Prośba o sprawdzenie LOGa
Proszę o sprawdzenie:
Logfile of HijackThis v1.99.1
Scan saved at 23:03:24, on 2005–04–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
D:\WINDOWS\System32\WF2K.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\RAMCleaner\RAMCleaner.exe
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\Real\RealPlayer\realplay.exe
D:\PROGRA~1\MediaKey\MMKeybd.EXE
D:\PROGRA~1\MediaKey\KPDrv4XP.EXE
F:\Video Downloads\Gadu–Gadu\gg.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\System32\CTFMON32.EXE
D:\WINDOWS\System32\CSRSSU.EXE
D:\Program Files\Spamihilator\spamihilator.exe
D:\Program Files\GetRight\getright.exe
C:\Kalendarz XP\Kalendarz.exe
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\MYIE2 a\MyIE.exe
C:\Program Files\Teleport Pro\pro.exe
D:\Program Files\WinFast\WFTVFM\WFTV.exe
D:\Documents and Settings\Mirosław\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – c:\program
files\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: SEDP Class – {3BA765C2–08DB–4fe2–9279–311CA10D582A} – D:\WINDOWS\sehlp.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} –
D:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 – HKLM\..\Run: [WinFast_2K] D:\WINDOWS\System32\WF2K.EXE
O4 – HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [RAMCleaner start] D:\Program Files\RAMCleaner\RAMCleaner.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [LANChatPro] D:\Program Files\LANChat Pro\LANChat.exe /q
O4 – HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\realplay.exe
SYSTEMBOOTHIDEPLAYER
O4 – HKLM\..\Run: [MediaKey] D:\PROGRA~1\MediaKey\MMKeybd.EXE
O4 – HKLM\..\Run: [KPDrv4XP] D:\PROGRA~1\MediaKey\KPDrv4XP.EXE
O4 – HKCU\..\Run: [Gadu–Gadu] "F:\Video Downloads\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [CTFMON32] D:\WINDOWS\System32\CTFMON32.EXE
O4 – HKCU\..\Run: [CSRSSU] D:\WINDOWS\System32\CSRSSU.EXE
O4 – HKCU\..\Run: [Spamihilator] "D:\Program Files\Spamihilator\spamihilator.exe"
O4 – HKCU\..\Run: [tray] D:\Program Files\Pogoda\pogoda.exe /tray
O4 – Startup: Kalendarz.exe.lnk = C:\Kalendarz XP\Kalendarz.exe
O4 – Global Startup: GetRight Monitor.lnk = D:\Program Files\GetRight\getright.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} –
D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} –
D:\WINDOWS\System32\Shdocvw.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – D:\Program
Files\IrfanView\Ebay\Ebay.htm
O12 – Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} –
http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge–c337.cab
O16 – DPF: {7C559105–9ECF–42B8–B3F7–832E75EDD959} (Installer Class) –
http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) –
http://63.208.110.145/activex/AxisCamControl.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} –
http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {EB6D7E70–AAA9–40D9–BA05–F214089F2275} –
http://www.clickteam.com/vitalize3/vitalize.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{99689AD6–A180–4F62–82F6–CF213F34E12D}: NameServer
= 194.204.159.1,194.204.152.34
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – D:\Program
Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – D:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – D:\Program
Files\iPod\bin\iPodService.exe
O23 – Service: Leadtek Driver Helper Service (NVSvc) – NVIDIA Corporation –
D:\WINDOWS\System32\nvsvc32.exe
Przy okazji prosze o odpowiedz:
–mam 4 partycje i wszystkie FAT czym zmienić je na NTFS,
–system mam na partycji D czy to w czymś przeszkadza
Pozdrówko
Mirek
Logfile of HijackThis v1.99.1
Scan saved at 23:03:24, on 2005–04–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
D:\WINDOWS\System32\WF2K.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\RAMCleaner\RAMCleaner.exe
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\Real\RealPlayer\realplay.exe
D:\PROGRA~1\MediaKey\MMKeybd.EXE
D:\PROGRA~1\MediaKey\KPDrv4XP.EXE
F:\Video Downloads\Gadu–Gadu\gg.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\System32\CTFMON32.EXE
D:\WINDOWS\System32\CSRSSU.EXE
D:\Program Files\Spamihilator\spamihilator.exe
D:\Program Files\GetRight\getright.exe
C:\Kalendarz XP\Kalendarz.exe
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\MYIE2 a\MyIE.exe
C:\Program Files\Teleport Pro\pro.exe
D:\Program Files\WinFast\WFTVFM\WFTV.exe
D:\Documents and Settings\Mirosław\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – c:\program
files\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: SEDP Class – {3BA765C2–08DB–4fe2–9279–311CA10D582A} – D:\WINDOWS\sehlp.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} –
D:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 – HKLM\..\Run: [WinFast_2K] D:\WINDOWS\System32\WF2K.EXE
O4 – HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [RAMCleaner start] D:\Program Files\RAMCleaner\RAMCleaner.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [LANChatPro] D:\Program Files\LANChat Pro\LANChat.exe /q
O4 – HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\realplay.exe
SYSTEMBOOTHIDEPLAYER
O4 – HKLM\..\Run: [MediaKey] D:\PROGRA~1\MediaKey\MMKeybd.EXE
O4 – HKLM\..\Run: [KPDrv4XP] D:\PROGRA~1\MediaKey\KPDrv4XP.EXE
O4 – HKCU\..\Run: [Gadu–Gadu] "F:\Video Downloads\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [CTFMON32] D:\WINDOWS\System32\CTFMON32.EXE
O4 – HKCU\..\Run: [CSRSSU] D:\WINDOWS\System32\CSRSSU.EXE
O4 – HKCU\..\Run: [Spamihilator] "D:\Program Files\Spamihilator\spamihilator.exe"
O4 – HKCU\..\Run: [tray] D:\Program Files\Pogoda\pogoda.exe /tray
O4 – Startup: Kalendarz.exe.lnk = C:\Kalendarz XP\Kalendarz.exe
O4 – Global Startup: GetRight Monitor.lnk = D:\Program Files\GetRight\getright.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} –
D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} –
D:\WINDOWS\System32\Shdocvw.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – D:\Program
Files\IrfanView\Ebay\Ebay.htm
O12 – Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} –
http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge–c337.cab
O16 – DPF: {7C559105–9ECF–42B8–B3F7–832E75EDD959} (Installer Class) –
http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) –
http://63.208.110.145/activex/AxisCamControl.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} –
http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {EB6D7E70–AAA9–40D9–BA05–F214089F2275} –
http://www.clickteam.com/vitalize3/vitalize.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{99689AD6–A180–4F62–82F6–CF213F34E12D}: NameServer
= 194.204.159.1,194.204.152.34
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – D:\Program
Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – D:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – D:\Program
Files\iPod\bin\iPodService.exe
O23 – Service: Leadtek Driver Helper Service (NVSvc) – NVIDIA Corporation –
D:\WINDOWS\System32\nvsvc32.exe
Przy okazji prosze o odpowiedz:
–mam 4 partycje i wszystkie FAT czym zmienić je na NTFS,
–system mam na partycji D czy to w czymś przeszkadza
Pozdrówko
Mirek
Odpowiedzi: 3
Wyglada na czysty.
W mierę moźliwości proszę o ponowne sprawdzenie loga:
Logfile of HijackThis v1.99.1
Scan saved at 20:35:29, on 2005–04–07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
D:\WINDOWS\System32\WF2K.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\RAMCleaner\RAMCleaner.exe
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\Real\RealPlayer\realplay.exe
D:\PROGRA~1\MediaKey\MMKeybd.EXE
D:\PROGRA~1\MediaKey\KPDrv4XP.EXE
F:\Video Downloads\Gadu–Gadu\gg.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Spamihilator\spamihilator.exe
D:\Program Files\GetRight\getright.exe
C:\Kalendarz XP\Kalendarz.exe
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Documents and Settings\Mirosław\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 – HKLM\..\Run: [WinFast_2K] D:\WINDOWS\System32\WF2K.EXE
O4 – HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [RAMCleaner start] D:\Program Files\RAMCleaner\RAMCleaner.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [LANChatPro] D:\Program Files\LANChat Pro\LANChat.exe /q
O4 – HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 – HKLM\..\Run: [MediaKey] D:\PROGRA~1\MediaKey\MMKeybd.EXE
O4 – HKLM\..\Run: [KPDrv4XP] D:\PROGRA~1\MediaKey\KPDrv4XP.EXE
O4 – HKCU\..\Run: [Gadu–Gadu] "F:\Video Downloads\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Spamihilator] "D:\Program Files\Spamihilator\spamihilator.exe"
O4 – HKCU\..\Run: [tray] D:\Program Files\Pogoda\pogoda.exe /tray
O4 – Startup: Kalendarz.exe.lnk = C:\Kalendarz XP\Kalendarz.exe
O4 – Global Startup: GetRight Monitor.lnk = D:\Program Files\GetRight\getright.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – D:\WINDOWS\System32\Shdocvw.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – D:\WINDOWS\System32\shdocvw.dll
O12 – Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) – http://63.208.110.145/activex/AxisCamControl.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {EB6D7E70–AAA9–40D9–BA05–F214089F2275} – http://www.clickteam.com/vitalize3/vitalize.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{99689AD6–A180–4F62–82F6–CF213F34E12D}: NameServer = 194.204.159.1,194.204.152.34
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – D:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Leadtek Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
Pozdrówko
Mirek
Logfile of HijackThis v1.99.1
Scan saved at 20:35:29, on 2005–04–07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
D:\WINDOWS\System32\WF2K.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\RAMCleaner\RAMCleaner.exe
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\Real\RealPlayer\realplay.exe
D:\PROGRA~1\MediaKey\MMKeybd.EXE
D:\PROGRA~1\MediaKey\KPDrv4XP.EXE
F:\Video Downloads\Gadu–Gadu\gg.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Spamihilator\spamihilator.exe
D:\Program Files\GetRight\getright.exe
C:\Kalendarz XP\Kalendarz.exe
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Documents and Settings\Mirosław\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 – HKLM\..\Run: [WinFast_2K] D:\WINDOWS\System32\WF2K.EXE
O4 – HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [RAMCleaner start] D:\Program Files\RAMCleaner\RAMCleaner.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [LANChatPro] D:\Program Files\LANChat Pro\LANChat.exe /q
O4 – HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 – HKLM\..\Run: [MediaKey] D:\PROGRA~1\MediaKey\MMKeybd.EXE
O4 – HKLM\..\Run: [KPDrv4XP] D:\PROGRA~1\MediaKey\KPDrv4XP.EXE
O4 – HKCU\..\Run: [Gadu–Gadu] "F:\Video Downloads\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Spamihilator] "D:\Program Files\Spamihilator\spamihilator.exe"
O4 – HKCU\..\Run: [tray] D:\Program Files\Pogoda\pogoda.exe /tray
O4 – Startup: Kalendarz.exe.lnk = C:\Kalendarz XP\Kalendarz.exe
O4 – Global Startup: GetRight Monitor.lnk = D:\Program Files\GetRight\getright.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – D:\WINDOWS\System32\Shdocvw.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – D:\WINDOWS\System32\shdocvw.dll
O12 – Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) – http://63.208.110.145/activex/AxisCamControl.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {EB6D7E70–AAA9–40D9–BA05–F214089F2275} – http://www.clickteam.com/vitalize3/vitalize.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{99689AD6–A180–4F62–82F6–CF213F34E12D}: NameServer = 194.204.159.1,194.204.152.34
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – D:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Leadtek Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
Pozdrówko
Mirek
Pozbadz sie tego (wpisow i plikow):
Jesli chodzi o sehlp.dll, mozna dodatkowo wyczyscic rejestr ze smieci. Do usuniecia czerwone:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BA765C2–08DB–4fe2–9279–311CA10D582A}
HKCR\SEHLP.SEDP
HKCR\SEHLP.SEDP.1
HKCR\CLSID\{3BA765C2–08DB–4fe2–9279–311CA10D582A}
HKCR\Interface\{0B6EF17E–18E5–4449–86EA–64C82D596EAE}
HKCR\Interface\{B1E68D42–02C4–465B–8368–5ED9B732E22D}
HKCR\TypeLib\{670ED4EE–ADBA–47CB–A5AD–D53A9F7C3C94}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\WTLBAstp
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\MSMsgSvc
1. NTFS mozna zmienic na FAT32 systemowym narzedziem "convert", ale... . No wlasnie – raz ze nie jest to do konca bezpieczne, a dwa, wlasciwszym jest tworzenie partycji NTFS "na czysto".
2.System na D: w niczym nie przeszkadza.
D:\WINDOWS\System32\CTFMON32.EXE
D:\WINDOWS\System32\CSRSSU.EXE
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
O2 – BHO: SEDP Class – {3BA765C2–08DB–4fe2–9279–311CA10D582A} – D:\WINDOWS\sehlp.dll
O4 – HKCU\..\Run: [CTFMON32] D:\WINDOWS\System32\CTFMON32.EXE
O4 – HKCU\..\Run: [CSRSSU] D:\WINDOWS\System32\CSRSSU.EXE
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – D:\Program
Files\IrfanView\Ebay\Ebay.htm
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge–c337.cab
O16 – DPF: {7C559105–9ECF–42B8–B3F7–832E75EDD959} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
Jesli chodzi o sehlp.dll, mozna dodatkowo wyczyscic rejestr ze smieci. Do usuniecia czerwone:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BA765C2–08DB–4fe2–9279–311CA10D582A}
HKCR\SEHLP.SEDP
HKCR\SEHLP.SEDP.1
HKCR\CLSID\{3BA765C2–08DB–4fe2–9279–311CA10D582A}
HKCR\Interface\{0B6EF17E–18E5–4449–86EA–64C82D596EAE}
HKCR\Interface\{B1E68D42–02C4–465B–8368–5ED9B732E22D}
HKCR\TypeLib\{670ED4EE–ADBA–47CB–A5AD–D53A9F7C3C94}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\WTLBAstp
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\MSMsgSvc
1. NTFS mozna zmienic na FAT32 systemowym narzedziem "convert", ale... . No wlasnie – raz ze nie jest to do konca bezpieczne, a dwa, wlasciwszym jest tworzenie partycji NTFS "na czysto".
2.System na D: w niczym nie przeszkadza.
Strona 1 / 1