Dodaj do ulubionych

spyware detected

IP: *.aster.pl / *.aster.pl 02.05.06, 00:00
Kto wie jak mozna wyrzucić syfa pt. spyware detected, który okupuje stronę
startową internetu jako www.safetydefender.com i którego nie mozna usunąć
programami antywirusowymi.
Obserwuj wątek
          • Gość: kalmar Re: spyware detected IP: *.aster.pl / *.aster.pl 02.05.06, 08:23
            Logfile of HijackThis v1.99.1
            Scan saved at 08:21:50, on 2006-05-02
            Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\SYSTEM32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
            C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
            C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Mouse\mouse32a.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Skype\Phone\Skype.exe
            C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
            C:\Program Files\YDP\YdpDict\Watch.exe
            C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
            C:\Program Files\Microsoft Office\Office\OSA.EXE
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\WINDOWS\system32\FreezeScreenSaver.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\DOCUME~1\MARIAN~1\USTAWI~1\Temp\Katalog tymczasowy 8 dla
            hijackthis.zip\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.onet.pl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
            us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.yahoo.com/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            c:\secure32.html
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32
            \hp6EC8.tmp
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
            files\google\googletoolbar2.dll
            O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
            atboottime
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
            \bin\jusched.exe
            O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\DS-3300X Wireless Optical
            Deskset\Keyboard\kbdap32a.EXE
            O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\DS-3300X Wireless
            Optical Deskset\Mouse\mouse32a.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [easyCALL] C:\Program Files\easyCALL\easyCALL.exe
            O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware
            Cleaner\SpywareCleaner.Exe" /boot
            O4 - HKCU\..\Run: [Skype] "C:\Program
            Files\Skype\Phone\Skype.exe" /nosplash /minimized
            O4 - HKCU\..\Run: [eFON] C:\Program Files\eFON\efon.exe
            O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop
            Weather\DesktopWeather.exe"
            O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!
            \WidgetEngine\YahooWidgetEngine.exe
            O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
            Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: Aktywacja Testera.lnk = C:\Program
            Files\YDP\YdpDict\Watch.exe
            O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft
            Office\Office\FINDFAST.EXE
            O4 - Global Startup: Uruchamianie pakietu Office.lnk = C:\Program
            Files\Microsoft Office\Office\OSA.EXE
            O8 - Extra context menu item: &Google Search - res://c:\program
            files\google\GoogleToolbar2.dll/cmsearch.html
            O8 - Extra context menu item: &Translate English Word - res://c:\program
            files\google\GoogleToolbar2.dll/cmwordtrans.html
            O8 - Extra context menu item: Backward Links - res://c:\program
            files\google\GoogleToolbar2.dll/cmbacklinks.html
            O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
            files\google\GoogleToolbar2.dll/cmcache.html
            O8 - Extra context menu item: Similar Pages - res://c:\program
            files\google\GoogleToolbar2.dll/cmsimilar.html
            O8 - Extra context menu item: Translate Page into English - res://c:\program
            files\google\GoogleToolbar2.dll/cmtrans.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
            O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
            file)
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
            C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
            00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
            skaner.mks.com.pl/SkanerOnline.cab
            O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashMaiSv.exe" /service (file missing)
            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashWebSv.exe" /service (file missing)
            O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32
            \FreezeScreenSaver.exe
            O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner -
            C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
            O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology
            by Sony DADC (UserAccess) - Unknown owner - C:\Program Files\Common
            Files\YDP\UserAccessManager\useraccess.exe

            • Gość: k Re: spyware detected IP: *.warszawa.sdi.tpnet.pl 02.05.06, 13:58
              Uzyj tego:
              siri.urz.free.fr/Fix/SmitfraudFix_En.php
              Raport z usuwania wklej na forum.

              Do tego skan tym:
              download.ewido.net/ewido-setup.exe

              Masz tez zepsuta jave, wiec przeinstaluj.

              Usun w hijackthis:
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
              us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*www.yahoo.com/ext/search/
              search.html
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.yahoo.com/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
              c:\secure32.html <- usun plik
              O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32
              \hp6EC8.tmp
              O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
              \bin\jusched.exe
              O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware
              Cleaner\SpywareCleaner.Exe" /boot <- odinstaluj i usun katalog.
              O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft
              Office\Office\FINDFAST.EXE <- usun skrot z autostartu.
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
              C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
              00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
              O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
              file)

              Usluga do kasacji:
              O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32
              \FreezeScreenSaver.exe <- plik usun.
              • Gość: kalmar Re: spyware detected IP: *.aster.pl / *.aster.pl 02.05.06, 21:01
                Zgodnie z zaleceniem przesyłam raport ze SmitFrauda. Wszystkie pozostałe
                zalecenia spełniłem i rzeczywiście zniknął mi ten safetydefender, ale po kilku
                wejsciach na internet, znów się pojawił, jak zalogowałem w adresie oneta, mimo,
                że już czujnie na stronę startową wstawiłem blanc. Jest to jakiś chamski
                natręt...

                SmitFraudFix v2.37

                Scan done at 20:46:41,82, 2006-05-02
                Run from C:\Documents and Settings\..............\Ustawienia lokalne\Temporary
                Internet Files\Content.IE5\E3Y7UDQZ\SmitfraudFix[1]\SmitfraudFix
                OS: Microsoft Windows XP [Wersja 5.1.2600]

                »»»»»»»»»»»»»»»»»»»»»»»» C:\


                »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


                »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


                »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


                »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

                C:\WINDOWS\system32\simpole.tlb FOUND !
                C:\WINDOWS\system32\stdole3.tlb FOUND !
                C:\WINDOWS\system32\ts.ico FOUND !
                C:\WINDOWS\system32\1024\ FOUND !

                »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marian Kalwary\Application
                Data


                »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


                »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARIAN~1\Ulubione


                »»»»»»»»»»»»»»»»»»»»»»»» Desktop


                »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


                »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


                »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

                [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
                "Source"="fzp.jewish.org.pl/images/tapety/11mini.jpg"
                "SubscribedURL"="fzp.jewish.org.pl/images/tapety/11mini.jpg"
                "FriendlyName"=""

                [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
                "Source"="www.wwf.org.uk/support/graphics/Zhuxiong.jpg"
                "SubscribedURL"="www.wwf.org.uk/support/graphics/Zhuxiong.jpg"
                "FriendlyName"=""
                [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
                "Source"="tapety.dziecionline.pl/data/thumbnails/79/003.jpg"
                "SubscribedURL"="tapety.dziecionline.pl/data/thumbnails/79/003.jpg"
                "FriendlyName"=""

                »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
                !!! Attention, follow keys are not inevitably infected !!!

                SrchSTS.exe by S!Ri
                Search SharedTaskScheduler's .dll

                »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


                »»»»»»»»»»»»»»»»»»»»»»»» End

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka