proszę o sprawdzenie loga

**Posty:** 241 · przez **pucus** 17 Maj 2006, 12:24

Cześć, Proszę o sprawdzenie loga (wklejam loga po raz pierwszy i niewiem czy wszystko dobrze zrobiłem)

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 10:57:23, on 2006-05-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe D:\Programy\alcochol\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe D:\Programy\Gadu-Gadu\gg.exe D:\Programy\winamp\winamp.exe C:\Documents and Settings\Pucek\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: run=C:\WINDOWS\SYSTEM32\ .bat;C:\WINDOWS\SYSTEM32\ .exe;C:\WINDOWS\SYSTEM32\ .com;C:\WINDOWS\SYSTEM32\ .scr;C:\WINDOWS\SYSTEM32\ .vbs;C:\WINDOWS\ .bat;C:\WINDOWS\ .exe;C:\WINDOWS\ .com;C:\WINDOWS\ .scr;C:\WINDOWS\ .vbs;C:\WINDOWS\SYSTEM32\WBEM\ .bat;C:\WINDOWS\SYSTEM32\WBEM\ .exe;C:\WINDOWS\SYSTEM32\WBEM\ .com;C:\WINDOWS\SYSTEM32\WBEM\ .scr;C:\WINDOWS\SYSTEM32\WBEM\ .vbs;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .bat;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .exe;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .com;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .scr;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .vbs O2 - BHO: (no name) - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file) O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\OFFICE~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.gateone.ath.cx O15 - Trusted Zone: *.loudcash.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.zangocash.com O15 - Trusted Zone: *.gateone.ath.cx (HKLM) O15 - Trusted Zone: *.loudcash.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.zangocash.com (HKLM) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://82.160.71.201/AL/WinWebPush.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=18&id=60902&1s&ex&ppd=4 O18 - Filter: text/html - {BD0B053A-4050-4585-B60E-1978AC94C46E} - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\alcochol\Alcohol 120\StarWind\StarWindService.exe

Jak mam coś usunąć to przoszę o napisanie w jaki sposób bo niemam o tym zielonego pojęcia. Z górt bardzo dziękuje.

przez **jeff** 17 Maj 2006, 12:32

pucus napisał(a): Proszę o sprawdzenie loga (wklejam loga po raz pierwszy i niewiem czy wszystko dobrze zrobiłem)

opisz problem

**Posty:** 241 · przez **pucus** 17 Maj 2006, 12:37

Problem jest taki ze Windows się włąńcza około 3 minut

a kiedyś robił to pare razy szybciej.

przez **jeff** 17 Maj 2006, 12:47

troche syfu jest- przeskanuj na poczatek www.ewido.com i wrzuc log z hijacka

**Posty:** 241 · przez **pucus** 17 Maj 2006, 15:45

detektyw napisał(a):troche syfu jest- przeskanuj na poczatek www.ewido.com i wrzuc log z hijacka

przeskanowałem juz, a o to log

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 14:20:40, on 2006-05-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe D:\Programy\alcochol\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE D:\Programy\Gadu-Gadu\gg.exe D:\Programy\winamp\winamp.exe C:\DOCUME~1\Pucek\USTAWI~1\Temp\update.tmp C:\Documents and Settings\Pucek\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: run=C:\WINDOWS\SYSTEM32\ .bat;C:\WINDOWS\SYSTEM32\ .exe;C:\WINDOWS\SYSTEM32\ .com;C:\WINDOWS\SYSTEM32\ .scr;C:\WINDOWS\SYSTEM32\ .vbs;C:\WINDOWS\ .bat;C:\WINDOWS\ .exe;C:\WINDOWS\ .com;C:\WINDOWS\ .scr;C:\WINDOWS\ .vbs;C:\WINDOWS\SYSTEM32\WBEM\ .bat;C:\WINDOWS\SYSTEM32\WBEM\ .exe;C:\WINDOWS\SYSTEM32\WBEM\ .com;C:\WINDOWS\SYSTEM32\WBEM\ .scr;C:\WINDOWS\SYSTEM32\WBEM\ .vbs;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .bat;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .exe;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .com;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .scr;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .vbs O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\OFFICE~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.gateone.ath.cx O15 - Trusted Zone: *.loudcash.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.zangocash.com O15 - Trusted Zone: *.gateone.ath.cx (HKLM) O15 - Trusted Zone: *.loudcash.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.zangocash.com (HKLM) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://82.160.71.201/AL/WinWebPush.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=18&id=60902&1s&ex&ppd=4 O18 - Filter: text/html - {BD0B053A-4050-4585-B60E-1978AC94C46E} - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\alcochol\Alcohol 120\StarWind\StarWindService.exe

przez **jeff** 17 Maj 2006, 16:14

wyłącz przywracanie systemu->wejdź a tryb awaryjny i usuwasz wpisy w Hijacku

F3 - REG:win.ini: run=C:\WINDOWS\SYSTEM32\ .bat;C:\WINDOWS\SYSTEM32\ .exe;C:\WINDOWS\SYSTEM32\ .com;C:\WINDOWS\SYSTEM32\ .scr;C:\WINDOWS\SYSTEM32\ .vbs;C:\WINDOWS\ .bat;C:\WINDOWS\ .exe;C:\WINDOWS\ .com;C:\WINDOWS\ .scr;C:\WINDOWS\ .vbs;C:\WINDOWS\SYSTEM32\WBEM\ .bat;C:\WINDOWS\SYSTEM32\WBEM\ .exe;C:\WINDOWS\SYSTEM32\WBEM\ .com;C:\WINDOWS\SYSTEM32\WBEM\ .scr;C:\WINDOWS\SYSTEM32\WBEM\ .vbs;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .bat;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .exe;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .com;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .scr;C:\Program Files\Panda Software\Panda Antivirus Platinum\ .vbs
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O15 - Trusted Zone: *.gateone.ath.cx
O15 - Trusted Zone: *.loudcash.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.zangocash.com
O15 - Trusted Zone: *.gateone.ath.cx (HKLM)
O15 - Trusted Zone: *.loudcash.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.zangocash.com (HKLM)
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=18&id=60902&1s&ex&ppd=4

Autor postu otrzymał pochwałę

**Posty:** 241 · przez **pucus** 17 Maj 2006, 16:41

sorka ze tak zawracam głowę ale mam jeszcze pytanie, jak mam to usunąć, w notatnku jak mi to wyskakuje czy jak???

**Posty:** 4043 · przez **prog** 17 Maj 2006, 16:44

sorka ze tak zawracam głowę ale mam jeszcze pytanie, jak mam to usunąć, w notatnku jak mi to wyskakuje czy jak???

1. Wchodzisz do trybu awaryjnego bez przywracania systemu
2. Wlaczasz HijackThis i dajesz Do a system scan only
3. Detektyw podal ci pewne wpisy...Odszukujesz i je i kolo nich bedziesz mial takie kwadraciki ktore musisz zaznaczyc
4. Po zaznaczeniu wszystkich kliknij Fix Checked
5. Resetujesz komputer i dajesz ponownie loga

Autor postu otrzymał pochwałę

**Posty:** 241 · przez **pucus** 17 Maj 2006, 17:01

ok zrobiłem wszystko tak jak kazaliście

i teraz daje ponownie loga:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 15:38:57, on 2006-05-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe D:\Programy\alcochol\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE D:\Programy\Gadu-Gadu\gg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Pucek\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\OFFICE~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.gateone.ath.cx O15 - Trusted Zone: *.gateone.ath.cx (HKLM) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://82.160.71.201/AL/WinWebPush.cab O18 - Filter: text/html - {BD0B053A-4050-4585-B60E-1978AC94C46E} - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\alcochol\Alcohol 120\StarWind\StarWindService.exe

**Posty:** 18165 · przez **wojtas** 17 Maj 2006, 17:03

pucus napisał(a):O15 - Trusted Zone: *.gateone.ath.cx
O15 - Trusted Zone: *.gateone.ath.cx (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -

Jeszcze to!

Autor postu otrzymał pochwałę

**Posty:** 241 · przez **pucus** 17 Maj 2006, 17:04

ok, wielkie dzięki.

teraz wszystko ok??

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 15:54:20, on 2006-05-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe D:\Programy\alcochol\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Pucek\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\OFFICE~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.gateone.ath.cx O15 - Trusted Zone: *.gateone.ath.cx (HKLM) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://82.160.71.201/AL/WinWebPush.cab O18 - Filter: text/html - {BD0B053A-4050-4585-B60E-1978AC94C46E} - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\alcochol\Alcohol 120\StarWind\StarWindService.exe

**Posty:** 4043 · przez **prog** 17 Maj 2006, 17:29

a by pozbyc sie wpisow

O15 - Trusted Zone: *.gateone.ath.cx
O15 - Trusted Zone: *.gateone.ath.cx (HKLM)

uzyj tego:
http://www.searchengines.pl/phpbb203/pliki/picasso/downloads/killtrusted.zip

proszę o sprawdzenie loga

Proszę o sprawdzenie loga

Kto jest na forum