Spyware?


(Kuba88r) #1

Detected SPYware! System error #384

__________________________________________________________________________

Your IP address is XXXXXXXXXXXXXXX(to sam zmieniłem) Using this address a remote computer has gained anaccess to your computer and probably is collecting the information about the sites you've visited and the files contained in the folder Temporary Internet Files. Attention! Ask for help or install the software for deleting secret information about the sites you visited.

__________________________________________________________________________

Your computer is full of evidences!

ISP of transmission: XXXXXXXXXXXXXXXXXXXX

Your IP address: XXXXXXXXX

They know you're using: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.1.1394)

Your computer is: Windows XP

Risk status for further investigation: VERY HIGH RISK

To protect from the Spyware - click here

To prevent information transmission - click here

To delete the history of your activity, click here

CO TO JEST??????????????? !!


(Tomek Zamlynny) #2

sprawdz:

skaner MKS On Line

Spybot Search & Destroy

CWShredder

Ad-aware SE Personal

HijackThis

Panel sterowania=>> ekran=>> Pulpit=>> Dostosuj Pulpit=>> Siec Web gdzie usun wszystkie strony Sieci Web


(Kuba88r) #3
Logfile of HijackThis v1.99.1

Scan saved at 10:33:08, on 2005-10-31

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\paytime.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\paytime.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.3:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 127.0.0.4 www.vparivalka.com

O1 - Hosts: 127.0.0.4 iframeprofit.com

O1 - Hosts: 127.0.0.4 www.iframeprofit.com

O1 - Hosts: 127.0.0.4 topsearch10.com

O1 - Hosts: 127.0.0.4 www.topsearch10.com

O1 - Hosts: 127.0.0.4 statscash.biz

O1 - Hosts: 127.0.0.4 www.statscash.biz

O1 - Hosts: 127.0.0.4 vxiframe.biz

O1 - Hosts: 127.0.0.4 www.vxiframe.biz

O1 - Hosts: 127.0.0.4 crazy-toolbar.com

O1 - Hosts: 127.0.0.4 www.crazy-toolbar.com

O1 - Hosts: 127.0.0.4 topcash.biz

O1 - Hosts: 127.0.0.4 www.topcash.biz

O1 - Hosts: 127.0.0.4 loadcash.biz

O1 - Hosts: 127.0.0.4 www.loadcash.biz

O1 - Hosts: 127.0.0.4 txiframe.biz

O1 - Hosts: 127.0.0.4 www.txiframe.biz

O1 - Hosts: 127.0.0.4 procounter.biz

O1 - Hosts: 127.0.0.4 www.procounter.biz

O1 - Hosts: 127.0.0.4 advadmin.biz

O1 - Hosts: 127.0.0.4 www.advadmin.biz

O1 - Hosts: 127.0.0.4 trafficbest.net

O1 - Hosts: 127.0.0.4 www.trafficbest.net

O1 - Hosts: 127.0.0.4 besthvac.com

O1 - Hosts: 127.0.0.4 www.besthvac.com

O1 - Hosts: 127.0.0.4 traff4.com

O1 - Hosts: 127.0.0.4 www.traff4.com

O1 - Hosts: 127.0.0.4 ambush-script.com

O1 - Hosts: 127.0.0.4 www.ambush-script.com

O1 - Hosts: 127.0.0.4 beehappyy.biz

O1 - Hosts: 127.0.0.4 www.beehappyy.biz

O1 - Hosts: 127.0.0.4 tracktraff.cc

O1 - Hosts: 127.0.0.4 www.tracktraff.cc

O1 - Hosts: 127.0.0.4 allcount.net

O1 - Hosts: 127.0.0.4 www.allcount.net

O1 - Hosts: 127.0.0.4 onedayoffer.biz

O1 - Hosts: 127.0.0.4 www.onedayoffer.biz

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll

O2 - BHO: C:\WINDOWS\adsldpbc.dll - {52E51B5C-4711-4B05-9420-183ADBE4E25D} - C:\WINDOWS\adsldpbc.dll

O2 - BHO: C:\WINDOWS\q6750890.dll - {7A7E6D97-B492-4884-9ABB-C31281DCC4F2} - C:\WINDOWS\q6750890.dll

O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.0.0\WeatherOnTray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU\..\Run: [WITaj!] rem -- Anulowane uruchamianie programu WITaj! 2000

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00075.exe"

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.coolwebsearch.com

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_65.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B83D514-4A4E-486C-AF00-638517E244B1}: NameServer = 10.0.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{1B83D514-4A4E-486C-AF00-638517E244B1}: NameServer = 10.0.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{1B83D514-4A4E-486C-AF00-638517E244B1}: NameServer = 10.0.0.1

O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll

O20 - Winlogon Notify: style32 - C:\WINDOWS\q6750890.dll

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

(Kuz5) #4

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Pliki na czerwono usun ręcznie z dysku

Jeżeli wpis 015 będzie stawiać opór to usuń go narzędziem KillTrusted 0.7