Dziwna sprawa


(Marszallek) #1

Sytuacja jest taka ze odrazu przy wlaczeniu kompa pojawia sie komunikat ,, YOUR PC IS INFECTED'' po czym instaluja sie adwary (samoczynnie) i sprawdzaja kompa. Znajduje bardzo duzo spywerow lecz nie moge usunac bo to jest wersja shareware. Oto log programu Adware oraz programu Hijack.

ADWARE

Logfile ofADWare Bazooka v160

Scan saved at 18:09:09, on 2006-02-23

Platform: Microsoft Windows XP Professional (Build 2600) 

MSIE: Internet Explorer build 6.0.2800.1106


[Spyware] [Cookie] [microsofteup.112.2o7.net] [Spyware cookie - 2o7.net]

[Spyware] [Cookie] [toplist.cz] [Spyware cookie - toplist.cz]

[Spyware] [Cookie] [adblock.com] [Spyware cookie - adblock.com]

[Spyware] [Cookie] [cashtoolbar.com] [Spyware cookie - cashtoolbar.com]

[Spyware] [Cookie] [hitexchange.net] [Spyware cookie - hitexchange.net]

[Spyware] [Cookie] [112.2o7.net] [Spyware cookie - 2o7.net]

[Spyware] [Cookie] [2o7.net] [Spyware cookie - 2o7.net]

[Spyware] [Cookie] [2o7.net] [Spyware cookie - 2o7.net]

[Spyware] [Cookie] [888.com] [Spyware cookie - 888.com]

[Spyware] [Cookie] [888.com] [Spyware cookie - 888.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [abetterinternet.com] [Spyware cookie - abetterinternet.com]

[Spyware] [Cookie] [adriver.ru] [Spyware cookie - adriver.ru]

[Spyware] [Cookie] [ads.ims.nl] [Spyware cookie - ims.nl]

[Spyware] [Cookie] [adultfriendfinder.com] [Spyware cookie - adultfriendfinder.com]

[Spyware] [Cookie] [adultfriendfinder.com] [Spyware cookie - adultfriendfinder.com]

[Spyware] [Cookie] [aebn.net] [Spyware cookie - aebn.net]

[Spyware] [Cookie] [aebn.net] [Spyware cookie - aebn.net]

[Spyware] [Cookie] [aebn.net] [Spyware cookie - aebn.net]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cliks.org] [Spyware cookie - cliks.org]

[Spyware] [Cookie] [cz11.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [cz11.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [cz3.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [cz3.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [cz8.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [cz8.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [cz9.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [cz9.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [cz9.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [cz9.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [cz9.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [directtrack.com] [Spyware cookie - directtrack.com]

[Spyware] [Cookie] [directtrack.com] [Spyware cookie - directtrack.com]

[Spyware] [Cookie] [fleshlight.com] [Spyware cookie - fleshlight.com]

[Spyware] [Cookie] [image.masterstats.com] [Spyware cookie - masterstats.com]

[Spyware] [Cookie] [ivwbox.de] [Spyware cookie - ivwbox.de]

[Spyware] [Cookie] [metacafe.122.2o7.net] [Spyware cookie - 2o7.net]

[Spyware] [Cookie] [microsofteup.112.2o7.net] [Spyware cookie - 2o7.net]

[Spyware] [Cookie] [moneyjunkey.directtrack.com] [Spyware cookie - directtrack.com]

[Spyware] [Cookie] [moneyjunkey.directtrack.com] [Spyware cookie - directtrack.com]

[Spyware] [Cookie] [msnportal.112.2o7.net] [Spyware cookie - 2o7.net]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [offeroptimizer.com] [Spyware cookie - offeroptimizer.com]

[Spyware] [Cookie] [pch.122.2o7.net] [Spyware cookie - 2o7.net]

[Spyware] [Cookie] [priceline.com] [Spyware cookie - priceline.com]

[Spyware] [Cookie] [priceline.com] [Spyware cookie - priceline.com]

[Spyware] [Cookie] [rb4.worldsex.com] [Spyware cookie - sex.com]

[Spyware] [Cookie] [rn11.com] [Spyware cookie - rn11.com]

[Spyware] [Cookie] [rn11.com] [Spyware cookie - rn11.com]

[Spyware] [Cookie] [rn11.com] [Spyware cookie - rn11.com]

[Spyware] [Cookie] [rn11.com] [Spyware cookie - rn11.com]

[Spyware] [Cookie] [shareasale.com] [Spyware cookie - shareasale.com]

[Spyware] [Cookie] [shareasale.com] [Spyware cookie - shareasale.com]

[Spyware] [Cookie] [shareasale.com] [Spyware cookie - shareasale.com]

[Spyware] [Cookie] [shareasale.com] [Spyware cookie - shareasale.com]

[Spyware] [Cookie] [symantec.122.2o7.net] [Spyware cookie - 2o7.net]

[Spyware] [Cookie] [szukaj.wp.pl] [Spyware cookie - szukaj.wp.pl]

[Spyware] [Cookie] [template.aebn.net] [Spyware cookie - aebn.net]

[Spyware] [Cookie] [template.aebn.net] [Spyware cookie - aebn.net]

[Spyware] [Cookie] [toplist.cz] [Spyware cookie - toplist.cz]

[Spyware] [Cookie] [tradedoubler.com] [Spyware cookie - tradedoubler.com]

[Spyware] [Cookie] [tribalfusion.com] [Spyware cookie - tribalfusion.com]

[Spyware] [Cookie] [ultramercial.com] [Spyware cookie - ultramercial.com]

[Spyware] [Cookie] [vip.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [vip.clickzs.com] [Spyware cookie - clickzs.com]

[Spyware] [Cookie] [weatherbug.com] [Spyware cookie - weatherbug.com]

[Spyware] [Cookie] [weatherbug.com] [Spyware cookie - weatherbug.com]

[Spyware] [Cookie] [weatherbug.com] [Spyware cookie - weatherbug.com]

[Spyware] [Cookie] [web.lite.weatherbug.com] [Spyware cookie - weatherbug.com]

[Spyware] [Cookie] [web.lite.weatherbug.com] [Spyware cookie - weatherbug.com]

[Spyware] [Cookie] [web.lite.weatherbug.com] [Spyware cookie - weatherbug.com]

[Spyware] [Cookie] [web.lite.weatherbug.com] [Spyware cookie - weatherbug.com]

[Spyware] [Cookie] [web.lite.weatherbug.com] [Spyware cookie - weatherbug.com]

[Spyware] [Cookie] [webpower.com] [Spyware cookie - webpower.com]

[Spyware] [Cookie] [whatismyipaddress.com] [Spyware cookie - address.com]

[Spyware] [Cookie] [whatismyipaddress.com] [Spyware cookie - address.com]

[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]

[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]

[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]

[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]

[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]

[Spyware] [Cookie] [winhundred.com] [Spyware cookie - winhundred.com]

[Spyware] [Cookie] [www.888.com] [Spyware cookie - 888.com]

[Spyware] [Cookie] [www.azoogleads.com] [Spyware cookie - eads.com]

[Spyware] [Cookie] [www.azoogleads.com] [Spyware cookie - eads.com]

[Spyware] [Cookie] [www.azoogleads.com] [Spyware cookie - eads.com]

[Spyware] [Cookie] [www.business.lbn.ru] [Spyware cookie - lbn.ru]

[Spyware] [Cookie] [www.fleshlight.com] [Spyware cookie - fleshlight.com]

[Spyware] [Cookie] [www.free-schoolgirls.com] [Spyware cookie - girls.com]

[Spyware] [Cookie] [www.free6.com] [Spyware cookie - free6.com]

[Spyware] [Cookie] [www.nmwebsearch.com] [Spyware cookie - websearch.com]

[Spyware] [Cookie] [www.whatismyipaddress.com] [Spyware cookie - address.com]

[Spyware] [Cookie] [www2.business.lbn.ru] [Spyware cookie - lbn.ru]

[Spyware] [Cookie] [xiti.com] [Spyware cookie - xiti.com]

[Spyware] [Cookie] [yadro.ru] [Spyware cookie - yadro.ru]

[Spyware] [Cookie] [z1.adserver.com] [Spyware cookie - adserver.com]

[Spyware] [Cookie] [z1.adserver.com] [Spyware cookie - adserver.com]

[Spyware] [Cookie] [zaydoun.freestats.com] [Spyware cookie - freestats.com]

[Spyware] [Cookie] [zaydoun.freestats.com] [Spyware cookie - freestats.com]

[Spyware] [Run HKLM] [SemanticInsight] [C]

[Spyware] [Run HKLM] [SpyFalcon] [C]

[Spyware] [Unknown Object] [MSCornet shortcut] [%Desktop%\Security Troubleshooting.url]

[Spyware] [Unknown Object] [MSCornet shortcut] [%UserMenu%\Security Troubleshooting.url]

HIjack

Logfile of HijackThis v1.99.1

Scan saved at 18:09:52, on 2006-02-23

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\mssearchnet.exe

C:\WINDOWS\System32\RunDll32.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\VamPirE\VamPirE.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AWS\WeatherBug\WeatherBug.exe

C:\Program Files\ADWareBazooka\ADWareBazooka_monitor.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\ADWareBazooka\adwarebazooka.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\daniel\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F3 - REG:win.ini: load=C:\YDPDict\watch.exe

O1 - Hosts: server.fsgs.net servserv.westwood.com apiregister.westwood.com

O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)

O3 - Toolbar: 180search Toolbar - {93CECBB2-6B1B-448D-91B9-72604EF70105} - C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [VamPirE] C:\Program Files\VamPirE\VamPirE.exe /tray

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\AWS\WeatherBug\WeatherBug.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [ADWare Bazooka] C:\Program Files\ADWareBazooka\ADWareBazooka.exe

O4 - HKCU\..\Run: [ADWare Bazooka Monitor] C:\Program Files\ADWareBazooka\ADWareBazooka_monitor.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: SATARaid.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131237661593

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131241381967

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c580.cab

O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} (CO2Player Class) - http://www.lemontv.pl/lmctrlp.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab

O18 - Filter: text/html - (no CLSID) - (no file)

O21 - SSODL: DCDAABEB - {763B3FA0-4355-5A3A-2A74-4A370C092BF4} - C:\WINDOWS\System32\Anpmhakm.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

(Kuz5) #2

W Dodaj/Usun odinstaluj 180search Toolbar i RXToolBar , SpyFalcon

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Usun jeszcze ten plik:

Pliki na czerwono usun ręcznie z dysku

To jakiś fałszywy progs odinstaluj to: (chyba ze nie chcesz)

Poczytaj Usuwanie SpyFalcon

Wklej loga SilentRunners


(Marszallek) #3

Wielkie dzieki pomoglo


(Kuz5) #4

A co z tym ??