prosze o sprawdzenie loga

**Posty:** 67 · przez **sroka20** 10 Kwi 2006, 02:03

mam win98 se i do paru dni mi strasznie tnie i muli system.prosze o sprawdzenie loga:)

Logfile of HijackThis v1.99.1
Scan saved at 00:37:19, on 06-04-10
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WIN98\SYSTEM\KERNEL32.DLL
C:\WIN98\SYSTEM\MSGSRV32.EXE
C:\WIN98\SYSTEM\MPREXE.EXE
C:\WIN98\SYSTEM\mmtask.tsk
C:\WIN98\SYSTEM\MSTASK.EXE
C:\WIN98\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WIN98\SYSTEM\RPCSS.EXE
C:\WIN98\EXPLORER.EXE
C:\WIN98\TASKMON.EXE
C:\WIN98\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WIN98\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WIN98\SYSTEM\SPOOL32.EXE
C:\WIN98\SYSTEM\DDHELP.EXE
C:\WIN98\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WIN98\SYSTEM\RNAAPP.EXE
C:\WIN98\SYSTEM\TAPISRV.EXE
C:\WIN98\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WIN98\SYSTEM\OOBE\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WIN98\SYSTEM\OOBE\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN98\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN98\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CriticalUpdate] C:\WIN98\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE C:\WIN98\SYSTEM\TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Transparent] Trans.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WIN98\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WIN98\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WIN98\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [RNBOStart] C:\WIN98\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [kqzk] C:\WIN98\TEMP\NSU4192.TMP
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C6} (GameDesire Pool 8UK) - http://67.15.101.3/g_bin/pl/billard8UK_2_0_0_24.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_38.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/pl/billard9_2_0_0_24.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c266.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_ansi.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab

prosze o pomoc:))))

**Posty:** 4043 · przez **prog** 10 Kwi 2006, 09:01

wszystkie czynnosci wykonujesz w trybie awaryjnym

Jeżeli nie używasz SolidConverter kosisz:

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

dalej:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WIN98\SYSTEM\OOBE\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WIN98\SYSTEM\OOBE\blank.htm
O4 - HKLM\..\Run: [Transparent] Trans.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKCU\..\Run: [kqzk] C:\WIN98\TEMP\NSU4192.TMP
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab

pogrubione pliki/foldery kasujesz dodatkowo ręcznie.
Po zabiegach skan EWIDO i log do kontroli.

Pozdrawiam

**Posty:** 67 · przez **sroka20** 10 Kwi 2006, 09:55

tylko ze ten prgram ktorym mam pozniej rpzeskanowac chodzi po 2000 i xp a ja mam 98 se:)

**Posty:** 4043 · przez **prog** 10 Kwi 2006, 10:02

No tak, zaponmialem. To nie skanuj i daj loga.

**Posty:** 67 · przez **sroka20** 10 Kwi 2006, 10:13

prosze

Logfile of HijackThis v1.99.1
Scan saved at 08:54:44, on 06-04-10
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WIN98\SYSTEM\KERNEL32.DLL
C:\WIN98\SYSTEM\MSGSRV32.EXE
C:\WIN98\SYSTEM\MPREXE.EXE
C:\WIN98\SYSTEM\mmtask.tsk
C:\WIN98\SYSTEM\MSTASK.EXE
C:\WIN98\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WIN98\SYSTEM\RPCSS.EXE
C:\WIN98\EXPLORER.EXE
C:\WIN98\TASKMON.EXE
C:\WIN98\SYSTEM\SYSTRAY.EXE
C:\WIN98\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WIN98\SYSTEM\SPOOL32.EXE
C:\WIN98\SYSTEM\DDHELP.EXE
C:\WIN98\SYSTEM\WMIEXE.EXE
C:\WIN98\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN98\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN98\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CriticalUpdate] C:\WIN98\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE C:\WIN98\SYSTEM\TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [StillImageMonitor] C:\WIN98\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WIN98\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WIN98\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [RNBOStart] C:\WIN98\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [kqzk] C:\WIN98\TEMP\NSU4192.TMP
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C6} (GameDesire Pool 8UK) - http://67.15.101.3/g_bin/pl/billard8UK_2_0_0_24.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_38.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/pl/billard9_2_0_0_24.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c266.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_ansi.cab

i mam pytanie:)Nie wiem czy to nie bzdura ale wydaje mi sie ze niedawno na forum czytalem ze jak zamiast scanreg jest np scanregw to jest to jakis wirus
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98\scanregw.exe /autorun

.

**Posty:** 4043 · przez **prog** 10 Kwi 2006, 10:29

mamy do pokonania to cuś:

O4 - HKCU\..\Run: [kqzk] C:\WIN98\TEMP\NSU4192.TMP

Tak więc, ściagnij KillBox

Otworz program, zaznacz opcje DELETE ON REBOOT
nastepnie w polu Full Path Of File To Delete wpisujesz

C:\WIN98\TEMP\NSU4192.TMP

naciskasz X - program będzie pytał o restart, oczywiście zgadzasz się.
Po zabiegu log do kontroli

sroka20 napisał(a):scanregw.exe

scanregw.exe is a part of Microsoft Windows Operating System. This process checks the Windows registry every time the computer is turned on.

Tak więc prawidłowy plik.

prosze o sprawdzenie loga

prosze o sprawdzenie loga

Kto jest na forum