Prośba o sprawdzenie loga


(Drynda) #1
Logfile of HijackThis v1.99.1

Scan saved at 16:41:11, on 2005-11-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\totalcmd\TOTALCMD.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\rundll32.exe

E:\Programy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O20 - Winlogon Notify: policies - C:\WINDOWS\system32\ir48l5hu1.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

(Gutek) #2

Poczytaj Usuwanie VX2.BetterInternet i daj mi log nr 1 z narzędzia L2Mfix


(Drynda) #3
L2MFIX find log 1.04a

(Gutek) #4

USUWANIE:

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H sporder.dll

ATTRIB -R-S-H nms32.dll

ATTRIB -R-S-H imon.dll

ATTRIB -R-S-H mnxdm.dll

ATTRIB -R-S-H iwxmontr.dll

ATTRIB -R-S-H guard.tmp

ATTRIB -R-S-H ksdmaori.dll

ATTRIB -R-S-H mawmdmsp.dll

ATTRIB -R-S-H kzdbene.dll

ATTRIB -R-S-H sympsnap.dll

ATTRIB -R-S-H mhcorier.dll

ATTRIB -R-S-H ir48l5hu1.dll

DEL sporder.dll

DEL nms32.dll

DEL imon.dll

DEL mnxdm.dll

DEL iwxmontr.dll

DEL guard.tmp

DEL ksdmaori.dll

DEL mawmdmsp.dll

DEL kzdbene.dll

DEL sympsnap.dll

DEL mhcorier.dll

DEL ir48l5hu1.dll

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz mi nowego loga L2MFix robionego z opcji 1.


(Drynda) #5

jak tylko laptopik wroci z gwarancji to zrobie co napisales, dzieki wielkie z gory pozdrawiam


(Gutek) #6

Jak laptop to użyj do usuwania plików: Pocket Killbox Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżkę C:\WINDOWS\System32\sporder.dll w sumie po kolei: C:\WINDOWS\system32nms32.dll i dalej:

imon.dll

mnxdm.dll

iwxmontr.dll

guard.tmp

ksdmaori.dll

mawmdmsp.dll

kzdbene.dll

sympsnap.dll

mhcorier.dll

ir48l5hu1.dll Program poprosi o reset kompa ... czyli resetujesz.


(Drynda) #7

W koncu wrocil oto log po usuwaniu

L2MFIX find log 1.04a

(Gutek) #8

Bardzo ładnie i czysto :wink: