Co to za program ten “Spyware” ??? I czy w pełnej wersji??
Do usunięcia masz na pewno :
C:/WINDOWS/SoftwareDistribution/Download/S-1-5-18/f14cbfa294456e54248d17250f3ac3e3/update/update.exeShark polecił mi adres strony: http://www.webroot.com/services/spyaudit_03.htm i to tam robiłem ten skan
To teraz zrób skany tymi wszystkimi programami - co są wyżej 
Właśnie już zrobiłem: CWShredder, Pest patrol, jv16PowerTools, Ad-Adware SE itp…i z pośród kilkunastu dziadów pozostały tylko te cztery.
Gator 
No to gator z głowy , dzięki Phylby.
Teraz wygląa to tak:
Logfile of HijackThis v1.99.0
Scan saved at 15:52:05, on 2004-12-19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/Program Files/AVPersonal/AVGUARD.EXE
C:/Program Files/AVPersonal/AVWUPSRV.EXE
C:/Program Files/WIDCOMM/Bluetooth Software/bin/btwdins.exe
C:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal Pro 5/kavmm.exe
C:/Program Files/Common Files/Microsoft Shared/VS7Debug/mdm.exe
C:/WINDOWS/System32/nvsvc32.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/AGRSMMSG.exe
C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpotdd01.exe
C:/PROGRA~1/COMMON~1/PCSuite/DATALA~1/DATALA~1.EXE
C:/PROGRA~1/Nokia/NOKIAP~1/TRAYAP~1.EXE
C:/Program Files/AVPersonal/AVGNT.EXE
C:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal Pro 5/kav.exe
C:/WINDOWS/System32/wuauclt.exe
C:/PROGRA~1/PESTPA~1/PPControl.exe
C:/PROGRA~1/PESTPA~1/PPMemCheck.exe
C:/PROGRA~1/PESTPA~1/CookiePatrol.exe
C:/Program Files/22M WLAN Adapter/WLANMON.exe
C:/PROGRA~1/COMMON~1/PCSuite/Services/SERVIC~1.EXE
C:/Program Files/GetRight/GETRIGHT.EXE
C:/Program Files/GetRight/GETRIGHT.EXE
C:/Program Files/Opera/Opera.exe
C:/Documents and Settings/piotrek/Pulpit/HijackThis.exe
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Program Files/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/…/Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM/…/Run: [Agent] C:/Program Files/CyberLink/PowerVCRII/Agent.exe
O4 - HKLM/…/Run: [Remote_Agent] C:/Program Files/CyberLink/PowerVCRII/RemoteAgent.exe
O4 - HKLM/…/Run: [intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM/…/Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/…/Run: [MicrocomAutorun] D:/Autorun.exe 1
O4 - HKLM/…/Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM/…/Run: [LWBMOUSE] C:/Program Files/Trust/AMI MOUSE 250SP WIRELESS OPTICAL/lwbwheel.exe
O4 - HKLM/…/Run: [HPDJ Taskbar Utility] C:/WINDOWS/System32/spool/drivers/w32x86/3/hpztsb08.exe
O4 - HKLM/…/Run: [DeviceDiscovery] C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpotdd01.exe
O4 - HKLM/…/Run: [XTNDConnect PC - ErPhn2] C:/PROGRA~1/COMMON~1/XCPCSync/TRANSL~1/ErPhn2/ErTray.exe
O4 - HKLM/…/Run: [DataLayer] C:/PROGRA~1/COMMON~1/PCSuite/DATALA~1/DATALA~1.EXE
O4 - HKLM/…/Run: [PCSuiteTrayApplication] C:/PROGRA~1/Nokia/NOKIAP~1/TRAYAP~1.EXE
O4 - HKLM/…/Run: [AVGCtrl] C:/Program Files/AVPersonal/AVGNT.EXE /min
O4 - HKLM/…/Run: [KAV50] “C:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal Pro 5/kav.exe” -run -n PersonalPro -v 5.0.0.0
O4 - HKLM/…/Run: [PestPatrol Control Center] C:/PROGRA~1/PESTPA~1/PPControl.exe
O4 - HKLM/…/Run: [PPMemCheck] C:/PROGRA~1/PESTPA~1/PPMemCheck.exe
O4 - HKLM/…/Run: [CookiePatrol] C:/PROGRA~1/PESTPA~1/CookiePatrol.exe
O4 - HKCU/…/Run: [WITaj!] C:/Program Files/WITaj!/WIT2000.EXE /jeden /ikona
O4 - HKCU/…/Run: [ETD Security Scanner] “C:/Program Files/ETD Security Scanner/ETD Security Scanner.exe” /s
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:/Program Files/GetRight/GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:/PROGRA~1/MICROS~2/Office10/EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:/Program Files/GetRight/GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:/Program Files/WIDCOMM/Bluetooth Software/btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/System32/msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/System32/msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:/Program Files/WIDCOMM/Bluetooth Software/btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:/Program Files/WIDCOMM/Bluetooth Software/btsendto_ie.htm
O12 - Plugin for .spop: C:/Program Files/Internet Explorer/Plugins/NPDocBox.dll
O17 - HKLM/System/CCS/Services/Tcpip/…/{81418020-A98E-44A5-8639-A4C02E11AC64}: NameServer = 192.168.1.1,194.204.159.1
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:/Program Files/AVPersonal/AVGUARD.EXE
O23 - Service: AutoComplete Service - Acesoft - C:/Program Files/Acesoft/Tracks Eraser Pro/autocomp.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:/Program Files/AVPersonal/AVWUPSRV.EXE
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:/Program Files/WIDCOMM/Bluetooth Software/bin/btwdins.exe
O23 - Service: Kaspersky Anti-Virus Service - Kaspersky Lab - C:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal Pro 5/kavmm.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:/WINDOWS/System32/nvsvc32.exe
Log czysty - Zastanawiają mnie :
O4 - HKLM/…/Run: [Agent] C:/Program Files/CyberLink/PowerVCRII/Agent.exe
O4 - HKLM/…/Run: [Remote_Agent] C:/Program Files/CyberLink/PowerVCRII/RemoteAgent.exe
Jak Ci nie potrzebne wyłącz z msconfig !
Wyłączyłem. Tylko ciągle mnie zastanawia dlaczego ten skaner ze strony http://www.webroot.com/services/spyaudit_03.htm ciągle wykrywa mi Visual Log, Adlogix i CWS_NS3
Ja tez mam pytanie co do tego skanera!
U mnie wykrywa też kikanście rzeczy, ale jak je usunąć??
Ten skaner tylko skanuje … Ale nie usuwa - :cfaniak:
Musisz ściągnąć program webroot trial
Ściągnąłem Spy Sweeper tak jak mówiłeś i udało mi sie usunąć Adlogix, ale Visual Log i CWS_NS3 mi wogóle nie wykrywa. Proszę jak usunąć to dziadostwo? Przepraszam za niewiedzę.
Cześć. Prośba tyczy sie sprawdzenia Loga.
Logfile of HijackThis v1.98.2
Scan saved at 23:13:35, on 2004-12-19
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\16122004\011204\Software\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D7403AE-661B-4C90-BB81-91230A5F9AE2}: NameServer = 10.3.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8D7403AE-661B-4C90-BB81-91230A5F9AE2}: NameServer = 10.3.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8D7403AE-661B-4C90-BB81-91230A5F9AE2}: NameServer = 10.3.0.1piterosbayeros
Odszukaj co piszą . Szukaj w plikach ukrytych , zbij procesy. Usuń z kluczy , restartuj kompa.
Delete the following files
Delete the following registry keys
Delete the following registry values
http://www.scanspyware.net/info/VisualLog.htm
Co do CWS_NS3 to sprawdz czy masz to na dysku:
http://www.bleepingcomputer.com/forums/topict3341.html
I użyj jeszcze nowszego CWShredder Version 2.1
k_b
Wyłącz przywracanie systemu .
Start kompa do trybu awaryjnego
Usuń
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)hello ;( mam strasznie zawalony logchyba… pliz HELP :(((
oto log:
Logfile of HijackThis v1.99.0
Scan saved at 17:45:15, on 2004-12-20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\Set\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 http://www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 http://www.awmdabest.com
O1 - Hosts: 127.0.0.3 http://www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 http://www.allforadult.com
O1 - Hosts: 127.0.0.3 http://www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 http://www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 http://www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 http://www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 http://www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 http://www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 129.30.83.206 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 44.181.207.55 kaspersky-labs.com
O1 - Hosts: 69.233.107.62 http://www.networkassociates.com
O1 - Hosts: 251.6.187.149 us.mcafee.com
O1 - Hosts: 165.237.145.132 f-secure.com
O1 - Hosts: 78.247.154.166 networkassociates.com
O1 - Hosts: 66.181.2.16 secure.nai.com
O1 - Hosts: 200.164.59.14 downloads1.kaspersky-labs.com
O1 - Hosts: 170.197.101.19 downloads2.kaspersky-labs.com
O1 - Hosts: 62.143.242.109 downloads3.kaspersky-labs.com
O1 - Hosts: 35.195.120.221 avp.com
O1 - Hosts: 211.22.228.64 http://www.sophos.com
O1 - Hosts: 187.173.117.187 my-etrust.com
O1 - Hosts: 130.240.32.70 http://www.kaspersky.com
O1 - Hosts: 177.35.93.103 http://www.f-secure.com
O1 - Hosts: 228.194.128.128 dispatch.mcafee.com
O1 - Hosts: 42.184.3.18 update.symantec.com
O1 - Hosts: 82.181.114.187 nai.com
O1 - Hosts: 54.99.240.242 http://www.nai.com
O1 - Hosts: 80.47.114.171 sophos.com
O1 - Hosts: 36.237.26.109 http://www.ca.com
O1 - Hosts: 76.139.111.150 ca.com
O1 - Hosts: 44.131.88.193 securityresponse.symantec.com
O1 - Hosts: 169.238.238.145 symantec.com
O1 - Hosts: 94.66.193.85 mast.mcafee.com
O1 - Hosts: 34.35.6.77 liveupdate.symantec.com
O1 - Hosts: 238.228.200.128 http://www.avp.com
O1 - Hosts: 112.140.41.107 http://www.viruslist.com
O1 - Hosts: 198.125.45.245 viruslist.com
O1 - Hosts: 77.35.187.116 http://www.symantec.com
O1 - Hosts: 107.55.189.180 downloads4.kaspersky-labs.com
O1 - Hosts: 192.131.131.72 downloads-us1.kaspersky-labs.com
O1 - Hosts: 53.51.233.139 customer.symantec.com
O1 - Hosts: 187.19.219.48 mcafee.com
O1 - Hosts: 209.106.36.46 viruslist.com
O1 - Hosts: 7.42.192.122 http://www.my-etrust.com
O1 - Hosts: 28.172.18.214 download.mcafee.com
O1 - Hosts: 128.84.169.161 updates.symantec.com
O1 - Hosts: 64.160.142.121 kaspersky.com
O1 - Hosts: 168.161.50.13 http://www.trendmicro.com
O1 - Hosts: 52.222.122.136 rads.mcafee.com
O1 - Hosts: 130.7.145.88 trendmicro.com
O1 - Hosts: 120.25.95.73 liveupdate.symantecliveupdate.com
O1 - Hosts: 187.201.231.50 http://www.mcafee.com
O1 - Hosts: 236.152.94.106 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 133.215.35.35 kaspersky-labs.com
O1 - Hosts: 87.79.180.138 http://www.networkassociates.com
O1 - Hosts: 195.15.171.207 us.mcafee.com
O1 - Hosts: 25.170.83.243 f-secure.com
O1 - Hosts: 212.166.165.61 networkassociates.com
O1 - Hosts: 37.183.66.124 secure.nai.com
O1 - Hosts: 103.111.123.131 downloads1.kaspersky-labs.com
O1 - Hosts: 151.22.209.127 downloads2.kaspersky-labs.com
O1 - Hosts: 246.188.124.38 downloads3.kaspersky-labs.com
O1 - Hosts: 92.228.212.220 avp.com
O1 - Hosts: 243.50.209.67 http://www.sophos.com
O1 - Hosts: 97.2.213.215 my-etrust.com
O1 - Hosts: 131.240.134.149 http://www.kaspersky.com
O1 - Hosts: 91.149.110.192 http://www.f-secure.com
O1 - Hosts: 198.7.159.72 dispatch.mcafee.com
O1 - Hosts: 24.237.159.109 update.symantec.com
O1 - Hosts: 185.57.66.149 nai.com
O1 - Hosts: 99.179.73.128 http://www.nai.com
O1 - Hosts: 155.23.237.58 sophos.com
O1 - Hosts: 121.93.163.135 http://www.ca.com
O1 - Hosts: 237.94.191.179 ca.com
O1 - Hosts: 253.181.206.88 symantec.com
O1 - Hosts: 205.136.123.119 mast.mcafee.com
O1 - Hosts: 252.170.142.49 liveupdate.symantec.com
O1 - Hosts: 165.229.135.72 http://www.avp.com
O1 - Hosts: 180.15.74.176 http://www.viruslist.com
O1 - Hosts: 84.13.210.193 viruslist.com
O1 - Hosts: 183.151.173.49 http://www.symantec.com
O1 - Hosts: 189.226.1.233 downloads4.kaspersky-labs.com
O1 - Hosts: 55.215.84.73 downloads-us1.kaspersky-labs.com
O1 - Hosts: 187.158.93.86 customer.symantec.com
O1 - Hosts: 86.129.124.234 mcafee.com
O1 - Hosts: 126.124.201.248 viruslist.com
O2 - BHO: (no name) - {B1297562-C6FB-9879-8AFF-EEABAA7403EF} - C:\WINDOWS\System32\sasa.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM…\Run: [CberSrv32] C:\WINDOWS\cbersrv.exe
O4 - HKLM…\Run: [HahSrv32] C:\WINDOWS\hahsrv.exe
O4 - HKLM…\RunServices: [Microsoft Update Machine] SP2.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: 213.159.117.133 (HKLM)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab
O21 - SSODL: Web Event Logger - {7FFBADFF-E102-1332-ACDE-44659325C679} - C:\WINDOWS\System32\Ocqdjnhb.dll
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
set
Wyłącz przywracanie systemu.
Start kompa do trybu awaryjnego
Usuń
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 129.30.83.206 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 44.181.207.55 kaspersky-labs.com
O1 - Hosts: 69.233.107.62 www.networkassociates.com
O1 - Hosts: 251.6.187.149 us.mcafee.com
O1 - Hosts: 165.237.145.132 f-secure.com
O1 - Hosts: 78.247.154.166 networkassociates.com
O1 - Hosts: 66.181.2.16 secure.nai.com
O1 - Hosts: 200.164.59.14 downloads1.kaspersky-labs.com
O1 - Hosts: 170.197.101.19 downloads2.kaspersky-labs.com
O1 - Hosts: 62.143.242.109 downloads3.kaspersky-labs.com
O1 - Hosts: 35.195.120.221 avp.com
O1 - Hosts: 211.22.228.64 www.sophos.com
O1 - Hosts: 187.173.117.187 my-etrust.com
O1 - Hosts: 130.240.32.70 www.kaspersky.com
O1 - Hosts: 177.35.93.103 www.f-secure.com
O1 - Hosts: 228.194.128.128 dispatch.mcafee.com
O1 - Hosts: 42.184.3.18 update.symantec.com
O1 - Hosts: 82.181.114.187 nai.com
O1 - Hosts: 54.99.240.242 www.nai.com
O1 - Hosts: 80.47.114.171 sophos.com
O1 - Hosts: 36.237.26.109 www.ca.com
O1 - Hosts: 76.139.111.150 ca.com
O1 - Hosts: 44.131.88.193 securityresponse.symantec.com
O1 - Hosts: 169.238.238.145 symantec.com
O1 - Hosts: 94.66.193.85 mast.mcafee.com
O1 - Hosts: 34.35.6.77 liveupdate.symantec.com
O1 - Hosts: 238.228.200.128 www.avp.com
O1 - Hosts: 112.140.41.107 www.viruslist.com
O1 - Hosts: 198.125.45.245 viruslist.com
O1 - Hosts: 77.35.187.116 www.symantec.com
O1 - Hosts: 107.55.189.180 downloads4.kaspersky-labs.com
O1 - Hosts: 192.131.131.72 downloads-us1.kaspersky-labs.com
O1 - Hosts: 53.51.233.139 customer.symantec.com
O1 - Hosts: 187.19.219.48 mcafee.com
O1 - Hosts: 209.106.36.46 viruslist.com
O1 - Hosts: 7.42.192.122 www.my-etrust.com
O1 - Hosts: 28.172.18.214 download.mcafee.com
O1 - Hosts: 128.84.169.161 updates.symantec.com
O1 - Hosts: 64.160.142.121 kaspersky.com
O1 - Hosts: 168.161.50.13 www.trendmicro.com
O1 - Hosts: 52.222.122.136 rads.mcafee.com
O1 - Hosts: 130.7.145.88 trendmicro.com
O1 - Hosts: 120.25.95.73 liveupdate.symantecliveupdate.com
O1 - Hosts: 187.201.231.50 www.mcafee.com
O1 - Hosts: 236.152.94.106 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 133.215.35.35 kaspersky-labs.com
O1 - Hosts: 87.79.180.138 www.networkassociates.com
O1 - Hosts: 195.15.171.207 us.mcafee.com
O1 - Hosts: 25.170.83.243 f-secure.com
O1 - Hosts: 212.166.165.61 networkassociates.com
O1 - Hosts: 37.183.66.124 secure.nai.com
O1 - Hosts: 103.111.123.131 downloads1.kaspersky-labs.com
O1 - Hosts: 151.22.209.127 downloads2.kaspersky-labs.com
O1 - Hosts: 246.188.124.38 downloads3.kaspersky-labs.com
O1 - Hosts: 92.228.212.220 avp.com
O1 - Hosts: 243.50.209.67 www.sophos.com
O1 - Hosts: 97.2.213.215 my-etrust.com
O1 - Hosts: 131.240.134.149 www.kaspersky.com
O1 - Hosts: 91.149.110.192 www.f-secure.com
O1 - Hosts: 198.7.159.72 dispatch.mcafee.com
O1 - Hosts: 24.237.159.109 update.symantec.com
O1 - Hosts: 185.57.66.149 nai.com
O1 - Hosts: 99.179.73.128 www.nai.com
O1 - Hosts: 155.23.237.58 sophos.com
O1 - Hosts: 121.93.163.135 www.ca.com
O1 - Hosts: 237.94.191.179 ca.com
O1 - Hosts: 253.181.206.88 symantec.com
O1 - Hosts: 205.136.123.119 mast.mcafee.com
O1 - Hosts: 252.170.142.49 liveupdate.symantec.com
O1 - Hosts: 165.229.135.72 www.avp.com
O1 - Hosts: 180.15.74.176 www.viruslist.com
O1 - Hosts: 84.13.210.193 viruslist.com
O1 - Hosts: 183.151.173.49 www.symantec.com
O1 - Hosts: 189.226.1.233 downloads4.kaspersky-labs.com
O1 - Hosts: 55.215.84.73 downloads-us1.kaspersky-labs.com
O1 - Hosts: 187.158.93.86 customer.symantec.com
O1 - Hosts: 86.129.124.234 mcafee.com
O1 - Hosts: 126.124.201.248 viruslist.com
O2 - BHO: (no name) - {B1297562-C6FB-9879-8AFF-EEABAA7403EF} - C:\WINDOWS\System32\sasa.dll (file missing)
O4 - HKLM\..\Run: [CberSrv32] C:\WINDOWS\cbersrv.exe
O4 - HKLM\..\Run: [HahSrv32] C:\WINDOWS\hahsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] SP2.exe
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: 213.159.117.133 (HKLM)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O21 - SSODL: Web Event Logger - {7FFBADFF-E102-1332-ACDE-44659325C679} - C:\WINDOWS\System32\Ocqdjnhb.dll
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
Jeszcze raz uruchom HijackThis. Klikasz Config… ->>>> Misc Tools ->>>> Open hosts file manager ->>>> Open in Notepad
Zostanie otwarty notatnik . Usuń stamtąd wszystkie wpisy stron , zostaw tylko wpis 127.0.0.1 localhost
Restart kompa.
To masz wyrejestrować i usunąć>>>> Ocqdjnhb.dll
Start -> uruchom ->
regsvr32 \u C:\WINDOWS\System32\ tu wpisujesz nazwe pliku
- i klikasz
Znajdz na dysku WINDOWS\System32\ Ocqdjnhb.dll
Szukasz w ukrytych >>> Usuwasz
Użyj :
ETD Security Scanner 3.0
http://www.download.com/ETD-Security-Sc … 29424.html
Po tym wszystkim wklej nowego loga.
hmm… zrobilem scan spybotem… troche sie log zmienil. teraz wyglada tak
Logfile of HijackThis v1.99.0
Scan saved at 18:18:06, on 2004-12-20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\Set\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 129.30.83.206 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 44.181.207.55 kaspersky-labs.com
O1 - Hosts: 69.233.107.62 http://www.networkassociates.com
O1 - Hosts: 251.6.187.149 us.mcafee.com
O1 - Hosts: 165.237.145.132 f-secure.com
O1 - Hosts: 78.247.154.166 networkassociates.com
O1 - Hosts: 66.181.2.16 secure.nai.com
O1 - Hosts: 200.164.59.14 downloads1.kaspersky-labs.com
O1 - Hosts: 170.197.101.19 downloads2.kaspersky-labs.com
O1 - Hosts: 62.143.242.109 downloads3.kaspersky-labs.com
O1 - Hosts: 35.195.120.221 avp.com
O1 - Hosts: 211.22.228.64 http://www.sophos.com
O1 - Hosts: 187.173.117.187 my-etrust.com
O1 - Hosts: 130.240.32.70 http://www.kaspersky.com
O1 - Hosts: 177.35.93.103 http://www.f-secure.com
O1 - Hosts: 228.194.128.128 dispatch.mcafee.com
O1 - Hosts: 42.184.3.18 update.symantec.com
O1 - Hosts: 82.181.114.187 nai.com
O1 - Hosts: 54.99.240.242 http://www.nai.com
O1 - Hosts: 80.47.114.171 sophos.com
O1 - Hosts: 36.237.26.109 http://www.ca.com
O1 - Hosts: 76.139.111.150 ca.com
O1 - Hosts: 44.131.88.193 securityresponse.symantec.com
O1 - Hosts: 169.238.238.145 symantec.com
O1 - Hosts: 94.66.193.85 mast.mcafee.com
O1 - Hosts: 34.35.6.77 liveupdate.symantec.com
O1 - Hosts: 238.228.200.128 http://www.avp.com
O1 - Hosts: 112.140.41.107 http://www.viruslist.com
O1 - Hosts: 198.125.45.245 viruslist.com
O1 - Hosts: 77.35.187.116 http://www.symantec.com
O1 - Hosts: 107.55.189.180 downloads4.kaspersky-labs.com
O1 - Hosts: 192.131.131.72 downloads-us1.kaspersky-labs.com
O1 - Hosts: 53.51.233.139 customer.symantec.com
O1 - Hosts: 187.19.219.48 mcafee.com
O1 - Hosts: 209.106.36.46 viruslist.com
O1 - Hosts: 7.42.192.122 http://www.my-etrust.com
O1 - Hosts: 28.172.18.214 download.mcafee.com
O1 - Hosts: 128.84.169.161 updates.symantec.com
O1 - Hosts: 64.160.142.121 kaspersky.com
O1 - Hosts: 168.161.50.13 http://www.trendmicro.com
O1 - Hosts: 52.222.122.136 rads.mcafee.com
O1 - Hosts: 130.7.145.88 trendmicro.com
O1 - Hosts: 120.25.95.73 liveupdate.symantecliveupdate.com
O1 - Hosts: 187.201.231.50 http://www.mcafee.com
O1 - Hosts: 236.152.94.106 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 133.215.35.35 kaspersky-labs.com
O1 - Hosts: 87.79.180.138 http://www.networkassociates.com
O1 - Hosts: 195.15.171.207 us.mcafee.com
O1 - Hosts: 25.170.83.243 f-secure.com
O1 - Hosts: 212.166.165.61 networkassociates.com
O1 - Hosts: 37.183.66.124 secure.nai.com
O1 - Hosts: 103.111.123.131 downloads1.kaspersky-labs.com
O1 - Hosts: 151.22.209.127 downloads2.kaspersky-labs.com
O1 - Hosts: 246.188.124.38 downloads3.kaspersky-labs.com
O1 - Hosts: 92.228.212.220 avp.com
O1 - Hosts: 243.50.209.67 http://www.sophos.com
O1 - Hosts: 97.2.213.215 my-etrust.com
O1 - Hosts: 131.240.134.149 http://www.kaspersky.com
O1 - Hosts: 91.149.110.192 http://www.f-secure.com
O1 - Hosts: 198.7.159.72 dispatch.mcafee.com
O1 - Hosts: 24.237.159.109 update.symantec.com
O1 - Hosts: 185.57.66.149 nai.com
O1 - Hosts: 99.179.73.128 http://www.nai.com
O1 - Hosts: 155.23.237.58 sophos.com
O1 - Hosts: 121.93.163.135 http://www.ca.com
O1 - Hosts: 237.94.191.179 ca.com
O1 - Hosts: 205.136.123.119 mast.mcafee.com
O1 - Hosts: 252.170.142.49 liveupdate.symantec.com
O1 - Hosts: 165.229.135.72 http://www.avp.com
O1 - Hosts: 180.15.74.176 http://www.viruslist.com
O1 - Hosts: 84.13.210.193 viruslist.com
O1 - Hosts: 183.151.173.49 http://www.symantec.com
O1 - Hosts: 189.226.1.233 downloads4.kaspersky-labs.com
O1 - Hosts: 55.215.84.73 downloads-us1.kaspersky-labs.com
O1 - Hosts: 187.158.93.86 customer.symantec.com
O1 - Hosts: 86.129.124.234 mcafee.com
O1 - Hosts: 126.124.201.248 viruslist.com
O1 - Hosts: 27.254.182.85 http://www.my-etrust.com
O1 - Hosts: 135.181.190.184 download.mcafee.com
O1 - Hosts: 230.86.173.216 updates.symantec.com
O1 - Hosts: 37.208.91.216 kaspersky.com
O1 - Hosts: 130.93.2.100 http://www.trendmicro.com
O1 - Hosts: 137.63.129.53 rads.mcafee.com
O1 - Hosts: 188.67.47.232 trendmicro.com
O1 - Hosts: 112.73.11.75 liveupdate.symantecliveupdate.com
O1 - Hosts: 144.98.130.141 http://www.mcafee.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {B1297562-C6FB-9879-8AFF-EEABAA7403EF} - C:\WINDOWS\System32\sasa.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM…\Run: [CberSrv32] C:\WINDOWS\cbersrv.exe
O4 - HKLM…\Run: [HahSrv32] C:\WINDOWS\hahsrv.exe
O4 - HKLM…\RunServices: [Microsoft Update Machine] SP2.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
SORRY za BAJZEL 
Start >>> Uruchom >>> msconfig >>> Uruchamienie >>> Odznaczasz:
nwiz
A po co ja sie wisilam ?? Zrobiłeś to co mapisałem ???
Jeszcze usuń:
O2 - BHO: (no name) - {B1297562-C6FB-9879-8AFF-EEABAA7403EF} - C:\WINDOWS\System32\sasa.dll (file missing)
O4 - HKLM\..\RunServices: [Microsoft Update Machine] SP2.exe
Znajdz na dysku SP2.exe Szukaj w ukrytych. Zbij proces >>>Usuń
Patrz co wczesniej napisałem 
super :d wszystko gra! porobilem scany, porobilem porzadki. log jest teraz ladny. tyle ze mam maly problem w IEXPLORE.EXE przy wlaczeniu windy w menadżerze zadan wyswietla sie 5 razy to IEXPLORE.EXE i za cholere tego nie moge usunac… a to zzera mi pamiec 
wiem ze zalezne to jest od 2 pliczkow jakis na dysq ktore daja sie usunac po zamknieciu zadan IEXPLORE.exe… usuwam… i nic. dalej to samo przy wlaczeniu windy :< co teraz?
set
Nie łaź po stronach porno nie będziesz miał syfu na kompie lub będziesz miał go zdecydowanie mniej :oops: :oops: :oops: