Adware:(pomocy


(Anuszka Jea) #1

mialam sobie program bearshare no i nabawilam sie adware'ow:(winAntiVirus pro2006 wykryl mi 4:/jakies Adware save_now:oto jego scan:

Scan Summary

Quick Scan run on 02/18/06 at 17:38:33

Total Time: 00 hours, 00 mins., 06 secs.

  • 0 memory locations scanned, 0 threats detected

  • 425 files scanned, 0 files infected

  • 64 registry locations checked, 4 threats detected

4 Spyware threats found

0 threats quarantined, 0 threats removed, 4 threats ignored

Details on Spyware Items

HKEY_CLASSES_ROOT\wusn.1 - Infected by WhenU.SaveNow - Ignored

Full path: HKEY_CLASSES_ROOT\wusn.1

HKEY_LOCAL_MACHINE\software\classes\typelib{905d0df2-3a0a-4d94-853c-54a12a745905} - Infected by BearShare - Ignored

Full path: HKEY_LOCAL_MACHINE\software\classes\typelib{905d0df2-3a0a-4d94-853c-54a12a745905}

HKEY_LOCAL_MACHINE\software\classes\clsid{9f95f736-0f62-4214-a4b4-caa6738d4c07} - Infected by Xtractor plus - Ignored

Full path: HKEY_LOCAL_MACHINE\software\classes\clsid{9f95f736-0f62-4214-a4b4-caa6738d4c07}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WUSN.1 - Infected by WhenUSearch Desktop Toolbar - Ignored

Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WUSN.1

a to jest moj log hijack

prosze o pomoc:/


(Gutek) #2

odinstaluj i uusń folder a wpisy hijakciem. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7


(Anuszka Jea) #3

ze mam odinstalowac winantivirus pro2006??czemu/??


(Gutek) #4

Bo to syf ze stajni WinFixer :mrgreen:


(Anuszka Jea) #5

oki:)usunelam syfa;]oto moj nowy log-czysty??:(zastanawia mnieO4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause poniewaz nie mam juz tego programu:/


(Wieliczka Marcin) #6

Jeżeli masz go odinstalowanego to ciachnij

Aaaaa… i code lub quote daje się w takich nawiasach" [] " =]

A tu o tym dokładniej :

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

Start >> Uruchom >>> msconfig w zakładce uruchamianie odznacz wpisy:

Start>>Wszystkie programy>>Autostart>>kasacja ppm

Start > Panel Sterowania > Java > Zakładka update > odznacz:Check for Updates Automatically > apply > ok.

Iii gdzie Service Pack ??


(Yogi Fazzi) #7

oprócz tego

start >>> Panel sterowania >>> Java >>> Update >>> odznacz Check for updates Automatically

i jeśli nie używasz Messengera

start >>> Panel sterowania >>> Dodaj i usuń programy >>> Dodaj/Usuń składniki systemu Windows i odznacz Windows Messenger


(Anuszka Jea) #8

zrobilam wszystko co bylo wskazane nie mam windows messenger tylko msn meneger:]chcialam dodac ze czasem kursor myszki mi sam sie przesuwa:/oto moj log

:p

Logfile of HijackThis v1.99.1

Scan saved at 19:58:25, on 2006-02-18

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Lexmark 5200 series\lxbtbmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\hijack\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe

O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

(Yogi Fazzi) #9

o to mi chodziło, jeśli go masz a nie używasz to zrób tak jak napisałem


(Gblade) #10

Log czysty.

Jeśli nie używasz messengera to:

Start>>>uruchom>>> i wklej to RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove i ok


(Anuszka Jea) #11

hehe wiem tylko nie mam takiego elementu jak windows messenger w +/- skladniki systemu_windows:)i go nie uzywam,tzn.log czysty juz??


(Gblade) #12

Tak log czysty.

Podałem solucje na usunięcie messengera:


(Anuszka Jea) #13

dziekowka piekowka:) :smiley:

Złączono Posta : 19.02.2006 (Nie) 13:49

niby log czysty ale panda wykrywa mi adware,oto jej raport:

Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWA6P_0001_N68M2301NetInstaller.exe

Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\PROGRAM FILES\COMMON FILES\WinAntiVirus Pro 2006

Adware:adware/savenow Not disinfected Windows Registry

Spyware:Cookie/adstat Not disinfected C:\Documents and Settings\Gość\Cookies\gość@ad.stat.4u[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Gość\Cookies\gość@ads.clickad.com[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Gość\Cookies\gość@advertising[1].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Gość\Cookies\gość@as-us.falkag[2].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Gość\Cookies\gość@casalemedia[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Gość\Cookies\gość@fastclick[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Gość\Cookies\gość@media.fastclick[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gość\Cookies\gość@realmedia[2].txt

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Gość\Cookies\gość@tradedoubler[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Gość\Cookies\gość@tribalfusion[1].txt

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Gość\Cookies\gość@yadro[1].txt

Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\niuśka\Cookies\niuśka@2o7[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\niuśka\Cookies\niuśka@belnk[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\niuśka\Cookies\niuśka@dist.belnk[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\niuśka\Cookies\niuśka@fastclick[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\niuśka\Cookies\niuśka@media.fastclick[1].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\niuśka\Cookies\niuśka@statcounter[2].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\niuśka\Cookies\niuśka@stats1.reliablestats[1].txt

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\niuśka\Cookies\niuśka@tradedoubler[2].txt

Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\niuśka\Dane aplikacji\Mozilla\Firefox\Profiles\s3ct0zcs.default\cookies.txt[]

Adware:Adware/ClockSync Not disinfected C:\Documents and Settings\niuśka\Ustawienia lokalne\Temp\VVSNInst.exe

Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll

Adware:Adware/SaveNow Not disinfected C:\WINDOWS\Temp\OLD163.tmp

Logfile of HijackThis v1.99.1

Scan saved at 13:49:12, on 2006-02-19

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe

C:\Program Files\Lexmark 5200 series\lxbtbmon.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

D:\hijack\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe

O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

(Kuz5) #14

Log jest czysty, a to co ci wykrywa panda to nic groźnego

Narzędzia=>Opcje internetowe=>Usuń pliki Cooke

Nie zapominaj obejmować logi tagami QUOTE lub CODE