proszę o sprawdzenie loga

[Gość: gabrysia]

Logfile of HijackThis v1.99.1
Scan saved at 06:22:19, on 2006-01-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\SVCH0ST.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\rodzice\Pulpit\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media
Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [Generic Host Process for WinXP Services] SVCH0ST.exe
O4 - HKLM\..\RunServices: [Generic Host Process for WinXP Services]
SVCH0ST.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - file://C:\DOCUME~1
\magda\USTAWI~1\Temp\bridge-c46.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program
Files\TGTSoft\StyleXP\StyleXPService.exe

[kolobos]

W menadzerze zadan zakoncz:
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\system32\SVCH0ST.exe

W hijackthis:
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe <- usun katalog
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media
Gateway\MediaGateway.exe <- usun katalog Media Gateway
O4 - HKLM\..\Run: [Generic Host Process for WinXP Services] SVCH0ST.exe
O4 - HKLM\..\RunServices: [Generic Host Process for WinXP Services]
SVCH0ST.exe <- usun plik z 0 w nazwie, nie usun tylko tego z o w nazwie ;-)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - file://C:\DOCUME~1
\magda\USTAWI~1\Temp\bridge-c46.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab

Zrob skan:
ftp://download.hirekmedia.hu/ssfsetup1_0.exe <- zrob update przed skanowaniem,
po przeskanowaniu odinstaluj.
download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
przeskanowaniu odinstaluj.