Sytuacja jest taka ze odrazu przy wlaczeniu kompa pojawia sie komunikat , YOUR PC IS INFECTED’’ po czym instaluja sie adwary (samoczynnie) i sprawdzaja kompa. Znajduje bardzo duzo spywerow lecz nie moge usunac bo to jest wersja shareware. Oto log programu Adware oraz programu Hijack.
ADWARE
Logfile ofADWare Bazooka v160
Scan saved at 18:09:09, on 2006-02-23
Platform: Microsoft Windows XP Professional (Build 2600)
MSIE: Internet Explorer build 6.0.2800.1106
[Spyware] [Cookie] [microsofteup.112.2o7.net] [Spyware cookie - 2o7.net]
[Spyware] [Cookie] [toplist.cz] [Spyware cookie - toplist.cz]
[Spyware] [Cookie] [adblock.com] [Spyware cookie - adblock.com]
[Spyware] [Cookie] [cashtoolbar.com] [Spyware cookie - cashtoolbar.com]
[Spyware] [Cookie] [hitexchange.net] [Spyware cookie - hitexchange.net]
[Spyware] [Cookie] [112.2o7.net] [Spyware cookie - 2o7.net]
[Spyware] [Cookie] [2o7.net] [Spyware cookie - 2o7.net]
[Spyware] [Cookie] [2o7.net] [Spyware cookie - 2o7.net]
[Spyware] [Cookie] [888.com] [Spyware cookie - 888.com]
[Spyware] [Cookie] [888.com] [Spyware cookie - 888.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]
[Spyware] [Cookie] [adriver.ru] [Spyware cookie - adriver.ru]
[Spyware] [Cookie] [ads.ims.nl] [Spyware cookie - ims.nl]
[Spyware] [Cookie] [adultfriendfinder.com] [Spyware cookie - adultfriendfinder.com]
[Spyware] [Cookie] [adultfriendfinder.com] [Spyware cookie - adultfriendfinder.com]
[Spyware] [Cookie] [aebn.net] [Spyware cookie - aebn.net]
[Spyware] [Cookie] [aebn.net] [Spyware cookie - aebn.net]
[Spyware] [Cookie] [aebn.net] [Spyware cookie - aebn.net]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]
[Spyware] [Cookie] [cz11.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [cz11.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [cz3.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [cz3.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [cz8.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [cz8.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [cz9.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [cz9.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [cz9.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [cz9.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [cz9.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [directtrack.com] [Spyware cookie - directtrack.com]
[Spyware] [Cookie] [directtrack.com] [Spyware cookie - directtrack.com]
[Spyware] [Cookie] [fleshlight.com] [Spyware cookie - fleshlight.com]
[Spyware] [Cookie] [image.masterstats.com] [Spyware cookie - masterstats.com]
[Spyware] [Cookie] [ivwbox.de] [Spyware cookie - ivwbox.de]
[Spyware] [Cookie] [metacafe.122.2o7.net] [Spyware cookie - 2o7.net]
[Spyware] [Cookie] [microsofteup.112.2o7.net] [Spyware cookie - 2o7.net]
[Spyware] [Cookie] [moneyjunkey.directtrack.com] [Spyware cookie - directtrack.com]
[Spyware] [Cookie] [moneyjunkey.directtrack.com] [Spyware cookie - directtrack.com]
[Spyware] [Cookie] [msnportal.112.2o7.net] [Spyware cookie - 2o7.net]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]
[Spyware] [Cookie] [pch.122.2o7.net] [Spyware cookie - 2o7.net]
[Spyware] [Cookie] [priceline.com] [Spyware cookie - priceline.com]
[Spyware] [Cookie] [priceline.com] [Spyware cookie - priceline.com]
[Spyware] [Cookie] [rb4.worldsex.com] [Spyware cookie - sex.com]
[Spyware] [Cookie] [rn11.com] [Spyware cookie - rn11.com]
[Spyware] [Cookie] [rn11.com] [Spyware cookie - rn11.com]
[Spyware] [Cookie] [rn11.com] [Spyware cookie - rn11.com]
[Spyware] [Cookie] [rn11.com] [Spyware cookie - rn11.com]
[Spyware] [Cookie] [shareasale.com] [Spyware cookie - shareasale.com]
[Spyware] [Cookie] [shareasale.com] [Spyware cookie - shareasale.com]
[Spyware] [Cookie] [shareasale.com] [Spyware cookie - shareasale.com]
[Spyware] [Cookie] [shareasale.com] [Spyware cookie - shareasale.com]
[Spyware] [Cookie] [symantec.122.2o7.net] [Spyware cookie - 2o7.net]
[Spyware] [Cookie] [szukaj.wp.pl] [Spyware cookie - szukaj.wp.pl]
[Spyware] [Cookie] [template.aebn.net] [Spyware cookie - aebn.net]
[Spyware] [Cookie] [template.aebn.net] [Spyware cookie - aebn.net]
[Spyware] [Cookie] [toplist.cz] [Spyware cookie - toplist.cz]
[Spyware] [Cookie] [tradedoubler.com] [Spyware cookie - tradedoubler.com]
[Spyware] [Cookie] [tribalfusion.com] [Spyware cookie - tribalfusion.com]
[Spyware] [Cookie] [ultramercial.com] [Spyware cookie - ultramercial.com]
[Spyware] [Cookie] [vip.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [vip.clickzs.com] [Spyware cookie - clickzs.com]
[Spyware] [Cookie] [weatherbug.com] [Spyware cookie - weatherbug.com]
[Spyware] [Cookie] [weatherbug.com] [Spyware cookie - weatherbug.com]
[Spyware] [Cookie] [weatherbug.com] [Spyware cookie - weatherbug.com]
[Spyware] [Cookie] [web.lite.weatherbug.com] [Spyware cookie - weatherbug.com]
[Spyware] [Cookie] [web.lite.weatherbug.com] [Spyware cookie - weatherbug.com]
[Spyware] [Cookie] [web.lite.weatherbug.com] [Spyware cookie - weatherbug.com]
[Spyware] [Cookie] [web.lite.weatherbug.com] [Spyware cookie - weatherbug.com]
[Spyware] [Cookie] [web.lite.weatherbug.com] [Spyware cookie - weatherbug.com]
[Spyware] [Cookie] [webpower.com] [Spyware cookie - webpower.com]
[Spyware] [Cookie] [whatismyipaddress.com] [Spyware cookie - address.com]
[Spyware] [Cookie] [whatismyipaddress.com] [Spyware cookie - address.com]
[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]
[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]
[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]
[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]
[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]
[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]
[Spyware] [Cookie] [www.888.com] [Spyware cookie - 888.com]
[Spyware] [Cookie] [www.azoogleads.com] [Spyware cookie - eads.com]
[Spyware] [Cookie] [www.azoogleads.com] [Spyware cookie - eads.com]
[Spyware] [Cookie] [www.azoogleads.com] [Spyware cookie - eads.com]
[Spyware] [Cookie] [www.business.lbn.ru] [Spyware cookie - lbn.ru]
[Spyware] [Cookie] [www.fleshlight.com] [Spyware cookie - fleshlight.com]
[Spyware] [Cookie] [www.free-schoolgirls.com] [Spyware cookie - girls.com]
[Spyware] [Cookie] [www.free6.com] [Spyware cookie - free6.com]
[Spyware] [Cookie] [www.nmwebsearch.com] [Spyware cookie - websearch.com]
[Spyware] [Cookie] [www.whatismyipaddress.com] [Spyware cookie - address.com]
[Spyware] [Cookie] [www2.business.lbn.ru] [Spyware cookie - lbn.ru]
[Spyware] [Cookie] [xiti.com] [Spyware cookie - xiti.com]
[Spyware] [Cookie] [yadro.ru] [Spyware cookie - yadro.ru]
[Spyware] [Cookie] [z1.adserver.com] [Spyware cookie - adserver.com]
[Spyware] [Cookie] [z1.adserver.com] [Spyware cookie - adserver.com]
[Spyware] [Cookie] [zaydoun.freestats.com] [Spyware cookie - freestats.com]
[Spyware] [Cookie] [zaydoun.freestats.com] [Spyware cookie - freestats.com]
[Spyware] [Run HKLM] [SemanticInsight] [C]
[Spyware] [Run HKLM] [SpyFalcon] [C]
[Spyware] [Unknown Object] [MSCornet shortcut] [%Desktop%\Security Troubleshooting.url]
[Spyware] [Unknown Object] [MSCornet shortcut] [%UserMenu%\Security Troubleshooting.url]
HIjack
Logfile of HijackThis v1.99.1
Scan saved at 18:09:52, on 2006-02-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VamPirE\VamPirE.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\WeatherBug.exe
C:\Program Files\ADWareBazooka\ADWareBazooka_monitor.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\ADWareBazooka\adwarebazooka.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\daniel\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:\YDPDict\watch.exe
O1 - Hosts: server.fsgs.net servserv.westwood.com apiregister.westwood.com
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: 180search Toolbar - {93CECBB2-6B1B-448D-91B9-72604EF70105} - C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VamPirE] C:\Program Files\VamPirE\VamPirE.exe /tray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\AWS\WeatherBug\WeatherBug.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ADWare Bazooka] C:\Program Files\ADWareBazooka\ADWareBazooka.exe
O4 - HKCU\..\Run: [ADWare Bazooka Monitor] C:\Program Files\ADWareBazooka\ADWareBazooka_monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131237661593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131241381967
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c580.cab
O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} (CO2Player Class) - http://www.lemontv.pl/lmctrlp.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O21 - SSODL: DCDAABEB - {763B3FA0-4355-5A3A-2A74-4A370C092BF4} - C:\WINDOWS\System32\Anpmhakm.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe