zbigi7
(Meus)
10 Sierpień 2006 09:54
#1
Co chwile wyskakuje mi takie okienko jak w temacie, a w nim reklamy - np. kursory, grafiki itp… Spy Boot i Ad adware mi tego nie wykrywa lub nie usówa, próbowałem też CCleaner.
Co dziwne to wyskakuje też w Mozilli Firefox!
Z góry dziękuję za pomoc.
adam9870
(adam9870)
10 Sierpień 2006 13:21
#2
Proszę wkleić na forum zestaw logów czyli HijackThis oraz SilentRunners . W nich będzie widać gdzie są śmieci i poradzi się w jaki sposób można je usunąć…
Tutaj jest opis jak wykonać i wkleić te logi:
http://forum.dobreprogramy.pl/viewtopic.php?t=36654
jeżeli podczas uruchamiania silenta będzie błąd to proszę podać jego dokładną treść.
zbigi7
(Meus)
13 Sierpień 2006 18:55
#3
Logfile of HijackThis v1.99.1
Scan saved at 20:44:06, on 2006-08-13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\System32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
I:\Program Files\WinFast\WFTVFM\WFWIZ.exe
I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
I:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\Program Files\Skype\Phone\Skype.exe
I:\Program Files\Gadu-Gadu\gg.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Mozilla Thunderbird\thunderbird.exe
I:\Program Files\Jyve\Jyve\Jyve.exe
I:\Program Files\OpenOffice.org 2.0.3\program\soffice.exe
I:\Program Files\OpenOffice.org 2.0.3\program\soffice.BIN
I:\WINDOWS\System32\devldr32.exe
I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
I:\Program Files\Norton AntiVirus\navapsvc.exe
I:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
I:\Program Files\WinFast\WFTVFM\WFTV.exe
I:\Program Files\Gadu-Gadu\gg.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Webroot\Spy Sweeper\SSU.EXE
I:\Program Files\eMule++\eMule.exe
I:\WINDOWS\System32\taskmgr.exe
J:\_My_Disc_2\Vilnet\Bezpieczenstwo\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.183.253/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - I:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - I:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [WinFast Schedule] "I:\Program Files\WinFast\WFTVFM\WFWIZ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySweeper] "I:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "I:\Program Files\Gadu-Gadu\StrongGG.exe" /tray
O4 - HKCU\..\Run: [Skype] "I:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EdHTML] "I:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe" /none
O4 - HKCU\..\Run: [Jyve] C:\Program Files\Jyve\Jyve\Jyve.exe
O4 - Startup: OpenOffice.org 2.0.3.lnk = I:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe
O4 - Startup: Mozilla Thunderbird.lnk = I:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Startup: Jyve.lnk = I:\Program Files\Jyve\Jyve\Jyve.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = I:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B77DA14-3D40-4272-AAC9-3EDEA1966CEB}: NameServer = 192.168.183.1
O20 - Winlogon Notify: WRNotifier - I:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - I:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - I:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - I:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Nie wiem jak odpalić “Silent Runners” gdyż otwiera mi się w EdHTML … co muszę zainstalować?
Złączono Posta : 14.08.2006 (Pon) 15:21
Spy Sweeper wykrywa mi go jednak nie potrafi go skutecznie usunąć.
Podaje link do opisu szkodnika:
http://research.spysweeper.com/search.p … Horse&rc=1
Proszęo pomoc!