[Windows XP] zainstalowany jako nakładka na 98 SE
Zainstalowałem XP na 98 SE i chciałbym wiedzieć czy mogę usunać takie wpisy:
O4 – HKLM\..\RunServicesOnce: [1] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCHal.dll
O4 – HKLM\..\RunServicesOnce: [2] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BlstCtrl.dll
O4 – HKLM\..\RunServicesOnce: [3] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCInfo.dll
O4 – HKLM\..\RunServicesOnce: [4] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCMon.dll
O4 – HKLM\..\RunServicesOnce: [5] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCColor.dll
O4 – HKLM\..\RunServicesOnce: [6] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCDesk.dll
O4 – HKLM\..\RunServicesOnce: [20] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCPref.dll
Easy Cleaner wykazał źe te procesy uruchamiają się z autostartu, choć takie pliki nie istnieją.
Przy okazji prosiłbym o sprawdzenie mi loga z hijackthisa:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\serv32.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Downloads\hijackthis1.99.1\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [Service] C:\WINDOWS\System32\serv32.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKLM\..\RunServicesOnce: [1] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCHal.dll
O4 – HKLM\..\RunServicesOnce: [2] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BlstCtrl.dll
O4 – HKLM\..\RunServicesOnce: [3] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCInfo.dll
O4 – HKLM\..\RunServicesOnce: [4] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCMon.dll
O4 – HKLM\..\RunServicesOnce: [5] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCColor.dll
O4 – HKLM\..\RunServicesOnce: [6] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCDesk.dll
O4 – HKLM\..\RunServicesOnce: [20] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCPref.dll
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\PROGRAM FILES\IRFANVIEW\Ebay\Ebay.htm
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://www.creative.com/su/ocx/15010/CTPID.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{4F69584B–E9AB–4794–8161–3917A1A6A37E}: NameServer = 194.204.159.1,194.204.152.34
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: VNC Server Version 4 (WinVNC4) – Unknown owner – C:\Program Files\RealVNC\VNC4\WinVNC4.exe" –service (file missing)
O4 – HKLM\..\RunServicesOnce: [1] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCHal.dll
O4 – HKLM\..\RunServicesOnce: [2] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BlstCtrl.dll
O4 – HKLM\..\RunServicesOnce: [3] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCInfo.dll
O4 – HKLM\..\RunServicesOnce: [4] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCMon.dll
O4 – HKLM\..\RunServicesOnce: [5] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCColor.dll
O4 – HKLM\..\RunServicesOnce: [6] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCDesk.dll
O4 – HKLM\..\RunServicesOnce: [20] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCPref.dll
Easy Cleaner wykazał źe te procesy uruchamiają się z autostartu, choć takie pliki nie istnieją.
Przy okazji prosiłbym o sprawdzenie mi loga z hijackthisa:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\serv32.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Downloads\hijackthis1.99.1\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [Service] C:\WINDOWS\System32\serv32.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKLM\..\RunServicesOnce: [1] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCHal.dll
O4 – HKLM\..\RunServicesOnce: [2] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BlstCtrl.dll
O4 – HKLM\..\RunServicesOnce: [3] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCInfo.dll
O4 – HKLM\..\RunServicesOnce: [4] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCMon.dll
O4 – HKLM\..\RunServicesOnce: [5] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCColor.dll
O4 – HKLM\..\RunServicesOnce: [6] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCDesk.dll
O4 – HKLM\..\RunServicesOnce: [20] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCPref.dll
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\PROGRAM FILES\IRFANVIEW\Ebay\Ebay.htm
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://www.creative.com/su/ocx/15010/CTPID.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{4F69584B–E9AB–4794–8161–3917A1A6A37E}: NameServer = 194.204.159.1,194.204.152.34
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: VNC Server Version 4 (WinVNC4) – Unknown owner – C:\Program Files\RealVNC\VNC4\WinVNC4.exe" –service (file missing)
Odpowiedzi: 3
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\PROGRAM FILES\IRFANVIEW\Ebay\Ebay.htm
Ten wpis pojawia się cały czas mimo źe go skasowałem. Jak go usunąć?
Ten wpis pojawia się cały czas mimo źe go skasowałem. Jak go usunąć?
Jakie według ciebie mogę mieć kłopoty?EL NINO:
Po co ? Zeby miec klopoty ? Ale ...to Twoj wybor.
C:\WINDOWS\System32\serv32.exe
O4 – HKLM\..\Run: [Service] C:\WINDOWS\System32\serv32.exe
Co oznacza ten wpis?
Po co ? Zeby miec klopoty ? Ale ...to Twoj wybor.Zainstalowałem XP na 98 SE
Gdyby ich nie bylo, otrzymywalbys komunikat przy starcie systemu. Pewnie sa ukryte.Easy Cleaner wykazał źe te procesy uruchamiają się z autostartu, choć takie pliki nie istnieją.
To pliki drivera Creative Labs 3d banshee blaster.
Usun:
C:\WINDOWS\System32\serv32.exe
O4 – HKLM\..\Run: [Service] C:\WINDOWS\System32\serv32.exe
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\PROGRAM FILES\IRFANVIEW\Ebay\Ebay.htm
Strona 1 / 1