crooliq
10 Listopad 2005 14:58
#1
Witam Mam maly problem z systemem. Otoz za kazdym uruchomieniem go tworzy mi sie nowy “czysty” profil w folderze “D:\Documents and Settings\TEMP”. Dysk jakos dziwnie sie zachowuje, tak jakby na chwile przestaje dzialac. W win 98 ktory jest na pierwszej partycji dziala zupelnie normlanie A oto log:
Logfile of HijackThis v1.99.1 Scan saved at 15:48:56, on 2005-11-10 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe D:\WINDOWS\system32\logonui.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\MKS\Bin\NetMonSV.exe D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\Program Files\MKS\Bin\mksmonsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe D:\Program Files\MKS\Bin\mks_menu.exe D:\WINDOWS\System32\CTFMON.EXE D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\MKS\Bin\mks_scan.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - D:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [MKS_MENU] D:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\Program Files\IrfanView\Ebay\Ebay.htm O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/kgr.chm::/gcon.exe O16 - DPF: {DA694446-E25F-11D5-8FF6-0001021C7D4C} (Modem Access) - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/kgr.chm::/accessmul.ocx O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - D:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - D:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - D:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - D:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: Sound Device (Sound) - Unknown owner - D:\WINDOWS\SYSTEM32\ess.exe (file missing) O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
boczi
10 Listopad 2005 20:30
#2
Kasacja:
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge- c18.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/kgr.chm::/gcon.exe
O16 - DPF: {DA694446-E25F-11D5-8FF6-0001021C7D4C} (Modem Access) - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/kgr.chm::/accessmul .ocx
I fałszywka sterowników do karty dźwiękowej:
O23 - Service: Sound Device (Sound) - Unknown owner - D:\WINDOWS\SYSTEM32\ess.exe (file missing)
Wejdz w:
Start->Uruchom->services.msc
Odszukaj usluge:
Sound Device (Sound)
Wejdz w jej wlasciwosci, nacisnij zatrzymaj, a nastepnie tryb uruchomienia na zatrzymany.
Następnie:
Otwierasz HijackThis >>> Misc Tools >>> Delete NT Service >>> wklep Sound >>> zatwierdź
Na koniec kasacja pliku D:\WINDOWS\SYSTEM32\ess.exe z dysku
I nowy log.