wiecie co teraz ja mam problem z gaobot mx ratunku!! Nie wiem czy moge go usunąć z poziomu drugiego systemu (win 2000)

Mam prosbe – moglby ktos sprawdzic procesy :D

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesMKSBinNetMonSV.exe
C:Program FilesAntiVirenKitAVKService.exe
C:Program FilesAntiVirenKitAVKWCtl.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMKSBinmksmonsv.exe
C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
C:WINDOWSSystem32 vsvc32.exe
C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
C:WINDOWSSystem32MsPMSPSv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesMKSBinmks_scan.exe
C:Program FilesMKSBinmks_menu.exe
C:Program FilesMKSBinABregmon.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesABCabc.exe
C:Program FilesInternet Exploreriexplore.exe
H:NiezbędnikProgramy i KodekiInternetInneHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll
O2 – BHO: (no name) – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBAudigyPROGRAMADGJDet.exe"
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSplash ScreenCTEaxSpl.EXE /run
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [ABREGMON] C:Program FilesMKSBinABregmon.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [TaskTray] "C:Program FilesCreativeSBAudigyTaskBarCTLTray.exe"
O4 – HKCU..Run: [TaskBar] "C:Program FilesCreativeSBAudigyTaskBarCTLTask.exe"
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O8 – Extra context menu item: &Google Search – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Si&milar Pages – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

McScr@by:

BTW, próbowałeś wyłączyć proces w trybie awaryjnym ?...

Badz np poprzez tasklist i poznej taskkill
Wpisz taskkill /? i zobacz skladnie

Skuzik spróbuj moźe na początek tym narzędziem :

:arrow: http://securityresponse.symantec.com/avcenter/FxGaobot.exe

Pamiętaj o wyłączeniu przywracania.

BTW, próbowałeś wyłączyć proces w trybie awaryjnym ?

Nie moge zakonczyc tego procesu :(
Gdy próbuje zakończyc to niby się zakancza, ale po sekundzie jest w innym miejscu w tym spisie :(

Jakies badziewie ? Nie widzisz jakie w Task managerze ?

Usun wszystko z ns.exe

Wylacz przywracanie
Wylacz proces:
ns.exe

Wywal z HDD:
ns.exe

Fix:

O4 – HKLM..Run: [NS] ns.exe
O4 – HKLM..RunServices: [NS] ns.exe

Wlacz przywracanie

Znowu jakies badziewie bierze mi 100 % procka, sam juz nie wiem :(

A to procesy:
Prosze o pomoc !!

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
C:WINDOWSSystem32 vsvc32.exe
C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
C:WINDOWSSystem32MsPMSPSv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesMKSBinmks_mail.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMKSBinmks_scan.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSystem32 s.exe
H:NiezbędnikProgramy i KodekiInternetInneHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll
O2 – BHO: (no name) – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBAudigyPROGRAMADGJDet.exe"
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSplash ScreenCTEaxSpl.EXE /run
O4 – HKLM..Run: [MailScanner] C:Program FilesMKSBinmks_mail.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [NS] ns.exe
O4 – HKLM..RunServices: [NS] ns.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [TaskTray] "C:Program FilesCreativeSBAudigyTaskBarCTLTray.exe"
O4 – HKCU..Run: [TaskBar] "C:Program FilesCreativeSBAudigyTaskBarCTLTask.exe"
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O8 – Extra context menu item: &Google Search – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Si&milar Pages – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

Dzieki wszystkim za fatyge :!:

Zapodałeś dziennik HJT, to wystarczy.
Juź go nie ma.

Teraz Avast podczas uruchamiania systemu nie pokazuje mi juz wirka :) , a procesy wygladaja tak:
I jeszcze mam pytanie, czym najlepiej przeskanowac, zeby zobaczyc czy tego juz napewno nie ma :roll: :?:

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesMKSBinmks_mail.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesCreativeSBAudigyTaskBarCTLTray.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesMKSBinmks_menu.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesMKSBinmks_scan.exe
C:Program FilesInternet Exploreriexplore.exe
H:NiezbędnikProgramy i KodekiInternetInneHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBAudigyPROGRAMADGJDet.exe"
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSplash ScreenCTEaxSpl.EXE /run
O4 – HKLM..Run: [MailScanner] C:Program FilesMKSBinmks_mail.exe
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [TaskTray] "C:Program FilesCreativeSBAudigyTaskBarCTLTray.exe"
O4 – HKCU..Run: [TaskBar] "C:Program FilesCreativeSBAudigyTaskBarCTLTask.exe"
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – Global Startup: Menu mks_vir.lnk = C:Program FilesMKSBinmks_menu.exe
O8 – Extra context menu item: &Google Search – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Si&milar Pages – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

Skuzik:

A te wystarczy usunac w Hijackthis :?:

O4 – HKLM..Run: [Video Process] MSlti64.exe
O4 – HKLM..RunServices: [Video Process] MSlti64.exe

Najpierw wylaczasz przywracanie
Pozniej znajdujesz te pliki na dysku i usuwasz (moga byc ukryte wiec kaz systemowi je pokazac)
Pozniej fix'ujesz te pozycje w HJT i teraz mozesz wlaczyc przywracanie

Tego localhosta zostaw

Wszystkie usunelem (zostalo tylko to:

127.0.0.1 localhost

A te wystarczy usunac w Hijackthis :?:

O4 – HKLM..Run: [Video Process] MSlti64.exe
O4 – HKLM..RunServices: [Video Process] MSlti64.exe

Moźesz takźe zobaczyć pliki HOST ( %System%driversetcHOSTS i %Windows%hosts ),
czy nie zostały utworzone w nim wpisy :

127.0.0.1 avp.com
127.0.0.1 ca.com
127.0.0.1 customer.symantec.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 f–secure.com
127.0.0.1 kaspersky.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mast.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 my–etrust.com
127.0.0.1 nai.com
127.0.0.1 networkassociates.com
127.0.0.1 rads.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 sophos.com
127.0.0.1 symantec.com
127.0.0.1 trendmicro.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 viruslist.com
127.0.0.1 www.avp.com
127.0.0.1 www.ca.com
127.0.0.1 www.f–secure.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.my–etrust.com
127.0.0.1 www.nai.com
127.0.0.1 www.networkassociates.com
127.0.0.1 www.sophos.com
127.0.0.1 www.symantec.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.viruslist.com

jeśli są to usuwasz.

Host edytujesz w Notatniku,
Po ewentualnym usunięciu zapisujesz zmiany.

Wylaczasz przywracanie systemu, ubijasz w menedzerze zadan ponizszy proces i wywalasz plik z dysku

O4 – HKLM..Run: [Video Process] MSlti64.exe
O4 – HKLM..RunServices: [Video Process] MSlti64.exe

Oto wkleilem – prosze o analize :D

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesMKSBinmks_mail.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMKSBinmks_menu.exe
C:Program FilesMKSBinmks_scan.exe
C:Program FilesGadu–Gadugg.exe
H:NiezbędnikProgramy i KodekiInternetInneHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBAudigyPROGRAMADGJDet.exe"
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSplash ScreenCTEaxSpl.EXE /run
O4 – HKLM..Run: [MailScanner] C:Program FilesMKSBinmks_mail.exe
O4 – HKLM..Run: [Video Process] MSlti64.exe
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..RunServices: [Video Process] MSlti64.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [TaskTray] "C:Program FilesCreativeSBAudigyTaskBarCTLTray.exe"
O4 – HKCU..Run: [TaskBar] "C:Program FilesCreativeSBAudigyTaskBarCTLTask.exe"
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – Global Startup: Menu mks_vir.lnk = C:Program FilesMKSBinmks_menu.exe
O8 – Extra context menu item: &Google Search – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Si&milar Pages – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

Oto wkleilem – prosze o analize :D

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesMKSBinmks_mail.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMKSBinmks_menu.exe
C:Program FilesMKSBinmks_scan.exe
C:Program FilesGadu–Gadugg.exe
H:NiezbędnikProgramy i KodekiInternetInneHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBAudigyPROGRAMADGJDet.exe"
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSplash ScreenCTEaxSpl.EXE /run
O4 – HKLM..Run: [MailScanner] C:Program FilesMKSBinmks_mail.exe
O4 – HKLM..Run: [Video Process] MSlti64.exe
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..RunServices: [Video Process] MSlti64.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [TaskTray] "C:Program FilesCreativeSBAudigyTaskBarCTLTray.exe"
O4 – HKCU..Run: [TaskBar] "C:Program FilesCreativeSBAudigyTaskBarCTLTask.exe"
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – Global Startup: Menu mks_vir.lnk = C:Program FilesMKSBinmks_menu.exe
O8 – Extra context menu item: &Google Search – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Si&milar Pages – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

Usuniesz np tym
http://pl.trendmicro–europe.com/consumer/products/housecall_launch.php

Skuzik:

Mozesz napisac co to znaczy :oops:

Zobacz topic o hijack this (HJT): http://www.centrumxp.pl/forum/viewtopic.php?t=19974

Mozesz napisac co to znaczy :oops: