mozecie jeszcze zerknac, bo jestem pewien ze cos mam??
ogfile of HijackThis v1.99.0
Scan saved at 09:12:34, on 05-02-19
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\SYSTEM\KERNEL32.DLL
E:\WINDOWS\SYSTEM\MSGSRV32.EXE
E:\WINDOWS\SYSTEM\MPREXE.EXE
E:\WINDOWS\SYSTEM\MSTASK.EXE
E:\WINDOWS\SYSTEM\ATI2EVXX.EXE
E:\WINDOWS\SYSTEM\MDM.EXE
E:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4SS.EXE
E:\WINDOWS\SYSTEM\mmtask.tsk
E:\WINDOWS\EXPLORER.EXE
E:\WINDOWS\SYSTEM\IRMON.EXE
E:\WINDOWS\IRXFER.EXE
E:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
E:\WINDOWS\TASKMON.EXE
E:\WINDOWS\SYSTEM\INTERNAT.EXE
E:\WINDOWS\SYSTEM\SYSTRAY.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
E:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
E:\PROGRAM FILES\A4TECH\KEYBOARD\IKEYMAIN.EXE
E:\WINDOWS\SYSTEM\DDHELP.EXE
E:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
E:\PROGRAM FILES\WINAMP\WINAMPA.EXE
E:\WINDOWS\SYSTEM\STIMON.EXE
E:\WINDOWS\TEMP\SAHAGENT-CDT1004.EXE
E:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
E:\PROGRAM FILES\OBJECT DESKTOP\WINDOWBLINDS\WBLOAD.EXE
E:\PROGRAM FILES\KWORLD\MPEGTV STATION PCITV\REMOTECTL.EXE
E:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\CONNMNGMNTBOX.EXE
E:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\ECTASKSCHEDULER.EXE
E:\PROGRAM FILES\INTUWAVE\SHARED\MROUTERRUNTIME\MROUTERRUNTIME.EXE
E:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
E:\PROGRAM FILES\BEARPAW 1200TA\DRIVER\WATCH.EXE
E:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 3.0 SE\CALCHECK.EXE
E:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\ELOGERR.EXE
E:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
E:\WINDOWS\SYSTEM\WMIEXE.EXE
E:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\BROADCASTPROXY.EXE
E:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\SCRFS.EXE
E:\PROGRAM FILES\OPERA\OPERA.EXE
E:\WINDOWS\PULPIT\HIJACKTHIS1\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] E:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] E:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Nokia Tray Application] E:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [CriticalUpdate] E:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [winn] E:\WINDOWS\SYSTEM\winn\winn.exe
O4 - HKLM\..\Run: [iKeyWorks] E:\PROGRA~1\A4TECH\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [WheelMouse] E:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [StillImageMonitor] E:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SAHBundle] E:\WINDOWS\TEMP\SAHAGENT-CDT1004.EXE run
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] E:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] E:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [KPF4] E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "G:\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [Skype] "E:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 - HKCU\..\Run: [WindowBlinds] E:\Program Files\Object Desktop\WindowBlinds\wbload.exe auto
O4 - Startup: MpegTV Station PCITV Remote Control.lnk = E:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe
O4 - Startup: PCSuiteForNokia6600 Detect.lnk = E:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
O4 - Startup: PCSuiteForNokia6600 TS.lnk = E:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Watch.lnk = E:\Program Files\BearPaw 1200TA\Driver\WATCH.exe
O4 - Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = E:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
boczi
19 Luty 2005 11:00
#42
Nie masz antywirusa. Usuń jednak:
O4 - HKLM\..\Run: [winn] E:\WINDOWS\SYSTEM\winn\winn.exe
mialem ale usunelem bo komp sie scina
to w trybie awaryjnym ??
boczi
19 Luty 2005 13:57
#44
Najlepiej w awaryjnym…
Zainstaluj jednak antywirusa, darmowy mało obciążający to AntiVir Personal Edition. Tylko zaawansowani użytkownicy Windows mogą nie używać anytwirusów.
dzisaj robilem formatke sprawdzcie czy nic nie ma
Logfile of HijackThis v1.99.0
Scan saved at 16:58:46, on 05-02-26
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
G:\WINAMP\WINAMPA.EXE
G:\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
G:\PHONE\SKYPE.EXE
G:\HIJACKTHIS1\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] G:\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKCU\..\Run: [Gadu-Gadu] "G:\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [Skype] "G:\PHONE\SKYPE.EXE" /nosplash /minimized
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
kuz5
26 Luty 2005 17:13
#47
Usuń w trybie awaryjnym:
Alexa
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
robilem niedawno formata oto ponownie moj log:
Logfile of HijackThis v1.99.0
Scan saved at 14:49:45, on 05-03-15
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
G:\WINAMP\WINAMPA.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\WINN\WINN.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 3.0 SE\CALCHECK.EXE
G:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\ECTASKSCHEDULER.EXE
C:\WINDOWS\IRXFER.EXE
G:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\CONNMNGMNTBOX.EXE
C:\PROGRAM FILES\INTUWAVE\SHARED\MROUTERRUNTIME\MROUTERRUNTIME.EXE
G:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\ELOGERR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
G:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\BROADCASTPROXY.EXE
G:\PHONE\PHONE\SKYPE.EXE
G:\GADU-GADU\GG.EXE
G:\HIJACKTHIS1\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.tpnet.pl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] G:\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [winn] C:\WINDOWS\SYSTEM\winn\winn.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKCU\..\Run: [Skype] "G:\PHONE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Object Desktop\WindowBlinds\wbload.exe auto
O4 - Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Startup: PCSuiteForNokia6600 TS.lnk = G:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
O4 - Startup: Watch.lnk = C:\Program Files\BearPaw 1200TA\Driver\WATCH.exe
O4 - Startup: PCSuiteForNokia6600 Detect.lnk = G:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
boczi
15 Marzec 2005 18:26
#49
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
i update IE do v.6.0
Comend
16 Marzec 2005 11:55
#51