Hijackthis- log

Ker ste pravi strokovnjaki za področje tipkovnic, mišk ter ostalih stvari.
Včasih mi malce ponagaja IE.
Pregledano s hijackom.
Evo analize, katera stvar je preveč / premalo?

Logfile of HijackThis v1.99.1
Scan saved at 15:00:29, on 06/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\update\update.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
F:\Program Files\Hijack\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O9 – Extra button: Spyware Doctor – {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} – F:\PROGRA~1\SPYDOC~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) – http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111756389901
O16 – DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{E9CB1093-26F1-410D-9A99-EDA065BF84F0}: NameServer = 193.189.160.11 193.189.160.12
O19 – User stylesheet: C:\WINDOWS\windows.dat
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 – Service: Panda anti-virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe

Drugače je vse OK, zbrišeš pa lahko:

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\update\update.exe

No, naj še kdo potrdi, da je to za zbrisat, da ne bom imel kaj na vesti

Lp, Max

Sem včeraj preveč na hitro vprašal. Takšen je cel problem. Dobil sem nekega vraga na računalnik, ki mi je odstranil programe, ki so se zagnali ob zagonu računalnika (startup). Računalo sem nekajkrat prečekiral v varnem zagonu s Ad- awarom, Microsoftovim Antispywerom, ter Pando. Odstranil, kar je našlo.
Vendar, ko sem v varnem zagonu nastavljal preko WinPatrola novi startup, mi je ob ponovnem normalnem zagonu pozabil na moje prejšne nastavitve. Kljub izključitvi obnovitve sistema.
Zato sem stvar skeniral še s Hijackom.
Torej, kako nastavim startup, da ga bom tudi obdržal? hvala.

Če je teh (startup) programov malo, jih pa še enkrat zbriši in ponovno inštaliraj. Ja, mislim da bi šlo tudi takole: pojdi na v program Spybot –> klikni na Mode in izberi Advanced mode in klikni Yes –> pojdi na Tools –> in na System Startup. In tukaj obkljukaj kaj hočeš pod startup al ne.

Lp, Max