dottie5
(Czarnamaggi)
12 Maj 2006 22:20
#1
ratunku!
Norton wykrywa mi przy skanowaniu ErrorSafe ale nic z nim nie robi,o co chodzi??
czy ktos wie jak to wywalic,przyznam bez bicia ze sama go sobie bezmyslnie zaladowalam
ale co teraz?
zeby bylo ciekawiej-log z HijackThis wcale go nie pokazuje
Gutek
(Gutek)
12 Maj 2006 22:23
#2
Daj log z Silenta i hijacka
kuz5
(Kuz5)
12 Maj 2006 22:23
#3
Mogłeś kontynuować już ten temat
http://forum.dobreprogramy.pl/viewtopic … ht=#540852
Tym razem daruję
Poprostu to odinstaluj
Folder na czerwono usuń ręcznie
dottie5
(Czarnamaggi)
12 Maj 2006 22:30
#4
przepraszam i dziekuje za wyrozumialosc
myslalam ze lepiej zaczac nowy temat-szukalam na calym forum i nic nie znalazlam o tym cholerstwie wiec…
a jak mam to odinstalowac jak nie moge tego znalezc na kompie?
kuz5
(Kuz5)
12 Maj 2006 22:33
#5
A nie ma tego w Dodaj/Usuń ??
Zastosuj sie do rady gutka
Skan systemu:
Spybot Search & Destroy
Ewido
dottie5
(Czarnamaggi)
12 Maj 2006 23:06
#6
nie ma go w dodaj/usun
:shock:
no dobrze,to najswiezszy log z Hijacka:
Logfile of HijackThis v1.99.1 Scan saved at 22:57:22, on 12/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\PERFECT SERIES\MULTI-DIRECTION OPTICAL MOUSE\1.4\MOUSE32A.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [LaunchApp] Alaunch O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM…\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM…\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM…\Run: [PCMService] “C:\Program Files\Arcade\PCMService.exe” O4 - HKLM…\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM…\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM…\Run: [LWBMOUSE] C:\Program Files\PERFECT SERIES\MULTI-DIRECTION OPTICAL MOUSE\1.4\MOUSE32A.EXE O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM…\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKLM…\Run: [spySweeper] “C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /startintray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: LG SyncManager.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
a to z silent runners:
"
Silent Runners.vbs", revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “LaunchApp” = “Alaunch” [“Acer Inc.”] “SynTPLpr” = “C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [“Synaptics, Inc.”] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “AGRSMMSG” = “AGRSMMSG.exe” [“Agere Systems”] “SiSPower” = “Rundll32.exe SiSPower.dll,ModeAgent” [MS] “SiS Windows KeyHook” = “C:\WINDOWS\system32\keyhook.exe” [“Silicon Integrated Systems Corporation”] “IMJPMIG8.1” = ““C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32” [MS] “MSPY2002” = “C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC” [null data] “PCMService” = ““C:\Program Files\Arcade\PCMService.exe”” [“CyberLink Corp.”] “LManager” = “C:\Program Files\Launch Manager\QtZgAcer.EXE” [“Dritek System Inc.”] “eRecoveryService” = “C:\Windows\System32\Check.exe” [“acer Inc.”] “LWBMOUSE” = “C:\Program Files\PERFECT SERIES\MULTI-DIRECTION OPTICAL MOUSE\1.4\MOUSE32A.EXE” [empty string] “ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”] “BJCFD” = “C:\Program Files\BroadJump\Client Foundation\CFD.exe” [“BroadJump, Inc.”] “Motive SmartBridge” = “C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe” [“Motive Communications, Inc.”] “Symantec NetDriver Monitor” = “C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer” [“Symantec Corporation”] “Windows Defender” = ““C:\Program Files\Windows Defender\MSASCui.exe” -hide” [MS] “SpySweeper” = ““C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /startintray” [“Webroot Software, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = “NAV Helper” -> {HKLM…CLSID} = “CNavExtBho Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension” -> {HKLM…CLSID} = “Display Panning CPL Extension” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” = “Webroot Spy Sweeper Context Menu Integration” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll” [“Webroot Software, Inc.”] “{CCA60260-A2C9-11D2-BA62-0020188191B2}” = “Registrar Registry Manager SHell Extension” -> {HKLM…CLSID} = “Registrar Registry Manager SHell Extension” \InProcServer32(Default) = “rrShellX.dll” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook” -> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook” \InProcServer32(Default) = “C:\PROGRA~1\WINDOW~4\MpShHook.dll” [MS] INFECTION WARNING! “{54D9498B-CF93-414F-8984-8CE7FDE0D391}” = “ewido shell guard” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\shellhook.dll” ["TODO: "] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! “BootExecute” = “autocheck autochk * SsiEfr.e” [file not found], [MS], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! WRNotifier\DLLName = “WRLogonNTF.dll” [“Webroot Software, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ SpySweeper(Default) = “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll” [“Webroot Software, Inc.”] Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Meg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\AQUATI~2.SCR” (Aquatica 3.scr) [null data] Startup items in “Meg” & “All Users” startup folders: ----------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup “Utility Tray” -> shortcut to: “C:\WINDOWS\system32\sistray.exe” [“Silicon Integrated Systems Corporation”] “broadband medic” -> shortcut to: “C:\Program Files\ntl\broadband medic\bin\matcli.exe -boot” [“Motive Communications, Inc.”] “LG SyncManager” -> shortcut to: “C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe” [file not found] Enabled Scheduled Tasks: ------------------------ “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”] “Norton AntiVirus - Scan my computer - Meg” -> launches: “C:\PROGRA~1\NORTON~1\Navw32.exe /task:“C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca”” [“Symantec Corporation”] “MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” = “Norton AntiVirus” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ewido security suite control, ewido security suite control, “C:\Program Files\ewido anti-malware\ewidoctrl.exe” [“ewido networks”] Norton AntiVirus Auto-Protect Service, navapsvc, ““C:\Program Files\Norton AntiVirus\navapsvc.exe”” [“Symantec Corporation”] Norton AntiVirus Firewall Monitor Service, NPFMntor, ““C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe”” [“Symantec Corporation”] Notebook Manager Service, anbmService, “C:\Acer\eManager\anbmServ.exe” [“OSA Technologies Inc.”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Network Drivers Service, SNDSrvc, ““C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] Symantec SPBBCSvc, SPBBCSvc, ““C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe”” [“Symantec Corporation”] Webroot Spy Sweeper Engine, svcWRSSSDK, “C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe” [“Webroot Software, Inc.”] Windows Defender Service, WinDefend, ““C:\Program Files\Windows Defender\MsMpEng.exe”” [MS] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 9 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 8 seconds. ---------- (total run time: 128 seconds)
Bieniol
(Bbieniol)
12 Maj 2006 23:20
#7
W logach również go nie widać :roll:
Czy po skanie EWIDO nadal wykrywa? Wrzuć raport z EWIDO
kuz5
(Kuz5)
12 Maj 2006 23:25
#8
Zastosowałeś się do tej porady, ewido powinien go wykryć:
Wyczyść katalog TEMP
Start=>Uruchom=>%temp%=>I usuń wszystko co sie tam znajduje
A jaka jest lokalizacja syfu
Użyj jeszcze narzędzia VundoFix
Zobacz Remove Rogue.ErrorSafe - Download Prevx1
http://virusinfo.prevx.com/viruscenter. … 4785000015
Dodatkowo zobacz:
http://www.remove-errorsafe.org/
dottie5
(Czarnamaggi)
13 Maj 2006 00:30
#9
woww!!
dzieki :lol:
poprobuje wszystkiego,ewido juz wrzucilam i wykryl tylko 7 niegroznych cookies a W Nortonie pokazuje sie cos takiego po skonczonym skanowaniu:
“additional non-viral threats remain” i odsyla mnie na strone internetowa
o wlasnie taka:
http://securityresponse.symantec.com/av … risks.html (i nic wiecej nie moge zrobic-moge tylko zakonczyc caly proces a w szczegolach pokazuje ze to ten errorsafe i ze nazwa pliku to setup.exe)
tylko ze nie dosc ze sie na tym nie znam to jeszcze po angielsku zrozumialam tylko ze sie nie zalicza do wirusow i musze miec cos tam extra w Nortonie zeby go usunac,tak?
na stronke wysyla mnie sam Norton wiec chyba moge ja tu podac??
Gutek
(Gutek)
13 Maj 2006 07:28
#10
podal lokalizację tego pliku
Co do listy na stronie(securityresponse.symantec.com ) pokazuje ona progrmy zakłócające pracę scanera - bardzo luźne tłumaczenie - bo mowa o kategoriach
dottie5
(Czarnamaggi)
13 Maj 2006 23:07
#11
sorki ze sie tak pozno znowu odzywam ale poniewaz wszystko jest dla mnie nowe to zabiera mi to mnostwo czasu
a wiec zrobilam scan ewido-wykrywa tylko jakies 3 cookies a przed chwila zrobilam scan spybotem i znalazl oprocz errorsafe kilka innych na czerwono no to usunelam
ale!
a lokalizacja to (prawdopodobnie-znaczy to znalazlam w szczegolach wynikow Nortona):
The file C:\Documents and Settings\Meg\Local Settings\Temp\NI.UERS_0001_N76M1904\setup.exe is a Security risk
threat
jestem az tak glupia czy co?
aha-wczoraj wyczyscilam zupelnie folder TEMP…
help
Gutek
(Gutek)
13 Maj 2006 23:16
#12
Startujesz do trybu awaryjnego z obsługą linii komend:
Start >>> Uruchom >>> cmd
Wpisz komendy, każdą potwierdż za pomocą ENTER:
RD /S /Q "C:\Documents and settings\Nazwa twojego konta\Ustawienia lokalne\Temp"
RD /S /Q "C:\Documents and settings\Nazwa twojego konta\Ustawienia lokalne\Temporary internet files"
dottie5
(Czarnamaggi)
13 Maj 2006 23:33
#13
no nie moge,chyba sie zaraz utopie,znowu cos sie dzieje czy to podpucha?
jak uruchamiam kompa wyskakuje mi na pasku czerwona tarcza a jak na nia klikam to pokazuje komunikat z windows security center ze moj antywir nie dziala bo jest wylaczony
a na pasku niby jest aktywny i jak sprawdzam w control panel to w komunikacie windows security center wszystko mam “on”
czy to mozliwe ze skasowalam jakis potrzebny plik w spybocie S&D,ale nie sadze bo ta tarcza pokazywala mi sie juz wczesniej ale nie chciala sie otworzyc i znikala za jakis czas,a spybot wykryl mi i skasowal cos takiego:
windows Security Center.AntiVirusDisabled
jak widzicie jestem bardziej zielona niz sama myslalam…
Gutek
(Gutek)
13 Maj 2006 23:42
#14
Wyłącz Windows Security Center
Panel sterowania >>> Zapora>>> Wyłącz [niezalecane] albo lepiej
Panel sterowania >>>Centrum zabezpieczeń
Klikamy w Zmień sposób informowania mnie przez centrum zabezpieczeń i w nowym okienku usuwamy wszystkie ptaszki monitoringu
dottie5
(Czarnamaggi)
14 Maj 2006 00:04
#15
dobrze,wylacze 8)
ale czy ten moj Norton dziala w koncu czy nie? jak to sprawdzic i czy to nic groznego?
Bieniol
(Bbieniol)
14 Maj 2006 07:56
#16
Z tego co zauważyłem, to Nortom ma to do siebie, że komputer czysty widzi tylko wtedy, gdy jest wlączona automatyczna aktualizacja systemu Windows. Jeżeli jest ona wyłączona, to Norton uznaje to jako zagrożenie i ją włącza - dlatego jak ktos ma wyłączone i chce miec nadal wyłączone, to niestety trzeba to kontrolować
A dlaczego ma nie działać?