Najwazniejsze –
update13.js
wuamgrd.exe – WORM_AGOBOT
avserve2.exe – sasser

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3042
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchcentral.cc/index.php?v=4&aff=3042
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://searchcentral.cc/index.php?v=4&aff=3042
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = about:blank
O4 – HKLM..Run: [Microsoft Update] wuamgrd.exe
O4 – HKLM..Run: [avserve2.exe] C:WINDOWSavserve2.exe
O4 – HKLM..RunServices: [Microsoft Update] wuamgrd.exe
O4 – HKLM..RunOnce: [tlc] C:WINDOWSupdate13.js
O4 – HKCU..Run: [Microsoft Update] wuamgrd.exe

z góry dziękuje


Logfile of HijackThis v1.98.1
Scan saved at 15:16:16, on 2004–09–19
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32CTsvcCDA.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ONELABSvsmon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32MsPMSPSv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesLogitechiTouchiTouch.exe
C:PROGRA~1ONELA~1ONEAL~1zlclient.exe
C:WINDOWSSystem32wuamgrd.exe
C:WINDOWSavserve2.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesCreativeTaskBarCTLTray.exe
C:Program FilesCreativeTaskBarCTLTask.exe
C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMicrosoft OfficeOfficeWINWORD.EXE
C:WINDOWSavserve2.exe
C:WINDOWSavserve2.exe
C:WINDOWSavserve2.exe
C:WINDOWSavserve2.exe
C:WINDOWSavserve2.exe
D:hujhijackthisHijackThis.exe
C:WINDOWSavserve2.exe
C:WINDOWSavserve2.exe
C:WINDOWSavserve2.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3042
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchcentral.cc/index.php?v=4&aff=3042
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://searchcentral.cc/index.php?v=4&aff=3042
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O4 – HKLM..Run: [AtiPTA] atiptaxx.exe
O4 – HKLM..Run: [CTHelper] CTHELPER.EXE
O4 – HKLM..Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdreg.exe
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSBAudigyProgramCTEaxSpl.EXE /run
O4 – HKLM..Run: [Jet Detection] C:Program FilesCreativeSBAudigyPROGRAMADGJDet.exe
O4 – HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [zBrowser Launcher] C:Program FilesLogitechiTouchiTouch.exe
O4 – HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 – HKLM..Run: [CloneCDTray] "C:Program FilesSlySoftCloneCDCloneCDTray.exe" /s
O4 – HKLM..Run: [SpybotSnD] "C:Program FilesSpybot – Search & DestroySpybotSD.exe" /autofix
O4 – HKLM..Run: [Zone Labs Client] C:PROGRA~1ONELA~1ONEAL~1zlclient.exe
O4 – HKLM..Run: [Microsoft Update] wuamgrd.exe
O4 – HKLM..Run: [avserve2.exe] C:WINDOWSavserve2.exe
O4 – HKLM..RunServices: [Microsoft Update] wuamgrd.exe
O4 – HKLM..RunOnce: [tlc] C:WINDOWSupdate13.js
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [TaskTray] "C:Program FilesCreativeTaskBarCTLTray.exe"
O4 – HKCU..Run: [TaskBar] "C:Program FilesCreativeTaskBarCTLTask.exe"
O4 – HKCU..Run: [LDM] C:Program FilesDesktop Messenger8876480ProgramBackWeb–8876480.exe
O4 – HKCU..Run: [Yahoo! Pager] C:Program FilesYahoo!Messengerypager.exe –quiet
O4 – HKCU..Run: [Microsoft Update] wuamgrd.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 – Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 – Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
O8 – Extra context menu item: &Download with &DAP – C:PROGRA~1DAPdapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:PROGRA~1DAPdapextie2.htm
O8 – Extra context menu item: Download with Internet TOOLS – C:PROGRA~1marbit oolsMBdownload.htm
O16 – DPF: {09C038B0–197F–42CF–BAD2–C387C52DD607} (CSOUSales.DataReader) – file://E:CSOUinstallCSOUSales.CAB
O16 – DPF: {5DD1E362–A75D–4990–83CD–95AFB224A8A4} (CSOUAdmin.SmartCollectConvert) – file://E:CSOUinstallCSOUAdmin.CAB
O16 – DPF: {611E065A–3391–4EE5–85C7–1F56719D0F58} (FIATCOMMON2.logoff) – file://E:CSOUinstallFIATCOMMON2.CAB
O17 – HKLMSystemCCSServicesTcpip..{5416E8B7–596B–4375–A123–77E42B768777}: NameServer = 194.204.152.34 217.98.63.164

sbanasiak :

:arrow: http://www.centrumxp.pl/forum/viewtopic.php?t=19661

Wystarczyło w jednym topick`u :) .

Logfile of HijackThis v1.98.2
Scan saved at 16:00:06, on 2004–08–14
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32Ati2evxx.exe
C:Program FilesNavNTdefwatch.exe
C:Program FilesNavNT tvscan.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32usrbridg.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32atiptaxx.exe
C:Program FilesDellAccessDirectdadapp.exe
C:Program FilesHewlett–PackardHP Share–to–Webhpgs2wnd.exe
C:WINDOWSSystem32pctspk.exe
C:Program FilesHewlett–PackardHP Share–to–Webhpgs2wnf.exe
C:Program FilesHewlett–PackardDigital ImagingUnloadhpqcmon.exe
C:PROGRA~1A4TechMouseAmoumain.exe
C:Program FilesNavNTvptray.exe
C:WINDOWSSystem32 undll32.exe
C:WINDOWSNCLAUNCH.EXe
C:Program FilesMicrosoft Office97OfficeOSA.EXE
C:Program FilesDellAccessDirectDadTray.exe
C:Documents and Settingssbanasiak.PZUMoje dokumentyHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.euro.dell.com/
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.cen.pzu.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.euro.dell.com/
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.euro.dell.com/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = nov
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 10.0.19.30:80
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *pzu.pl; 10*;
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: TwaintecObj Class – {000020DD–C72E–4113–AF77–DD56626C6C42} – C:WINDOWS waintec.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {56CD20F0–7C09–11D5–A768–0050042307CE} – (no file)
O2 – BHO: QuickSearch Search Bar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – C:Program FilesQuickSearchQuickSearchBar1_27.dll
O2 – BHO: (no name) – {83DE62E0–5805–11D8–9B25–00E04C60FAF2} – (no file)
O2 – BHO: (no name) – {9C691A33–7DDA–4C2F–BE4C–C176083F35CF} – (no file)
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: QuickSearch Search Bar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – C:Program FilesQuickSearchQuickSearchBar1_27.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O4 – HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 – HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 – HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 – HKLM..Run: [AtiPTA] atiptaxx.exe
O4 – HKLM..Run: [DadApp] C:Program FilesDellAccessDirectdadapp.exe
O4 – HKLM..Run: [Share–to–Web Namespace Daemon] C:Program FilesHewlett–PackardHP Share–to–Webhpgs2wnd.exe
O4 – HKLM..Run: [PCTVOICE] pctspk.exe
O4 – HKLM..Run: [CamMonitor] C:Program FilesHewlett–PackardDigital Imaging\Unloadhpqcmon.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exe
O4 – HKLM..Run: [WinGuard Pro] C:WINDOWSSystem32lockctrl.exe C:WINDOWSSystem32wgp.exe
O4 – HKLM..Run: [vptray] C:Program FilesNavNTvptray.exe
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKCU..Run: [NCLaunch] C:WINDOWSNCLAUNCH.EXe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 – Global Startup: Uruchamianie pakietu Office.lnk = C:Program FilesMicrosoft Office97OfficeOSA.EXE
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://c:program filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Pobierz uźywając Download &Express'a – C:Documents and Settingssbanasiak.PZUMoje dokumentydodatkiAdd_Url.htm
O8 – Extra context menu item: Si&milar Pages – res://c:program filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar2.dll/cmtrans.html
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 – HKLMSystemCCSServicesTcpipParameters: Domain = pzu.pl
O17 – HKLMSoftware..Telephony: DomainName = pzu.pl

co powiecie zeby ten temat przyleic,lekko zmodyfikowac nazwe
zeby za kazdym razem nie musiec zakladac nowego

Pare trojanów,
adware i spyware :

Fix :

C:WINDOWSSystem32videon_32.exe
C:Program FilesISTsvcistsvc.exe
C:Program FilesInternet Optimizeroptimize.exe.
C:program files180solutionsmsbb.exe
C:Program FilesInternet Optimizeractalert.exe
C:WINDOWSSystem32wktbgl.exe
C:WINDOWS st.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/
search_page.html?&account_id=138815
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/
customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://red.clientapps.yahoo.com/
customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/
search_page.html?&account_id=138815
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/
customize/ie/defaults/su/ymsgr/
*http://www.yahoo.com
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS\r nem219.dll
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O3 – Toolbar: ISTbar – {5F1ABCDB–A875–46c1–8345–B72A4567E486} – C:Program FilesISTbaristbar.dll
O4 – HKLM..Run: [Microsoft Update Client] videon_32.exe
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [msbb] c:program files180solutionsmsbb.exe
O4 – HKLM..Run: [bvbeutmmru] C:WINDOWSSystem32wktbgl.exe
O4 – HKLM..Run: [tst] C:WINDOWS st.exe
O4 – HKLM..RunServices: [Microsoft Update Client] videon_32.exe
O4 – HKCU..Run: [Microsoft Update Client] videon_32.exe
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:Program FilesSideFindsidefind.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb\r related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O16 – DPF: {0585238B–9CA6–4CCB–A9B2–FE4BA495E880} (AXWebMon Control) – http://www.smilecam.com/home/ezwebcam/eng/common/AXWebMonProj1.cab
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {611E065A–3391–4EE5–85C7–1F56719D0F58} (FIATCOMMON2.logoff) – https://csou.fiatubezpieczenia.pl/fiathtmlcommon/
components/FIATCOMMON2.CAB
O16 – DPF: {91433D86–9F27–402C–B5E3–DEBDD122C339} – http://www.netvenda.com/sites/games–intl/pl/games4.cab
O16 – DPF: {E855A2D4–987E–4F3B–A51C–64D10A7E2479} (EPSImageControl Class) – http://tools.ebayimg.com/eps/activex/
EPSControl_v1–0–3–0.cab
O18 – Filter: text/html – {4CB7E063–28EC–4AED–B894–DC3EB537B5C4} – C:Documents and SettingsssUstawienia lokalne\r Dane aplikacjimicrosoftinternet explorer\r V0.15.dat

Zakonczyć procesy, wyszukać ( zaznaczając ukryte ) i usunąć :

videon_32.exe
istsvc.exe
optimize.exe.
actalert.exe
wktbgl.exe
tst.exe
nem219.dll
istbar.dll
sidefind.dll
V0.15.dat

i przestać łazić po XXX jak się nie potrafi posprzątać własny smietnik.

Hi
Coś mi komp ostatnio szwankuje .Poniźej mój log z Hijacka. Napiszcie co mam usunąc
Pozdrawiam

Logfile of HijackThis v1.98.1
Scan saved at 20:51:58, on 2004–08–02
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32CTsvcCDA.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesLogitechiTouchiTouch.exe
C:WINDOWSSystem32videon_32.exe
C:Program FilesISTsvcistsvc.exe
C:Program FilesInternet Optimizeroptimize.exe
C:program files180solutionsmsbb.exe
C:Program FilesInternet Optimizeractalert.exe
C:WINDOWSSystem32wktbgl.exe
C:WINDOWS st.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesCreativeTaskBarCTLTray.exe
C:Program FilesCreativeTaskBarCTLTask.exe
C:Program FilesDesktop Messenger8876480ProgramBackWeb–8876480.exe
C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
D:hujhijackthisHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=138815
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=138815
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = about:blank
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em219.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: ISTbar – {5F1ABCDB–A875–46c1–8345–B72A4567E486} – C:Program FilesISTbaristbar.dll
O4 – HKLM..Run: [AtiPTA] atiptaxx.exe
O4 – HKLM..Run: [CTHelper] CTHELPER.EXE
O4 – HKLM..Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdreg.exe
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSBAudigyProgramCTEaxSpl.EXE /run
O4 – HKLM..Run: [Jet Detection] C:Program FilesCreativeSBAudigyPROGRAMADGJDet.exe
O4 – HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [zBrowser Launcher] C:Program FilesLogitechiTouchiTouch.exe
O4 – HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 – HKLM..Run: [CloneCDTray] "C:Program FilesSlySoftCloneCDCloneCDTray.exe" /s
O4 – HKLM..Run: [Microsoft Update Client] videon_32.exe
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [msbb] c:program files180solutionsmsbb.exe
O4 – HKLM..Run: [bvbeutmmru] C:WINDOWSSystem32wktbgl.exe
O4 – HKLM..Run: [tst] C:WINDOWS st.exe
O4 – HKLM..RunServices: [Microsoft Update Client] videon_32.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [TaskTray] "C:Program FilesCreativeTaskBarCTLTray.exe"
O4 – HKCU..Run: [TaskBar] "C:Program FilesCreativeTaskBarCTLTask.exe"
O4 – HKCU..Run: [LDM] C:Program FilesDesktop Messenger8876480ProgramBackWeb–8876480.exe
O4 – HKCU..Run: [Yahoo! Pager] C:Program FilesYahoo!Messengerypager.exe –quiet
O4 – HKCU..Run: [Microsoft Update Client] videon_32.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 – Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 – Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesDesktop Messenger8876480ProgramLDMConf.exe
O4 – Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
O8 – Extra context menu item: &Download with &DAP – C:PROGRA~1DAPdapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:PROGRA~1DAPdapextie2.htm
O8 – Extra context menu item: Download with Internet TOOLS – C:PROGRA~1marbit oolsMBdownload.htm
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:Program FilesSideFindsidefind.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O16 – DPF: {0585238B–9CA6–4CCB–A9B2–FE4BA495E880} (AXWebMon Control) – http://www.smilecam.com/home/ezwebcam/eng/common/AXWebMonProj1.cab
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {611E065A–3391–4EE5–85C7–1F56719D0F58} (FIATCOMMON2.logoff) – https://csou.fiatubezpieczenia.pl/fiathtmlcommon/components/FIATCOMMON2.CAB
O16 – DPF: {91433D86–9F27–402C–B5E3–DEBDD122C339} – http://www.netvenda.com/sites/games–intl/pl/games4.cab
O16 – DPF: {E855A2D4–987E–4F3B–A51C–64D10A7E2479} (EPSImageControl Class) – http://tools.ebayimg.com/eps/activex/EPSControl_v1–0–3–0.cab
O18 – Filter: text/html – {4CB7E063–28EC–4AED–B894–DC3EB537B5C4} – C:Documents and SettingsssUstawienia lokalneDane aplikacjimicrosoftinternet explorerV0.15.dat

Mtech:

co najlepiej chroni przed trojanami bo non stop mam z nimi problem.

Wyobraznia przy surfowaniu w internecie a szczegolnie na bardzo czesto odwiedzanych stronach XXX czy tez stronach z crackami.
Tak na dobra sprawe nie ma w 100% skutecznego programu, bo kazdy ma jakas luke, badz nie przed wszystkim chroni. Jakis przeglad przez przydatne programy masz w tym dziale w przyklejonym temacie o stronie startowej.

Mtech:

skad czerpac informacje / z jakich stron/ ktore sa prawidlowe a ktore nieprawidlowe

Napisalem juz wyzej – pomoze Ci kazda wyszukiwarka. Od wyszukiwarek na polskich portalach w rodzaju onet.pl, wp.pl, poprzez Google.com, Search.com do Lycos.com. Poza tym stron zawierajacych informacje o plikach, wirusach, trojanach jest cale mnostwo.
Np. http://www.liutilities.com/products/wintaskspro/processlibrary/
http://www.neuber.com/taskmanager/process/index.html
http://www.reger24.de/prozesse/
http://www.viruslibrary.com/

Mtech:

co najlepiej chroni przed trojanami bo non stop mam z nimi problem.

Wyobraznia przy surfowaniu w internecie a szczegolnie na bardzo czesto odwiedzanych stronach XXX czy tez stronach z crackami.
Tak na dobra sprawe nie ma w 100% skutecznego programu, bo kazdy ma jakas luke, badz nie przed wszystkim chroni. Jakis przeglad przez przydatne programy masz w tym dziale w przyklejonym temacie o stronie startowej.

Mtech:

skad czerpac informacje / z jakich stron/ ktore sa prawidlowe a ktore nieprawidlowe

Napisalem juz wyzej – pomoze Ci kazda wyszukiwarka. Od wyszukiwarek na polskich portalach w rodzaju onet.pl, wp.pl, poprzez Google.com, Search.com do Lycos.com. Poza tym stron zawierajacych informacje o plikach, wirusach, trojanach jest cale mnostwo.
Np. http://www.liutilities.com/products/wintaskspro/processlibrary/
http://www.neuber.com/taskmanager/process/index.html
http://www.reger24.de/prozesse/
http://www.viruslibrary.com/

Mtech:

co najlepiej chroni przed trojanami bo non stop mam z nimi problem.

Wyobraznia przy surfowaniu w internecie a szczegolnie na bardzo czesto odwiedzanych stronach XXX czy tez stronach z crackami.
Tak na dobra sprawe nie ma w 100% skutecznego programu, bo kazdy ma jakas luke, badz nie przed wszystkim chroni. Jakis przeglad przez przydatne programy masz w tym dziale w przyklejonym temacie o stronie startowej.

Mtech:

skad czerpac informacje / z jakich stron/ ktore sa prawidlowe a ktore nieprawidlowe

Napisalem juz wyzej – pomoze Ci kazda wyszukiwarka. Od wyszukiwarek na polskich portalach w rodzaju onet.pl, wp.pl, poprzez Google.com, Search.com do Lycos.com. Poza tym stron zawierajacych informacje o plikach, wirusach, trojanach jest cale mnostwo.
Np. http://www.liutilities.com/products/wintaskspro/processlibrary/
http://www.neuber.com/taskmanager/process/index.html
http://www.reger24.de/prozesse/
http://www.viruslibrary.com/

Wielkie dzieki – zaraz wezne sie za usuwanie badziewia ale nadal jeszcze jedna sprawa – chodzi mi o usuwanie tych smieci które podales – skad czerpac informacje / z jakich stron/ ktore sa prawidlowe a ktore nieprawidlowe do usuniecia.
Mam nadzieje ze to nie jest tajemnica i mistrz uchyli jej rabka.
W przyszlosci nie chcialbym zawrac glowy jak sie sytuacja powtorzy tylko samodzielnie to naprawic – w koncu trzeba wiedze poglebiac.
Aha – jeszcze prosze o rade – co najlepiej chroni przed trojanami bo non stop mam z nimi problem.

Usun:

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ww/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = about:blank
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: UserInit=C:WindowsSystem32wsaupdater.exe,
O2 – BHO: (no name) – {021BB032–80A8–4FB6–B3D5–CF27B1553B95} – (no file)
O2 – BHO: (no name) – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:Program FilesSideFindsfbho13.dll
O2 – BHO: OsbornTech Popup Blocker – {FF1BF4C7–4E08–4A28–A43F–9D60A9F7A880} – (no file)
O3 – Toolbar: (no name) – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – (no file)
O4 – HKLM..Run: [nod32kui] "C:Program FilesEset od32kui.exe" /WAITSERVICE
O4 – HKLM..Run: [WindUpdates] C:Program FilesWindUpdatesWinUpdt.exe
O10 – Broken Internet access because of LSP provider 'imon.dll' missing
O15 – Trusted Zone: *.mt–download.com
O16 – DPF: {0594AF7E–573B–40DF–8165–E47AB2EAEFE8} (EGEGAUTH Class) – http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1019_EN_XP.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=81a20e2d4daf862b581047e8e0c24e8effd07b128e225c91fe269f1e3e53b395f49377f8e3605dd230f34a38bc2fbef0a2d6fd6f14c38aff842869220dcf:31e1e886df05c54f80cdc9defbb7eddc
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} – http://www.advnt01.com/dialer/russia.CAB
O16 – DPF: {469C7080–8EC8–43A6–AD97–45848113743C} – http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 – DPF: {DB893839–10F0–4AF9–92FA–B23528F530AF} – http://deposito.hostance.net/dialer/1014021.exe

Oczywiscie znalezione tu pliki rowniez wyszukaj zarowno na dysku jak i w rejestrze i usun.

Jak wyszukiwac ? Kazda wyszukiwarka jest pomoca.

Witam,nie bede smiecil i zakladal kolejnego tematu bo mam identyczne jak zalozyciel topiku, oraz mam jeszcze drugie pyatnie – chciałbym samodzielnie usuwac smieci poprzez HijackThis lecz nie wiem gdzie szukać wiadmości co usuwać a co nie – wielkie dzieki za ta informcje



to moj log:

C:Program FilesEset od32krn.exe
C:WINDOWSSystem32 vsvc32.exe
C:PROGRA~1NORTON~1NORTON~3SPEEDD~1NOPDB.EXE
C:TotalCmdTOTALCMD.EXE
C:Program FilesMaxthonMaxthon.exe
F:ProgramyAntywirusySpywareHijackThis.exe
C:WINDOWSsystem32NOTEPAD.EXE
F:ProgramyAntywirusySpywareHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ww/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: UserInit=C:WindowsSystem32wsaupdater.exe,
O2 – BHO: (no name) – {021BB032–80A8–4FB6–B3D5–CF27B1553B95} – (no file)
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {49E0E0F0–5C30–11D4–945D–000000000003} – C:PROGRA~1AshampooASHAMP~1PopUp.dll
O2 – BHO: (no name) – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:Program FilesSideFindsfbho13.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O2 – BHO: (no name) – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O2 – BHO: OsbornTech Popup Blocker – {FF1BF4C7–4E08–4A28–A43F–9D60A9F7A880} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: (no name) – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – (no file)
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: daseek – {AB3D6DEA–3C94–4726–91CC–C0759517FED2} – C:WINDOWSDownloaded Program Filesdaseek.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [nod32kui] "C:Program FilesEset od32kui.exe" /WAITSERVICE
O4 – HKLM..Run: [WindUpdates] C:Program FilesWindUpdatesWinUpdt.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O8 – Extra context menu item: &Google Search – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:Program FilesAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:Program FilesAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:Program FilesAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:Program FilesAvant BrowserHighlight.htm
O8 – Extra context menu item: Si&milar Pages – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Szukaj – C:Program FilesAvant BrowserSearch.htm
O8 – Extra context menu item: Translate into English – res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra button: SideFind (HKLM)
O9 – Extra button: daseek (HKLM)
O9 – Extra 'Tools' menuitem: daseek (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 – Broken Internet access because of LSP provider 'imon.dll' missing
O15 – Trusted Zone: *.mt–download.com
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 – DPF: {0594AF7E–573B–40DF–8165–E47AB2EAEFE8} (EGEGAUTH Class) – http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1019_EN_XP.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=81a20e2d4daf862b581047e8e0c24e8effd07b128e225c91fe269f1e 3e53b395f49377f8e3605dd230f34a38bc2fbef0a2d6fd6f14c38aff842869220dcf:31e1e886df05c54f80cdc9defbb7eddc
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} – http://www.advnt01.com/dialer/russia.CAB
O16 – DPF: {469C7080–8EC8–43A6–AD97–45848113743C} – http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {80DD2229–B8E4–4C77–B72F–F22972D723EA} (AvxScanOnline Control) – http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.es/activescan/as/asinst.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} (Update Class) – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38165.3794328704
O16 – DPF: {A3009861–330C–4E10–822B–39D16EC8829D} (CRAVOnline Object) – http://www.ravantivirus.com/scan/ravonline.cab
O16 – DPF: {AB3D6DEA–3C94–4726–91CC–C0759517FED2} (daseek) – http://torrent.org.pl/popup/bar/daseek.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {DB893839–10F0–4AF9–92FA–B23528F530AF} – http://deposito.hostance.net/dialer/1014021.exe
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{2FD90E83–C802–4BFB–B28C–FE9548C875FE}: NameServer = 195.114.161.2,195.114.181.130
O17 – HKLMSystemCS1ServicesTcpip..{2FD90E83–C802–4BFB–B28C–FE9548C875FE}: NameServer = 195.114.161.2,195.114.181.130
O17 – HKLMSystemCS2ServicesTcpip..{2FD90E83–C802–4BFB–B28C–FE9548C875FE}: NameServer = 195.114.161.2,195.114.181.130

tia panuje u nas malaria i czarna ospa ;))
a tak serio to mam lekkego swira (ale uwazam ze tylko troszke przesadzam) na tym punkcie,coz nic na to nie poradze =)

Twoj komputer, Twoja broszka. Instaluj ile tylko chcesz tych programow.

P.S. Czy wszystkim w Twojej okolicy tak zagrazaja wirusy ? Bo znam juz takiego jednego :wink: .

EL NINO:

Wszystko OK. Dzieje sie cos ? Czy tak tylko ?

P.S. Drobne pytanie – po co Ci dwa antyviry ?

hehe tak tylko :>(lepiej zapobiegac niz leczyc),po prostu mam swira na punkcie utrzymywania systemu w dobrym stanie ;)(spybot adaware cwshreder spyware blaster itd.... :D)
Co do antywirow to jak kupowalem kompa(niecale pol roku temu) wzialem mksa kupilem,ale spotkalem sie z opiniami ze nie jest najlepszy,wiec poszukalem po necie ktory darmowy jest dobry i padlo na avast :),wg Ciebie zbedne 2 (i czy jak nie pomaga to i nie szkodzi )?
thx za odp.

THC:

... ktore procesy sa zbedne i ktore wpisy mam usunac

Wszystko OK. Dzieje sie cos ? Czy tak tylko ?

P.S. Drobne pytanie – po co Ci dwa antyviry ?

Witam,nie bede smiecil i zakladal kolejnego tematu bo pytanie mam identyczne jak zalozyciel topiku,to moj log:

Logfile of HijackThis v1.98.0
Scan saved at 07:31:01, on 2004–07–29
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesMKSBinmks_menu.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32 vsvc32.exe
C:PROGRA~1AgnitumOUTPOS~1.0outpost.exe
C:Program FilesMKSBinmks_scan.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesHijackThishijackthis1980.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.interia.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [CTHelper] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"
O4 – HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [ashMaiSv] C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
O4 – HKLM..Run: [Outpost Firewall] C:PROGRA~1AgnitumOUTPOS~1.0outpost.exe /waitservice
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O17 – HKLMSystemCCSServicesTcpip..{E41C3893–2186–4F7D–9950–E143763D0D5E}: NameServer = 212.244.82.66 195.117.35.16


Bylbym bardzo wdzieczny gdyby ktos (EL NINO widze ze sie na tym znasz ;),moglbys powiedziec ?)znalazl chwilke czasu i powiedzial mi ktore procesy sa zbedne i ktore wpisy mam usunac,bo ja sie na tym slabo znam,z gory thx.
/edit: aha przypomnialem sobie,od razu prosilbym o info jak poza usunieciem z pozycji hijacka usunac to z rejstru i dysku,bo wiecie ja taka lamka komputerowa sem :–)

Wielkie dzieki!

Oczywiscie oprocz usuniecia w HJ, usun rowniez recznie z dysku jak i rejestru. Pojdzie z pewnoscia w trybie awaryjnym.

C:WINDOWSSystem32windowssvc.exe
C:WINDOWSSystem32wininiz.exe
C:WINDOWSSystem32P2P NetworkingP2P Networking.exe
C:WINDOWSSystem32scvhost.exe
C:WINDOWSSystem32snlogsvc.exe
O4 – HKLM..Run: [Microsoft Update Machine] wininiz.exe
O4 – HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 – HKLM..Run: [Microsoft Update] snlogsvc.exe
O4 – HKLM..Run: [regsrv] scvhost.exe
O4 – HKLM..RunServices: [Microsoft Update Machine] wininiz.exe
O4 – HKLM..RunServices: [Microsoft Update] snlogsvc.exe
O4 – HKLM..RunServices: [regsrv] scvhost.exe
O4 – HKCU..Run: [Microsoft Update Machine] wininiz.exe
O4 – HKCU..Run: [Microsoft Update] snlogsvc.exe
O4 – Global Startup: GStartup.lnk = C:Program FilesCommon FilesGMTGMT.exe
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O21 – SSODL: Web Event Logger – {79FEACFF–FFCE–815E–A900–316290B5B738} – C:WINDOWSSystem32Cfjcmnnl.dll (file missing)