Errorsafe

IP: *.internetdsl.tpnet.pl 02.05.07, 07:18
od kilku dni otwiera mi się strona (samodzielnie) z komunikatam,ze powinnam
pobrać plik ERRORSAFESwedishNewReleaseInstal. Chce on przeskanowac komputer,bo
rzekomo mam błędy w rejestrze. Kaspersky nie chce go puścić. Cy jest
bezpieczny i o co w tym chodzi?
    • Gość: @ Re: Errorsafe IP: *.chello.pl 02.05.07, 09:30
      No i dobrze że Kaspersky blokuje , bo Errorsafe to jest trojan.
      Zrób log i wklej na forum.
      Log z HijackThis
      • Gość: togoPogo Re: Errorsafe IP: *.internetdsl.tpnet.pl 02.05.07, 17:02
        Logfile of HijackThis v1.99.1
        Scan saved at 17:00:32, on 2007-05-02
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        D:\Nowy folder\avp.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\WgaTray.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\devldr32.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
        C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
        D:\Nowy folder\avp.exe
        C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
        D:\BitComet\BitComet.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
        C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\Milenium\Moje dokumenty\hijackthis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
        C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
        Office\Office12\GrooveMonitor.exe"
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
        C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
        Files\Java\jre1.5.0_11\bin\jusched.exe"
        O4 - HKLM\..\Run: [EPSON Stylus C45 Series]
        C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45
        Series" /O6 "USB001" /M "Stylus C45"
        O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Kopia 1)]
        C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P33 "EPSON Stylus C45
        Series (Kopia 1)" /O5 "LPT1:" /M "Stylus C45"
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common
        Files\Ahead\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [AVP] "D:\Nowy folder\avp.exe"
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program
        Files\Common Files\Ahead\lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [BitComet] "D:\BitComet\BitComet.exe"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [EPSON Stylus C45 Series]
        C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45
        Series" /M "Stylus C45" /EF "HKCU"
        O4 - HKCU\..\Run: [Aurh] "C:\PROGRA~1\SMANTE~1\mmc.exe" -vt yazb
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console -
        {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
        Files\Java\jre1.5.0_11\bin\ssv.dll
        O9 - Extra button: Statystyki ochrony WWW -
        {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Nowy folder\scieplugin.dll
        O9 - Extra button: Wyślij do programu OneNote -
        {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote -
        {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe (file missing)
        O9 - Extra 'Tools' menuitem: Windows Messenger -
        {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        (file missing)
        O17 - HKLM\System\CCS\Services\Tcpip\..\{CA22247F-26A0-4CFB-B7B0-E2CB80BA7D46}:
        NameServer = 194.204.152.34,192.204.159.1
        O17 - HKLM\System\CS1\Services\Tcpip\..\{CA22247F-26A0-4CFB-B7B0-E2CB80BA7D46}:
        NameServer = 194.204.152.34,192.204.159.1
        O17 - HKLM\System\CS2\Services\Tcpip\..\{CA22247F-26A0-4CFB-B7B0-E2CB80BA7D46}:
        NameServer = 194.204.152.34,192.204.159.1
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
        C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program
        Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
        C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
        C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
        C:\WINDOWS\system32\WPDShServiceObj.dll
        O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Nowy
        folder\avp.exe" -r (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
        - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service
        (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
        Files\LightScribe\LSSrvc.exe
        O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero
        BackItUp\NBService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\system32\nvsvc32.exe

        • Gość: Kolobos Re: Errorsafe IP: *.escom.net.pl 02.05.07, 17:25
          Co to jest:
          D:\Nowy folder\avp.exe
          D:\Nowy folder\avp.exe
          O4 - HKLM\..\Run: [AVP] "D:\Nowy folder\avp.exe"
          Jezeli jakis smiec to nalezy zamknac procesy w menadzerze zadan i usunac katalog z dysku.

          W hjt usun:
          O4 - HKCU\..\Run: [Aurh] "C:\PROGRA~1\SMANTE~1\mmc.exe" -vt yazb <- plik usun z dysku (lub nawet katalog, zaleznie od tego co w nim jest).
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\msmsgs.exe (file missing)
          O9 - Extra 'Tools' menuitem: Windows Messenger -
          {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          (file missing)

          Przeskanuj tez tym:
          www.superantispyware.com/downloads/SUPERAntiSpyware.exe
          www.kaspersky.com/service?chapter=161739400
          www.bitdefender.com/scan8/ie.html
          www.pandasoftware.com/activescan/com/activescan_principal.htm
          • Gość: hans hebron Re: Errorsafe IP: *.internetdsl.tpnet.pl 04.06.07, 14:31
            u mnie pomogl dopiero superantispyware
Pełna wersja