Problem z AVG

Witam!!!
Dzis zainstalowałem AVG Free Edition i zdarzyła sie prykra niespodzianka otóż, gdy zainstaluję AVG i definicje sie pobiara wszystkie to nie wiem czemu od razu po ich pobraniu sam komputer sie resetuje,ale jak sie uruchomi system, wloczy ikonka AVG to znowu restart, co jest grane??? daje loga z hijack this na wszelki wypadek:

Kod:: Logfile of HijackThis v1.99.1 Scan saved at 00:09:27, on 2006-09-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSSystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe C:Program FilesVIAudioiSBADeckADeck.exe C:Program FilesMessengermsmsgs.exe C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSSystem32svchost.exe C:Program FilesSpyCatcher 2006SpyCatcher.exe C:Documents and SettingsLewusPulpitHijackThis.exe C:Program FilesSpyCatcher 2006Scheduler daemon.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:Program FilesSpyCatcher 2006SCActiveBlock.dll O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:Program FilesMass DownloaderMDHELPER.DLL (file missing) O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe O4 - HKLM..Run: [AudioDeck] C:Program FilesVIAudioiSBADeckADeck.exe 1 O4 - HKLM..Run: [SpyCatcher Reminder] "C:Program FilesSpyCatcher 2006SpyCatcher.exe" reminder O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - Global Startup: SpyCatcher Protector.lnk = C:Program FilesSpyCatcher 2006Protector.exe O8 - Extra context menu item: &Block this popup - C:Program FilesF-SecureAnti-Spywarelockpopups.htm O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:Program FilesF-SecureAnti-Spywareieshield.dll (file missing) O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:Program FilesF-SecureAnti-Spywareieshield.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O20 - AppInit_DLLs: interceptor.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:PROGRA~1F-SecureBackWeb7681197ProgramSERVIC~1.EXE (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:Program FilesF-SecureAnti-Virusfsgk32st.exe (file missing) O23 - Service: F-Secure Network Request Broker - Unknown owner - C:Program FilesF-SecureCommonFNRB32.EXE (file missing) O23 - Service: fsbwsys - Unknown owner - C:Program FilesF-SecureBackWeb7681197programfsbwsys.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:Program FilesF-SecureFWESProgramfsdfwd.exe (file missing) O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:Program FilesF-SecureCommonFSMA32.EXE (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe O23 - Service: SysEnforce - Unknown owner - C:PROGRA~1TRISNA~1SSISYSENF~1.EXE (file missing)

Dark Master napisał(a):Witam!!!
C:Program FilesSpyCatcher 2006SpyCatcher.exe
C:Program FilesSpyCatcher 2006Scheduler daemon.exe
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:Program FilesSpyCatcher 2006SCActiveBlock.dll
O4 - HKLM..Run: [SpyCatcher Reminder] "C:Program FilesSpyCatcher 2006SpyCatcher.exe" reminder
O4 - Global Startup: SpyCatcher Protector.lnk = C:Program FilesSpyCatcher 2006Protector.exe

Czemu akurat ten program?? Nie dość, że mierne wyniki skanu, to jeszcze zła reputacja + konatkty z tworzycielem spyware

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

Zbędnik microsoftu usunąc

O20 - AppInit_DLLs: interceptor.dll

Ten wpis mnie nie pokoi. To trojan typu backdoor:/ Najprawdopoboniej dzięki spychatcherowi

Fixujesz w trybie awaryjnym(F8 podczs startu systemu). Inaczej nie da efektu. Usun plik interceptor.dll

Ale zanim zainstalowałem SpyCatchera, mialem problem z tym, moze dac log z silent runners???
A teraz zainstalowałem sobie Avast Professional + Spyware Terminator + SP 2.
Log z Silent Runners

Kod:: "Silent Runners.vbs", revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++} "Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu Sp. z oo"] "MSMSGS" = ""C:Program FilesMessengermsmsgs.exe" /background" [MS] HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++} "ATIPTA" = "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" ["ATI Technologies, Inc."] "AudioDeck" = "C:Program FilesVIAudioiSBADeckADeck.exe 1" ["VIA Technologies, Inc."] "avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [null data] "SpywareTerminator" = ""C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe"" ["Crawler.com"] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {0A87E45F-537A-40B4-B812-E2544C21A09F}(Default) = (no title provided) -> {HKLM...CLSID} = "SpywareBlock Class" InProcServer32(Default) = "C:Program FilesSpyCatcher 2006SCActiveBlock.dll" [file not found] {B930BA63-9E5A-11D3-A288-0000E80E2EDE}(Default) = (no title provided) -> {HKLM...CLSID} = "IECatcher Class" InProcServer32(Default) = "C:Program FilesMass DownloaderMDHELPER.DLL" [file not found] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" InProcServer32(Default) = "C:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] HKLMSystemCurrentControlSetControlSession Manager INFECTION WARNING! "BootExecute" = "autocheck autochk *" [file not found], [MS], [file not found] HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify INFECTION WARNING! AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers 7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"] avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers 7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState HKCUControl PanelDesktop "Wallpaper" = "C:Documents and SettingsLewusUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Enabled Screen Saver: --------------------- HKCUControl PanelDesktop "SCRNSAVE.EXE" = "C:WINDOWSSystem32logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%system32 svpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {300DB664-75B5-47C0-8B45-A44ACCF73C00} "ButtonText" = "IE Shield" "MenuText" = "IE Shield..." "CLSIDExtension" = "{0928F506-07E8-470c-979D-147C296D4879}" -> {HKLM...CLSID} = "F-Secure IE Shield COM button" InProcServer32(Default) = "C:Program FilesF-SecureAnti-Spywareieshield.dll" [file not found] {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSSystem32Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] HTTP SSL, HTTPFilter, "C:WINDOWSSystem32svchost.exe -k HTTPFilter" {"C:WINDOWSSystem32w3ssl.dll" [MS]} StarWind iSCSI Service, StarWindService, "C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe" ["Rocket Division Software"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 35 seconds, including 5 seconds for message boxes)

Widzę, że muszę się powtórzyć. Masz usunąć Spy Catchera !!!

EDIT:Silent czysty(oprócz wpisów spy chatchera

) usuń co pisałem i daj jeszce raz loga z Hijacka.

Prosze:D Usunąłem to co prosiłes i zamieszczam loga:)

Logfile of HijackThis v1.99.1
Scan saved at 15:13:59, on 2006-09-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesVIAudioiSBADeckADeck.exe
C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32wscntfy.exe
C:Documents and SettingsLewusPulpitHijackThis.exe
C:WINDOWSsystem32wuauclt.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:Program FilesMass DownloaderMDHELPER.DLL (file missing)
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [AudioDeck] C:Program FilesVIAudioiSBADeckADeck.exe 1
O4 - HKLM..Run: [SpywareTerminator] "C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe"
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:PROGRA~1F-SecureBackWeb7681197ProgramSERVIC~1.EXE (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:Program FilesF-SecureAnti-Virusfsgk32st.exe (file missing)
O23 - Service: F-Secure Network Request Broker - Unknown owner - C:Program FilesF-SecureCommonFNRB32.EXE (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:Program FilesF-SecureFWESProgramfsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:Program FilesF-SecureCommonFSMA32.EXE (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 - Service: SysEnforce - Unknown owner - C:PROGRA~1TRISNA~1SSISYSENF~1.EXE (file missing)

O4 - HKLM..Run: [SpywareTerminator] "C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe"

No nie znów fałszywiec

Widzę, że muszę doradzić program bo tak to ta zabawa się nigdy nie skończy.

Pest Patrol https://www.instalki.pl/download/progra ... i-spyware/

Ewido https://www.instalki.pl/download/progra ... i-spyware/

Co do tego wyżej to fixujesz w Hijacku i usuwasz pliki, jeśli coś ma odmowe dostepu to dajesz mi znać i potraktujemy to po mojemu.

Ostatnio edytowany przez pp3088, 05 Wrz 2007, 14:45, edytowano w sumie 1 raz

Prosze znowu oto log z hijack this:D Acha wywaliłem tego Spyware Terminator i zainstalowałem Avast Free PL tyko nie mam jakiegos dobrego antyszpiega, ty co bys mi polecił???

Logfile of HijackThis v1.99.1
Scan saved at 16:29:58, on 2006-09-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesVIAudioiSBADeckADeck.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wscntfy.exe
C:Documents and SettingsLewusPulpitHijackThis.exe
C:WINDOWSSystem32svchost.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [AudioDeck] C:Program FilesVIAudioiSBADeckADeck.exe 1
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:PROGRA~1F-SecureBackWeb7681197ProgramSERVIC~1.EXE (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:Program FilesF-SecureAnti-Virusfsgk32st.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:Program FilesF-SecureFWESProgramfsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:Program FilesF-SecureCommonFSMA32.EXE (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 - Service: SysEnforce - Unknown owner - C:PROGRA~1TRISNA~1SSISYSENF~1.EXE (file missing)

Pisałem w poprzednim poście

Problem z AVG

Regulamin forum

Problem z AVG

Re: Problem z AVG