DZIĘKUJE BARDZO WSZYSTKIM !!! :)
JEST SUPER !!!!
POZDRAWIAM

WIERTŁO:

Czy juź ok ???:)

Jest ok :D

Czy juź ok ???:)

Logfile of HijackThis v1.99.1
Scan saved at 13:28:59, on 2006–03–04
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\ewido anti–malware\ewidoctrl.exe
D:\Program Files\ewido anti–malware\ewidoguard.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp
D:\POBIERANIE\hijackthis.com

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [Personal Firewall] D:\Program Files\Lavasoft\Personal Firewall\lpfw.exe /waitservice
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: BlueSoleil.lnk = D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O20 – AppInit_DLLs: D:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 – Service: AVG E–mail Scanner (AVGEMS) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 – Service: BlueSoleil Hid Service – Unknown owner – D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 – Service: ewido security suite control – ewido networks – D:\Program Files\ewido anti–malware\ewidoctrl.exe
O23 – Service: ewido security suite guard – ewido networks – D:\Program Files\ewido anti–malware\ewidoguard.exe
O23 – Service: iPodService – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Lavasoft Personal Firewall Service (LavasoftFirewall) – Agnitum Ltd. – D:\Program Files\Lavasoft\Personal Firewall\lpfw.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe

O4 – HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O18 – Protocol: bw+0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll

O tym miałes juź mówione Odinstaluj Desktop Messenger od Logitecha i nie chciałem wszytkich wpisów 018 wklejac wywal je wszystkie a katalog na czerwono recznie z dysku

A co do wpisów 015 ściągnij i uźyj KillTrusted 0.7

Wywal jeszcze to. O15 – Trusted Zone: *.gateone.ath.cx (HKLM)

Proszę zobaczyć czy zostały usunięte niebezpieczne wpisy

Logfile of HijackThis v1.99.1
Scan saved at 16:13:28, on 2006–03–03
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\ewido anti–malware\ewidoctrl.exe
D:\Program Files\ewido anti–malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\POBIERANIE\hijackthis.com

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [Personal Firewall] D:\Program Files\Lavasoft\Personal Firewall\lpfw.exe /waitservice
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: BlueSoleil.lnk = D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 – Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 – Trusted Zone: *.gateone.ath.cx
O15 – Trusted Zone: *.loudcash.com
O15 – Trusted Zone: *.gateone.ath.cx (HKLM)
O18 – Protocol: bw+0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw+0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw–0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw–0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw00 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw00s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw10 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw10s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw20 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw20s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw30 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw30s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw40 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw40s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw50 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw50s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw60 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw60s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw70 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw70s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw80 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw80s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw90 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw90s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwa0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwa0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwb0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwb0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwc0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwc0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwd0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwd0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwe0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwe0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwf0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwf0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwfile–8876480 – {9462A756–7B47–47BC–8C80–C34B9B80B32B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol–8876480.dll
O18 – Protocol: bwg0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwg0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwh0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwh0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwi0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwi0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwj0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwj0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwk0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwk0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwl0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwl0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwm0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwm0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwn0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwn0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwo0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwo0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwp0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwp0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwq0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwq0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwr0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwr0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bws0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bws0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwt0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwt0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwu0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwu0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwv0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwv0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bww0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bww0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwx0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwx0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwy0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwy0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwz0 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwz0s – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: offline–8876480 – {F39029B9–F9DC–456F–8381–70C19A03882B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O20 – AppInit_DLLs: D:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 – Service: AVG E–mail Scanner (AVGEMS) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 – Service: BlueSoleil Hid Service – Unknown owner – D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 – Service: ewido security suite control – ewido networks – D:\Program Files\ewido anti–malware\ewidoctrl.exe
O23 – Service: ewido security suite guard – ewido networks – D:\Program Files\ewido anti–malware\ewidoguard.exe
O23 – Service: iPodService – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Lavasoft Personal Firewall Service (LavasoftFirewall) – Agnitum Ltd. – D:\Program Files\Lavasoft\Personal Firewall\lpfw.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe

Co do menadzera zadań to masz info w przyklejonych http://forum.centrumxp.pl/viewtopic.php?t=29728#faq25 Przejdz do Menadźer zadań został wyłączony przez administratora

C:\winstall.exe
C:\WINDOWS\System32\kernels64.exe

To moźesz usunąć w trybie awaryjnym a wpisy w HijackThis.

Po usuwaniu daj nowego loga zobaczymy co i jak pousuwałes

Nie działają równieź klawisze alt,ctrl,delete
(Menadźera zadań został wyłączony przez administratora)Umiem to naprawić lecz przy ponownym uruchomieniu systemu powtarza się ten napis.

WIERTŁO:

Powiedz jak to usunąć ??? (normalny tryb)
C:\winstall.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.gateone.ath.cx (HKLM)
O15 – Trusted Zone: *.loudcash.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)

Zabijasz proces winstall.exe w menedzerze procesow, zaznaczasz wpisy w Hijacku i naciskasz FIX...
Plik winstall.exe usuwasz z dysku.

WIERTŁO:

Jak wyrzucić to co poniźej ? (nigdy się z tym nie bawiłem)

O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe


Uruchom system w awaryjnym z wierszem polecen i wpisz:

cd c:\WINDOWS\system32
del vxh8jkdq*.exe
rd /s /q "c:\Documents and Setting\Ustawienia lokalne\Temp"

Wpis z HiJacka jak wyzej. Plik z dysku rowniez.
Reszta tak jak Bobi wspomnial – uruchamiasz komputer w trybie awaryjnym z wierszem polecen – wciskasz F6. Wpisujesz dokladnie takie komendy, zatwierdzajac kazda enterem.

ściągnij,uaktualnij i przeskanuj tym kompa http://www.download.com/Ad–Aware–SE–Personal–Edition/3000–8022_4–10045910.html?part=dl–ad–aware&subj=dl&tag=top5

Jest to antywirus AVG 7.1
Powiedz jak to usunąć ??? (normalny tryb)
C:\winstall.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.gateone.ath.cx (HKLM)
O15 – Trusted Zone: *.loudcash.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)

Zainstalowałem ewido anti–malware i przy odpaleniu komputera jest ta ikonka czerwona z białym krzyźykiem na pasku a po jakiś 2 minutach znika.
Nie znam tego programu wiec nic nie ustawiałem w nim.

A tu ???
Jak wyrzucić to co poniźej ? (nigdy się z tym nie bawiłem)

O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe


Uruchom system w awaryjnym z wierszem polecen i wpisz:

cd c:\WINDOWS\system32
del vxh8jkdq*.exe
rd /s /q "c:\Documents and Setting\Ustawienia lokalne\Temp"

Usuń równieź:

O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe

Uruchom system w awaryjnym z wierszem polecen i wpisz:

cd c:\WINDOWS\system32
del vxh8jkdq*.exe
rd /s /q "c:\Documents and Setting\Ustawienia lokalne\Temp"

P.S. Desktop Messenger Logitecha jest zbędny.

WIERTŁO:

Proszę o bardzo szczegółową pomoc–krok za krokiem.Piszcie prostymi słowami !!!!!!!!!!!!!!!!Przy uruchomieniu komputera pojawiają się na pasku dwie kulki czerwone z białymi krzyźykami–z nich pojawia się napis:

Your computer is infected !
Windows has detected spyware infection !
It is recommended to use special antispyware tools to prevent
data loss.Windows will now download and install the most
up–to–date antispyware for you.
Clik here to protect your computer from spyware !

W tym czasie antywirus wykrywa następujące pliki:

1.qtdfmp koń trojański Downloader.Generic.QUS–Jest on na dysku c:\Documents and Setting\Ustawienia lokalne\Temp\1qtdfmp

5.qtdfmp koń trojański Downloader.Generic.RQX–Jest on na dysku c:\Documents and Setting\Ustawienia lokalne\Temp\5qtdfmp

6.qtdfmp koń trojański Downloader.Generic.QSB–Jest on na dysku c:\Documents and Setting\Ustawienia lokalne\Temp\6qtdfmp

7.qtdfmp koń trojański Downloader.Generic.POO–Jest on na dysku c:\Documents and Setting\Ustawienia lokalne\Temp\7qtdfmp

Pojawiają się równieź na dysku c:\WINDOWS\system32\vxh8jkdq1.exe,
\vxh8jkdq5.exe,
\vxh8jkdq6.exe,
\vxh8jkdq7.exe.

CZEKAM NA ROZWIĄZANIE MOJEGO PROBLEMU.
Z GÓRY DZIĘKUJE !

Opcja szukaj nie gryzie.

Jaki antywirus??

Usuń to w pierwszej kolejności
C:\winstall.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.gateone.ath.cx (HKLM)
O15 – Trusted Zone: *.loudcash.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)

Co do innych to ci nie pomoge.
Zainstaluj sobie ewido anti–malware to powinno załatwić sprawe. :wink:

Proszę o bardzo szczegółową pomoc–krok za krokiem.Piszcie prostymi słowami !!!!!!!!!!!!!!!!Przy uruchomieniu komputera pojawiają się na pasku dwie kulki czerwone z białymi krzyźykami–z nich pojawia się napis:

Your computer is infected !
Windows has detected spyware infection !
It is recommended to use special antispyware tools to prevent
data loss.Windows will now download and install the most
up–to–date antispyware for you.
Clik here to protect your computer from spyware !

W tym czasie antywirus wykrywa następujące pliki:

1.qtdfmp koń trojański Downloader.Generic.QUS–Jest on na dysku c:\Documents and Setting\Ustawienia lokalne\Temp\1qtdfmp

5.qtdfmp koń trojański Downloader.Generic.RQX–Jest on na dysku c:\Documents and Setting\Ustawienia lokalne\Temp\5qtdfmp

6.qtdfmp koń trojański Downloader.Generic.QSB–Jest on na dysku c:\Documents and Setting\Ustawienia lokalne\Temp\6qtdfmp

7.qtdfmp koń trojański Downloader.Generic.POO–Jest on na dysku c:\Documents and Setting\Ustawienia lokalne\Temp\7qtdfmp

Pojawiają się równieź na dysku c:\WINDOWS\system32\vxh8jkdq1.exe,
\vxh8jkdq5.exe,
\vxh8jkdq6.exe,
\vxh8jkdq7.exe.

CZEKAM NA ROZWIĄZANIE MOJEGO PROBLEMU.
Z GÓRY DZIĘKUJE !

Ze co ???
Podałęś log i co mamy z tym zrobić?????