówa, próbowałem też CCleaner.

Co dziwne to wyskakuje też w Mozilli Firefox!

Z góry dziękuję za pomoc.

adam9870 · 10 Sierpień 2006 13:21

Proszę wkleić na forum zestaw logów czyli HijackThis oraz SilentRunners. W nich będzie widać gdzie są śmieci i poradzi się w jaki sposób można je usunąć…

Tutaj jest opis jak wykonać i wkleić te logi:

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

jeżeli podczas uruchamiania silenta będzie błąd to proszę podać jego dokładną treść.

zbigi7 · 13 Sierpień 2006 18:55

Logfile of HijackThis v1.99.1

Scan saved at 20:44:06, on 2006-08-13

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

I:\WINDOWS\System32\smss.exe

I:\WINDOWS\system32\winlogon.exe

I:\WINDOWS\system32\services.exe

I:\WINDOWS\system32\lsass.exe

I:\WINDOWS\System32\Ati2evxx.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\System32\svchost.exe

I:\WINDOWS\system32\Ati2evxx.exe

I:\WINDOWS\Explorer.EXE

I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I:\Program Files\WinFast\WFTVFM\WFWIZ.exe

I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

I:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

I:\Program Files\Common Files\Symantec Shared\ccApp.exe

I:\Program Files\Skype\Phone\Skype.exe

I:\Program Files\Gadu-Gadu\gg.exe

I:\WINDOWS\system32\spoolsv.exe

I:\Program Files\Mozilla Thunderbird\thunderbird.exe

I:\Program Files\Jyve\Jyve\Jyve.exe

I:\Program Files\OpenOffice.org 2.0.3\program\soffice.exe

I:\Program Files\OpenOffice.org 2.0.3\program\soffice.BIN

I:\WINDOWS\System32\devldr32.exe

I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

I:\Program Files\Norton AntiVirus\navapsvc.exe

I:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

I:\Program Files\WinFast\WFTVFM\WFTV.exe

I:\Program Files\Gadu-Gadu\gg.exe

I:\Program Files\Mozilla Firefox\firefox.exe

I:\Program Files\Webroot\Spy Sweeper\SSU.EXE

I:\Program Files\eMule++\eMule.exe

I:\WINDOWS\System32\taskmgr.exe

J:\_My_Disc_2\Vilnet\Bezpieczenstwo\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.183.253/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - I:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - I:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - I:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [WinFast Schedule] "I:\Program Files\WinFast\WFTVFM\WFWIZ.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SpySweeper] "I:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [SSC_UserPrompt] "I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "I:\Program Files\Gadu-Gadu\StrongGG.exe" /tray

O4 - HKCU\..\Run: [Skype] "I:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EdHTML] "I:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe" /none

O4 - HKCU\..\Run: [Jyve] C:\Program Files\Jyve\Jyve\Jyve.exe

O4 - Startup: OpenOffice.org 2.0.3.lnk = I:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe

O4 - Startup: Mozilla Thunderbird.lnk = I:\Program Files\Mozilla Thunderbird\thunderbird.exe

O4 - Startup: Jyve.lnk = I:\Program Files\Jyve\Jyve\Jyve.exe

O4 - Global Startup: Spy Sweeper Fix.lnk = I:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6B77DA14-3D40-4272-AAC9-3EDEA1966CEB}: NameServer = 192.168.183.1

O20 - Winlogon Notify: WRNotifier - I:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - I:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - I:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - I:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Nie wiem jak odpalić “Silent Runners” gdyż otwiera mi się w EdHTML … co muszę zainstalować?

Złączono Posta : 14.08.2006 (Pon) 15:21

Spy Sweeper wykrywa mi go jednak nie potrafi go skutecznie usunąć.

Podaje link do opisu szkodnika:

http://research.spysweeper.com/search.p … Horse&rc=1

Proszęo pomoc!