drailer nie drailer pomocy!!!!!
sprawa wyglada tak:gdy właczam obojetnie jaką strone to po chwili za kazdym razem wyskakuje mi srtonka z reklamą blokowania popupu gdy na nią wejde to pisze zebym zamówił u nich program do blokowania popupu
przeskanowalem system mks bps spyremoverem i nic nie wykryły jak to usunąc(oprócz właczenia swojej blokady popupu)
przeskanowalem system mks bps spyremoverem i nic nie wykryły jak to usunąc(oprócz właczenia swojej blokady popupu)
Odpowiedzi: 7
no juz po wszytskim: format i windowsik od nowa
nie mialem sily juz sie z tym bawić 8)
nie mialem sily juz sie z tym bawić 8)
cshreder nic nie znalazl ale wczoraj przeskanowalem kompa jeszcze ravemonline i znalazl trojana pup.exe usunelem go ale gdzies juz czytalem ze on jest trudny do usunięcia bo caly czas sie gdzies kopjuje i problem nadal pozostaje
i zobaczylem ze mam jakis proces którego chyba wczesniej nie mialem NetMonSV.exe ale nawet jak zakoncze ten proces to super reklama pojawia sie nadal
a tu macie z hijackthisa:
Logfile of HijackThis v1.97.7
Scan saved at 16:34:58, on 2004–06–01
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb05.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSTBPanel.exe
C:Program FilesMKSBinmks_mail.exe
C:PROGRA~1A4TechMouseAmoumain.exe
C:Program FilesMKSBinmks_menu.exe
C:Program FilesAutoUpdateAutoUpdate.exe
C:Program FilesWinampWinampa.exe
C:WINDOWSsystem32cisvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesWinampwinamp.exe
C:Program FilesMKSBinmks_scan.exe
C:Program FilesPanicwarePop–Up Stopperdpps2.exe
C:WINDOWSsystem32cidaemon.exe
G:Gadu–Gadugg.exe
C:WINDOWSExplorer.EXE
G:DupereleProgramyHijackThis.exe
C:WINDOWSSystem32 askmgr.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {0B90AA1B–F649–44C3–9FD3–736C332CBBCF} – C:WINDOWSSystem32IEENHA~1.DLL
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb05.exe
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [Gainward] C:WINDOWSTBPanel.exe /A
O4 – HKLM..Run: [myfastupdate] C:WINDOWSsystem32myfastupdate.exe
O4 – HKLM..Run: [MailScanner] C:Program FilesMKSBinmks_mail.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exe
O4 – HKLM..Run: [MSN Configuration Loader] Msmsncfg.exe
O4 – HKLM..Run: [NetWatcherPro] C:Program FilesNetWatcherProNetWatcherPro.exe
O4 – HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [Tau Monitor] C:PROGRA~1AgnitumTAUSCA~1.7 aumon.exe
O4 – HKLM..Run: [Adstartup] C:WINDOWSSystem32Adstartup.exe
O4 – HKLM..Run: [AutoUpdater] "C:Program FilesAutoUpdateAutoUpdate.exe"
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O4 – HKLM..Run: [AutoLoaderu0q51IMQLOPO] "C:WINDOWSSystem32pmskman.exe" /PC="AM.ALGX" /HideUninstall /HideDir
O4 – HKLM..Run: [Pop–Up Stopper] "C:PROGRA~1PANICW~1POP–UP~1dpps2.exe"
O4 – HKLM..Run: [THGuard] "C:Program FilesTrojanHunter 3.9THGuard.exe"
O4 – HKLM..RunServices: [MSN Configuration Loader] Msmsncfg.exe
O4 – HKCU..Run: [Security Updater] secupd.exe –nos
O4 – HKCU..Run: [EdHTML] C:Program FilesBinboyEdHTMLv5.0EdHTML.exe /none
O4 – Startup: PowerReg Scheduler.exe
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: Coches (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {2DBEFB64–B6C4–4A2C–BE6A–16FF065B99C6} (cuadruple Class) – http://www.dialerzona.com/cuadruple.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {54E7E082–1DA6–412E–96B5–C290FCEF5329} – http://install.serwis.pl/install2.exe
O16 – DPF: {5F426A93–0821–47D2–A126–5A48A874B289} (DialerWeb Class) – http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 – DPF: {80DD2229–B8E4–4C77–B72F–F22972D723EA} (AvxScanOnline Control) – http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) – http://212.182.113.107/activex/AxisCamControl.ocx
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {9C691A33–7DDA–4C2F–BE4C–C176083F35CF} – http://www2.flingstone.com/cab/2000XP/ClickYesToContinue/bridge.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} (Update Class) – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38074.4001851852
O16 – DPF: {A3009861–330C–4E10–822B–39D16EC8829D} (CRAVOnline Object) – http://www.ravantivirus.com/scan/ravonline.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
raczej powoduje to trojan i pomimo właczonej blokady popupu ta reklama sie wyswietla :(
i zobaczylem ze mam jakis proces którego chyba wczesniej nie mialem NetMonSV.exe ale nawet jak zakoncze ten proces to super reklama pojawia sie nadal
a tu macie z hijackthisa:
Logfile of HijackThis v1.97.7
Scan saved at 16:34:58, on 2004–06–01
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb05.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSTBPanel.exe
C:Program FilesMKSBinmks_mail.exe
C:PROGRA~1A4TechMouseAmoumain.exe
C:Program FilesMKSBinmks_menu.exe
C:Program FilesAutoUpdateAutoUpdate.exe
C:Program FilesWinampWinampa.exe
C:WINDOWSsystem32cisvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesWinampwinamp.exe
C:Program FilesMKSBinmks_scan.exe
C:Program FilesPanicwarePop–Up Stopperdpps2.exe
C:WINDOWSsystem32cidaemon.exe
G:Gadu–Gadugg.exe
C:WINDOWSExplorer.EXE
G:DupereleProgramyHijackThis.exe
C:WINDOWSSystem32 askmgr.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {0B90AA1B–F649–44C3–9FD3–736C332CBBCF} – C:WINDOWSSystem32IEENHA~1.DLL
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb05.exe
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [Gainward] C:WINDOWSTBPanel.exe /A
O4 – HKLM..Run: [myfastupdate] C:WINDOWSsystem32myfastupdate.exe
O4 – HKLM..Run: [MailScanner] C:Program FilesMKSBinmks_mail.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exe
O4 – HKLM..Run: [MSN Configuration Loader] Msmsncfg.exe
O4 – HKLM..Run: [NetWatcherPro] C:Program FilesNetWatcherProNetWatcherPro.exe
O4 – HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [Tau Monitor] C:PROGRA~1AgnitumTAUSCA~1.7 aumon.exe
O4 – HKLM..Run: [Adstartup] C:WINDOWSSystem32Adstartup.exe
O4 – HKLM..Run: [AutoUpdater] "C:Program FilesAutoUpdateAutoUpdate.exe"
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O4 – HKLM..Run: [AutoLoaderu0q51IMQLOPO] "C:WINDOWSSystem32pmskman.exe" /PC="AM.ALGX" /HideUninstall /HideDir
O4 – HKLM..Run: [Pop–Up Stopper] "C:PROGRA~1PANICW~1POP–UP~1dpps2.exe"
O4 – HKLM..Run: [THGuard] "C:Program FilesTrojanHunter 3.9THGuard.exe"
O4 – HKLM..RunServices: [MSN Configuration Loader] Msmsncfg.exe
O4 – HKCU..Run: [Security Updater] secupd.exe –nos
O4 – HKCU..Run: [EdHTML] C:Program FilesBinboyEdHTMLv5.0EdHTML.exe /none
O4 – Startup: PowerReg Scheduler.exe
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: Coches (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {2DBEFB64–B6C4–4A2C–BE6A–16FF065B99C6} (cuadruple Class) – http://www.dialerzona.com/cuadruple.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {54E7E082–1DA6–412E–96B5–C290FCEF5329} – http://install.serwis.pl/install2.exe
O16 – DPF: {5F426A93–0821–47D2–A126–5A48A874B289} (DialerWeb Class) – http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 – DPF: {80DD2229–B8E4–4C77–B72F–F22972D723EA} (AvxScanOnline Control) – http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) – http://212.182.113.107/activex/AxisCamControl.ocx
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {9C691A33–7DDA–4C2F–BE4C–C176083F35CF} – http://www2.flingstone.com/cab/2000XP/ClickYesToContinue/bridge.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} (Update Class) – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38074.4001851852
O16 – DPF: {A3009861–330C–4E10–822B–39D16EC8829D} (CRAVOnline Object) – http://www.ravantivirus.com/scan/ravonline.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
raczej powoduje to trojan i pomimo właczonej blokady popupu ta reklama sie wyswietla :(
Sciagnij – http://www.spywareinfo.com/downloads/tools/CWShredder.exe uruchom, nacisnij klawisz fix all found problem a pozniej mozesz sciagnac Hijack This–a, przeskanowac i wkleic tutaj log wynikowy tego programu. Linka znajdziesz chocby w przyklejonym temacie o stronie startowej.
el ninio powiedz jasniej nie znam tego programu dosc dobrze
a jak by co to najczescie mi wyskakuje o taka stronka:
http://www.680180.net/ads/?VFJDSz0xMzA3
a jak by co to najczescie mi wyskakuje o taka stronka:
http://www.680180.net/ads/?VFJDSz0xMzA3
Potraktuj system CwShredderem.
nie pomogło chyba będe musial właczyc to blokowanie popupu 8) ale jesli ktos ma jkais pomysl jak sie tego pozbyc to czekam na sugestie
Ad–Aware6 tym sproboj.najpierw zaktualizuj i zrob skan ,powinno znalezc syfa :wink:
Strona 1 / 1