Spyware?

IP: *.neoplus.adsl.tpnet.pl 17.12.08, 17:32
Witam. Przed chwilą, jak otwierałam jakąś stronę, wyświetliło mi się coś takiego :
ATTENTION! If your computer is struck by the spyware, you could suffer data
loss, erratic PC behaviour, PC freezes and creahes.

Detect and remove viruses before they damage your computer!
Antivirus 360 will perform a 100% FREE and quick scan of your computer for
Viruses, Spyware and Adware.

Do you want to install Antivirus 360 to scan your computer for malware now?
(Recommended)
Co to jest? Jakiś Antywirus360 wykrył obecność trojana i spyware... Nie mam
objaw, poza reklamami wyświetlanymi po włączeniu komputera i zamykanie
programu 'mnisit.exe', czy jakoś tak... Co to jest?
    • Gość: Prue555 Re: Spyware? IP: *.neoplus.adsl.tpnet.pl 17.12.08, 17:36
      a tu log z hijack:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:35:07, on 2008-12-17
      Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
      C:\Program Files\BearShare\BearShare.exe
      C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\WeFi\WeFi.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Oem\Pulpit\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      my.freeze.com/?AcquisitionID=80400f3e-d47b-4c4d-ad78-b126f033c977&s=&ipc=
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
      www.crawler.com/search/ie.aspx?tb_id=60327
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
      dnl.crawler.com/support/sa_customize.aspx?TbId=60327
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      www.crawler.com/search/ie.aspx?tb_id=60327
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      dnl.crawler.com/support/sa_customize.aspx?TbId=60327
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44CF-8957-5838F569A31D} -
      C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
      O2 - BHO: MyWebSearch Search Assistant BHO -
      {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program
      Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
      O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program
      Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
      O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} -
      C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
      O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program
      Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
      O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
      C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
      O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} -
      C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
      C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
      Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
      -atboottime
      O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
      O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32
      C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
      O4 - HKLM\..\Run: [My Web Search Bar] rundll32
      C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
      O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
      C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [MyWebSearch Email Plugin]
      C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [wefi] C:\Program Files\WeFi\WeFi.exe
      O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
      O8 - Extra context menu item: &Search -
      edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger -
      -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: SmartShopper - Compare product prices -
      {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program
      Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
      O9 - Extra button: SmartShopper - Compare travel rates -
      {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program
      Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
      C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
      {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{2F6F8181-8AD1-46C5-9DBC-69A2FDFEA019}:
      NameServer = 192.168.2.1
      O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com -
      C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
      C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Moj wymarzony chlopak Drivers Auto Removal (pr2arjjb) (pr2arjjb)
      - Cenega Poland Sp. z o.o. - C:\WINDOWS\system32\pr2arjjb.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) -
      Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

      --
      End of file - 6038 bytes
      • Gość: Kolobos Re: Spyware? IP: *.escom.net.pl 17.12.08, 17:45
        To falszywy program antywirusowy i niczego nie wykryl, co do logow to poczytaj podwieszony temat: forum.gazeta.pl/forum/72,2.html?f=430&w=76799955 jak juz chcesz dac jakis log to daj combofix.
Pełna wersja