Jesli wiesz co, to usuwaj
Wykonaj przed tym kopie rejestru zebys potem nie obudził sie z reka w nocniku jak za duzo pousuwasz :mrgreen:

Nie ma sprawy

rozumiem, źe wszelkie ślady po tych plikach mam teź usunąć z rejestru? bo jest tego trochę...
jeszcze raz dzięks

videosd32.exe >> W32/Forbot, WORM_SDBOT ??
winitr32.exe >> WOOTBOT.B
+ Search Toolbar

Z programow to: Antywirus (ile uzytkownikow tyle roznych opinii), SpyBot, Ad–awere
I wiele wiele....

wielkie wielkie dzięki, mam nadzieję źe będzie działać; a co to za dziadostwo było? w międzyczasie zainstalowałem Spyware Doctora od kolegi i toto wynalazło mi 17 róźnych śmieciuchów i wywaliło; czy jest jakiś fajny, najlepiej freewar'eowy programik, źeby się zabezpieczać przed takim badziewiem?

Wylacz przywracanie

Usun:
C:WINDOWSSystem32 oolbar.dll
videosd32.exe
winitr32.exe >> poszukaj jesli nie bedzie to ok

FIX:

R3 – URLSearchHook: iSearch Toolbar – {1C78AB3F–A857–482e–80C0–3A1E5238A565} – (no file)
O2 – BHO: iSearch Toolbar – {1C78AB3F–A857–482e–80C0–3A1E5238A565} – (no file)
O3 – Toolbar: iSearch Toolbar – {1C78AB3F–A857–482e–80C0–3A1E5238A565} – (no file)
O4 – HKLM..RunServices: [Win32 Configuration] videosd32.exe
O8 – Extra context menu item: &iSearch The Web – res://C:WINDOWSSystem32 oolbar.dll/SEARCH.HTML
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O16 – DPF: {1C78AB3F–A857–482E–80C0–3A1E5238A565} (iSearch Toolbar) – http://toolbar.isearch.com/general/drm.cab
O23 – Service: Win32 Wmls Driver – Unknown – C:WINDOWSSystem32winitr32.exe (file missing)
O23 – Service: Win32 Configuration – Unknown – C:WINDOWSSystem32videosd32.exe (file missing)

ok, to log z HJT:

Logfile of HijackThis v1.99.0
Scan saved at 21:17:55, on 2005–01–24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
D:Program FilesExecutive SoftwareDiskeeperDkService.exe
D:Program FilesNorton AntiVirus avapsvc.exe
D:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
C:WINDOWSSystem32 vsvc32.exe
D:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:WINDOWSExplorer.EXE
D:Program FilesNorton AntiVirusSAVScan.exe
C:WINDOWSSYSTEM32USRmlnkA.exe
C:WINDOWSSystem32CTHELPER.EXE
C:WINDOWSSYSTEM32USRshutA.exe
C:WINDOWSSYSTEM32USRmlnkA.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1NEOSTR~1CnxMon.exe
C:PROGRA~1NEOSTR~1 askbaricon.exe
C:Program FilesJavaj2re1.4.2_05injusched.exe
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
D:Program FilesCyberLinkPowerDVDPDVDServ.exe
D:Program FilesNetLimiterNetLimiter.exe
C:WINDOWSSystem32ctfmon.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:PROGRA~1NEOSTR~1ComComp.exe
C:PROGRA~1NEOSTR~1Watch.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
D:UtilitieshijackthisHijackThis.exe
C:WINDOWSsystem32NOTEPAD.EXE

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.agro–info.org.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:PROGRA~1NEOSTR~1SEARCH~1.DLL
R3 – URLSearchHook: iSearch Toolbar – {1C78AB3F–A857–482e–80C0–3A1E5238A565} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – d:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: iSearch Toolbar – {1C78AB3F–A857–482e–80C0–3A1E5238A565} – (no file)
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – D:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: iSearch Toolbar – {1C78AB3F–A857–482e–80C0–3A1E5238A565} – (no file)
O4 – HKLM..Run: [USRpdA] C:WINDOWSSYSTEM32USRmlnkA.exe RunServices Device3cpipe–USRpdA
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [CTHelper] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "d:Program FilesCreativeSBLivePROGRAMADGJDet.exe"
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [Advanced Tools Check] D:PROGRA~1NORTON~1AdvToolsADVCHK.EXE
O4 – HKLM..Run: [REGSHAVE] C:Program FilesREGSHAVEREGSHAVE.EXE /AUTORUN
O4 – HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1 askbaricon.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_05injusched.exe
O4 – HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" –osboot
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [Outpost Firewall] D:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe /waitservice
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [RemoteControl] "d:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 – HKLM..Run: [NetLimiter] d:Program FilesNetLimiterNetLimiter.exe /s
O4 – HKLM..RunServices: [Win32 Configuration] videosd32.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU..Run: [RegClean Expert Scheduler] "d:Program FilesRegistry Clean ExpertRegCleanExpert.exe" /startup
O4 – Global Startup: Microsoft Office.lnk = D:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 – Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
O8 – Extra context menu item: &iSearch The Web – res://C:WINDOWSSystem32 oolbar.dll/SEARCH.HTML
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:PROGRA~1MICROS~1Office10EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_05in pjpi142_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_05in pjpi142_05.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: {1C78AB3F–A857–482E–80C0–3A1E5238A565} (iSearch Toolbar) – http://toolbar.isearch.com/general/drm.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/3/mailcfg.ocx
O16 – DPF: {56336BCB–3D8A–11D6–A00B–0050DA18DE71} (RdxIE Class) – http://software–dl.real.com/18c09372193482fdaf05/netzip/RdxIE601.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{DAF43DD1–8A54–45F5–B0EE–8614E28ED040}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Creative Service for CDROM Access – Unknown – C:WINDOWSsystem32Ctsvccda.exe (file missing)
O23 – Service: Diskeeper – Executive Software International, Inc. – D:Program FilesExecutive SoftwareDiskeeperDkService.exe
O23 – Service: Win32 Wmls Driver – Unknown – C:WINDOWSSystem32winitr32.exe (file missing)
O23 – Service: Norton AntiVirus Auto Protect Service – Symantec Corporation – D:Program FilesNorton AntiVirus avapsvc.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – D:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
O23 – Service: NVIDIA Driver Helper Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: Outpost Firewall Service – Agnitum – D:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
O23 – Service: SAVScan – Symantec Corporation – D:Program FilesNorton AntiVirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
O23 – Service: SymWMI Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
O23 – Service: Win32 Configuration – Unknown – C:WINDOWSSystem32videosd32.exe (file missing)

ok, wielkie dzięki, na pewno jeszcze odezwę się jak toto zainstaluję

HJT – hijackthis – w przyklejonym temacie jest opis skąd pobrać i jak uźyć – sięgnij tam proszę.
Potem log albo sam sprawdź na stronie programu, albo wklej tu do analizy – sprawdzenai co to za "bydle" się zagnieździło.

ufff... teraz korzystam z kompa w pracy, on jest clean; poza tym jestem totalnym lamuchem i nie mam pojęcia co to HJT ani BSOD; restartów nie urządza, a tylko wylogowuje

A moźe skorzystaj z HJT i wklej loga, bo tak to tylko gdybanie.
Nadto czy to jest wylogowanie czy restart?
Jezlei restart to wymuś BSOD–a – opisy w archiwum i sprawdź sygnaturę błędu.