Oczywiscie LOG

SzuroN · 25 Kwiecień 2005 11:19

Logfile of HijackThis v1.99.1

Scan saved at 13:21:20, on 2005-04-25

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

E:\Program Files\Winamp\winampa.exe

E:\WINDOWS\System32\scvhost.exe

E:\WINDOWS\System32\rundll32.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\Konnekt\konnekt.exe

E:\Program Files\Messenger\msmsgs.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\WINDOWS\system32\NOTEPAD.EXE

E:\Documents and Settings\S4inT_PL\Pulpit\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\S4inT_PL\USTAWI~1\Temp\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\S4inT_PL\USTAWI~1\Temp\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0D81C957-52CC-46FB-8492-38CE8718C9BA} - E:\WINDOWS\System32\gipi.dll

O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - E:\Program Files\QuickSearch\QuickSearchBar1_27.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - E:\Program Files\QuickSearch\QuickSearchBar1_27.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [Microsoft Windows Updata] scvhost.exe

O4 - HKLM…\Run: [services] E:\WINDOWS\System32\xfypj.exe

O4 - HKLM…\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O4 - HKLM…\Run: [instant Messenger] aol.exe

O4 - HKLM…\Run: [sp] rundll32 E:\DOCUME~1\S4inT_PL\USTAWI~1\Temp\se.dll,DllInstall

O4 - HKLM…\Run: [rant] rant.exe

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\RunServices: [Microsoft Windows Updata] scvhost.exe

O4 - HKLM…\RunServices: [instant Messenger] aol.exe

O4 - HKLM…\RunServices: [rant] rant.exe

O4 - HKCU…\Run: [Konnekt] “E:\Program Files\Konnekt\konnekt.exe” /autostart

O4 - HKCU…\Run: [MSMSGS] “E:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [Microsoft Windows Updata] scvhost.exe

O4 - HKCU…\Run: [instant Messenger] aol.exe

O4 - HKCU…\Run: [rant] rant.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm (file missing)

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE

O10 - Broken Internet access because of LSP provider ‘e:\program files\newdotnet\newdotnet5_64.dll’ missing

O18 - Filter: text/html - {E293DD33-0036-4635-BE44-52D9233F36B2} - E:\WINDOWS\System32\gipi.dll

O18 - Filter: text/plain - {E293DD33-0036-4635-BE44-52D9233F36B2} - E:\WINDOWS\System32\gipi.dll

O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - E:\WINDOWS\System32\hwclock.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

musg · 25 Kwiecień 2005 11:38

wylacz przywracanie systemu i wywal recznie:

tylko nie pomyl z svchost.exe (zobacz jaka mała roznica w pisowni)

dalej za pomoca hijacka wywal:

nastepnie fixujesz:

dalej usuwasz:

recznie wywalasz:

rant.exe

scvhost.exe

aol.exe

rant.exe

i fixujesz wszystkie wpisy 04-z tymi dodatkami

dalej kasacja:

sciagasz program:

http://www.cexx.org/lspfix.htm

i napisz co pokazal ci po lewej stronie w oknie-powiem co wywalic

zafixuj jeszcze

na koniec usun:

tu masz info jak to zrobic:

http://forum.mks.com.pl/forum/viewthread.php?tid=11654

i daj raz jeszcze log

pamietaj system awaryjny f8 i wylacz przywracanie systemu