prosze o analize loga
prosze o sprawdzenie loga bo mam problemy z kompem.
Logfile of HijackThis v1.99.1
Scan saved at 14:39:54, on 2005–06–09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\gglib.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\Program Files\oaan\ilaa.exe
C:\Program Files\AdobeAcrobat\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PCI Audio Applications\Bin\WDM\Full\Mixer.exe
C:\Documents and Settings\Dom\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Dom\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Dom\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.51.133.190:3128
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\AdobeAcrobat\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {0A839FC7–FF0F–480E–B476–85C5197DCA96} – C:\WINDOWS\System32\ohbb.dll
O2 – BHO: (no name) – {10FCF98C–3A12–66EB–3D87–65830FBFFE94} – C:\WINDOWS\System32\ksb.dll (file missing)
O2 – BHO: (no name) – {24D1C9F9–1722–52AD–10B0–53AE4A8DD3AC} – C:\WINDOWS\System32\ksb.dll (file missing)
O2 – BHO: (no name) – {CC0D5E46–D7CE–C412–FDDE–952292A365A4} – C:\WINDOWS\System32\kiwgzae.dll
O2 – BHO: (no name) – {F8206E33–FAFE–F054–D0E9–A30FD791489C} – C:\WINDOWS\System32\kiwgzae.dll
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 – HKLM\..\Run: [C–Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Dom\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKLM\..\Run: [vmtuner] gglib.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [tray] C:\Program Files\Pogoda\pogoda.exe /tray
O4 – HKCU\..\Run: [Kvyevk] C:\WINDOWS\System32\?hkntfs.exe
O4 – HKCU\..\Run: [Uout] C:\Program Files\oaan\ilaa.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\AdobeAcrobat\Acrobat 7.0\Reader\reader_sl.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: Win32 Classes –
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge–c18.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_62.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/pl/boards_2_0_0_18.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_34.cab
O16 – DPF: {9085316E–42BA–11D4–BAA3–0080C8D7ED4A} (GameDesire JungleHunter) – http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – ms–its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/script/mt.chm::/MediaTicketsInstaller.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O18 – Filter: text/html – {FCA447B7–0F45–477D–8039–A285160D2234} – C:\WINDOWS\System32\ohbb.dll
O18 – Filter: text/plain – {FCA447B7–0F45–477D–8039–A285160D2234} – C:\WINDOWS\System32\ohbb.dll
O21 – SSODL: Web Event Logger – {7CFBACFF–EE01–1231–ABDD–416592E5D639} – C:\WINDOWS\System32\Lffipp32.dll (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Power Manager (PowerManager) – Unknown owner – C:\WINDOWS\svchost.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 14:39:54, on 2005–06–09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\gglib.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\Program Files\oaan\ilaa.exe
C:\Program Files\AdobeAcrobat\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PCI Audio Applications\Bin\WDM\Full\Mixer.exe
C:\Documents and Settings\Dom\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Dom\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Dom\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.51.133.190:3128
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\AdobeAcrobat\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {0A839FC7–FF0F–480E–B476–85C5197DCA96} – C:\WINDOWS\System32\ohbb.dll
O2 – BHO: (no name) – {10FCF98C–3A12–66EB–3D87–65830FBFFE94} – C:\WINDOWS\System32\ksb.dll (file missing)
O2 – BHO: (no name) – {24D1C9F9–1722–52AD–10B0–53AE4A8DD3AC} – C:\WINDOWS\System32\ksb.dll (file missing)
O2 – BHO: (no name) – {CC0D5E46–D7CE–C412–FDDE–952292A365A4} – C:\WINDOWS\System32\kiwgzae.dll
O2 – BHO: (no name) – {F8206E33–FAFE–F054–D0E9–A30FD791489C} – C:\WINDOWS\System32\kiwgzae.dll
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 – HKLM\..\Run: [C–Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Dom\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKLM\..\Run: [vmtuner] gglib.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [tray] C:\Program Files\Pogoda\pogoda.exe /tray
O4 – HKCU\..\Run: [Kvyevk] C:\WINDOWS\System32\?hkntfs.exe
O4 – HKCU\..\Run: [Uout] C:\Program Files\oaan\ilaa.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\AdobeAcrobat\Acrobat 7.0\Reader\reader_sl.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: Win32 Classes –
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge–c18.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_62.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/pl/boards_2_0_0_18.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_34.cab
O16 – DPF: {9085316E–42BA–11D4–BAA3–0080C8D7ED4A} (GameDesire JungleHunter) – http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – ms–its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/script/mt.chm::/MediaTicketsInstaller.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O18 – Filter: text/html – {FCA447B7–0F45–477D–8039–A285160D2234} – C:\WINDOWS\System32\ohbb.dll
O18 – Filter: text/plain – {FCA447B7–0F45–477D–8039–A285160D2234} – C:\WINDOWS\System32\ohbb.dll
O21 – SSODL: Web Event Logger – {7CFBACFF–EE01–1231–ABDD–416592E5D639} – C:\WINDOWS\System32\Lffipp32.dll (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Power Manager (PowerManager) – Unknown owner – C:\WINDOWS\svchost.exe (file missing)
Odpowiedzi: 7
Bobi:
Damianos nie załamuj mnie.
Przepraszam Bobi, ale jakoś tak mnie zamroczyło i nie wiedziałem co mam robić. Pierwszy raz doczynienia miałem z tak zapaskudzonym systemem. Był to komp kolegi, ale wszystko działa teraz bardzo dobrze i dziękuje przede wszystkim tobie Bobi za pomoc, ale takźe Ad@siowi który sprawdził loga jeszcze raz. Dziękuje wszystkim za pomoc.
PS: Odnośnie tego antywirusa to juź kolesiowi zainstalowałem a takźe pobrałem i zeskanowałem kompa spybotem.
Tylko to
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
Chyba sie usunęło ale daje loga jeszcze raz.
Logfile of HijackThis v1.99.1
Scan saved at 16:23:52, on 2005–06–09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AdobeAcrobat\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PCI Audio Applications\Bin\WDM\Full\Mixer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dom\Pulpit\HijackThis.exe
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\AdobeAcrobat\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 – HKLM\..\Run: [C–Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [tray] C:\Program Files\Pogoda\pogoda.exe /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\AdobeAcrobat\Acrobat 7.0\Reader\reader_sl.exe
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_62.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/pl/boards_2_0_0_18.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_34.cab
O16 – DPF: {9085316E–42BA–11D4–BAA3–0080C8D7ED4A} (GameDesire JungleHunter) – http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:23:52, on 2005–06–09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AdobeAcrobat\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PCI Audio Applications\Bin\WDM\Full\Mixer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dom\Pulpit\HijackThis.exe
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\AdobeAcrobat\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 – HKLM\..\Run: [C–Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [tray] C:\Program Files\Pogoda\pogoda.exe /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\AdobeAcrobat\Acrobat 7.0\Reader\reader_sl.exe
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_62.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/pl/boards_2_0_0_18.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_34.cab
O16 – DPF: {9085316E–42BA–11D4–BAA3–0080C8D7ED4A} (GameDesire JungleHunter) – http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
nie wiem skad mam pobrac ten program do usuwania sp.dll Patrzylem do FAQ i moc nie znalazlem.
Damianos nie załamuj mnie.
Do którego FAQ zaglądałeś ?
Przecieź w przyklejonym w tym dziale masz jak byk "Fix usuwający se.dll i pokrewne" a po kliknięciu w link dostajesz taką stronę – http://forum.centrumxp.pl/viewtopic.php?t=33138
Sciągnij ten program i uruchom go.
A to co ?
Taki młody chłopok a oczy takie słabe ? :wink:
:Arrow:
Fix usuwający se.dll i pokrewne
Taki młody chłopok a oczy takie słabe ? :wink:
nie wiem skad mam pobrac ten program do usuwania sp.dll Patrzylem do FAQ i moc nie znalazlem.
I jak Ty problemów nie będziesz miał jak zadnego programu antywirusowego nie widze ?
Wyłącz przywracanie systemu
Zakończ procesy w tasku:
gglib.exe
?hkntfs.exe (zamiast pytajnika bedzie jakaś literka)
ilaa.exe
Sciągnij usuwacza sp.dll z tematu linkowanego w FAQ
Odinstaluj z dodaj/usun Media Pass
Wyczyść temp
Pozbadz sie:
Odnośnie ostatniego wpisu.
W wierszu poleceń wpisujesz: net stop PowerManager
Ten sam efekt uzyskasz przez services.msc zatrzymując usługe Power Manager.
Teraz w HJT, Config >> Misc Tools >> Delete an NT service, wklepujesz: PowerManager i powtierdzasz.
Po resecie plik powinien się bez problemu usunać.
Zwróc jeszcze uwagę, ze systemowy svchost siedzi w system32
Wyłącz przywracanie systemu
Zakończ procesy w tasku:
gglib.exe
?hkntfs.exe (zamiast pytajnika bedzie jakaś literka)
ilaa.exe
Sciągnij usuwacza sp.dll z tematu linkowanego w FAQ
Odinstaluj z dodaj/usun Media Pass
Wyczyść temp
Pozbadz sie:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Dom\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Dom\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 – BHO: (no name) – {0A839FC7–FF0F–480E–B476–85C5197DCA96} – C:\WINDOWS\System32\ohbb.dll
O2 – BHO: (no name) – {10FCF98C–3A12–66EB–3D87–65830FBFFE94} – C:\WINDOWS\System32\ksb.dll (file missing)
O2 – BHO: (no name) – {24D1C9F9–1722–52AD–10B0–53AE4A8DD3AC} – C:\WINDOWS\System32\ksb.dll (file missing)
O2 – BHO: (no name) – {CC0D5E46–D7CE–C412–FDDE–952292A365A4} – C:\WINDOWS\System32\kiwgzae.dll
O2 – BHO: (no name) – {F8206E33–FAFE–F054–D0E9–A30FD791489C} – C:\WINDOWS\System32\kiwgzae.dll
Blaster.E
O4 – HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Dom\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKLM\..\Run: [vmtuner] gglib.exe
O4 – HKCU\..\Run: [Kvyevk] C:\WINDOWS\System32\?hkntfs.exe
O4 – HKCU\..\Run: [Uout] C:\Program Files\oaan\ilaa.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: Win32 Classes –
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge–c18.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – ms–its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/script/mt.chm::/MediaTicketsInstaller.cab
O18 – Filter: text/html – {FCA447B7–0F45–477D–8039–A285160D2234} – C:\WINDOWS\System32\ohbb.dll
O18 – Filter: text/plain – {FCA447B7–0F45–477D–8039–A285160D2234} – C:\WINDOWS\System32\ohbb.dll
O21 – SSODL: Web Event Logger – {7CFBACFF–EE01–1231–ABDD–416592E5D639} – C:\WINDOWS\System32\Lffipp32.dll (file missing)
O23 – Service: Power Manager (PowerManager) – Unknown owner – C:\WINDOWS\svchost.exe (file missing)
Odnośnie ostatniego wpisu.
W wierszu poleceń wpisujesz: net stop PowerManager
Ten sam efekt uzyskasz przez services.msc zatrzymując usługe Power Manager.
Teraz w HJT, Config >> Misc Tools >> Delete an NT service, wklepujesz: PowerManager i powtierdzasz.
Po resecie plik powinien się bez problemu usunać.
Zwróc jeszcze uwagę, ze systemowy svchost siedzi w system32
Strona 1 / 1