Brak wpisu run


(Poroszewski1991) #1

mam taki problem przy wlaczaniu kompa wyskakuje mi takie okienko C:\Users|Dominika|AppData\Local\Temp\xsyoaulu.dll Brak Wpisu run

pozniej nie moge wlaczyc folderow ani nic wiecej nie moge rowniez przywrocic systemu do postaci kiedy bylo wszystko dobrze

prosze o jakos pomoc


(Leon$) #2

Pobierz HijackThis 2 http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654 pokaż log

:slight_smile:


(Poroszewski1991) #3

Log wyglada nastepujaca

Logfile of HijackThis v1.99.1

Scan saved at 21:07:52, on 2008-02-27

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\system32\igfxsrvc.exe

D:\programy\DAEMON Tools Lite\daemon.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe

C:\Windows\system32\wbem\unsecapp.exe

D:\programy\eMule\emule.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\Dominika\AppData\Local\Temp\Rar$EX00.335\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM…\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM…\Run: [HotkeyApp] “C:\Program Files\Launch Manager\HotkeyApp.exe”

O4 - HKLM…\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [ccApp] “c:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [osCheck] “c:\Program Files\Norton Internet Security\osCheck.exe”

O4 - HKLM…\Run: [recinfo91] c:\RecInfo\RecInfo.exe

O4 - HKLM…\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe

O4 - HKLM…\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe

O4 - HKLM…\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe

O4 - HKLM…\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe

O4 - HKLM…\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”

O4 - HKCU…\Run: [DAEMON Tools Lite] “D:\programy\DAEMON Tools Lite\daemon.exe” -autorun

O4 - HKCU…\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU “C:\Users\Dominika\AppData\Local\Temp\E_S7936.tmp” /EF “HKCU”

O4 - HKCU…\Run: [MSServer] rundll32.exe C:\Users\Dominika\AppData\Local\Temp\xxyab.dll,#1

O4 - HKCU…\Run: [cmds] rundll32.exe C:\Users\Dominika\AppData\Local\Temp\ddayx.dll,c

O4 - HKCU…\Run: [MS Juan] rundll32 “C:\Users\Dominika\AppData\Local\Temp\hjjlllsa.dll”,run

O4 - HKCU…\Run: [3a1bbb3a] rundll32.exe “C:\Users\Dominika\AppData\Local\Temp\ujbccljb.dll”,b

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

prosze o pomoc :slight_smile:


(Gutek) #4

Użyj automatu - Daj log z ComboFix

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350


(Poroszewski1991) #5

Kurcze ale zapommnialem dodac ze nie moge nic sciagac wiec niemoge wkleic tego tak jak potrzeba

Gdy by sie dalo to prosze o szybka pomoc bo nie wiem co mam robic a mam wazne rzeczy na kompi i nie wiem czy mam robic formata


(Leon$) #6

start >> uruchom >> cmd

sc stop WMPNetworkSvc

sc delete WMPNetworkSvc

wpisy

O4 - HKLM\..\Run: [recinfo91] c:\RecInfo\RecInfo.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Dominika\AppData\Local\Temp\xxyab.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dominika\AppData\Local\Temp\ddayx.dll,c

O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Dominika\AppData\Local\Temp\hjjlllsa.dll",run

O4 - HKCU\..\Run: [3a1bbb3a] rundll32.exe "C:\Users\Dominika\AppData\Local\Temp\ujbccljb.dll",b

usuń HijackThisem >> Fix checked pliki

c:\RecInfo\RecInfo.exe

C:\Users\Dominika\AppData\Local\Temp\xxyab.dll

C:\Users\Dominika\AppData\Local\Temp\ddayx.dll

C:\Users\Dominika\AppData\Local\Temp\hjjlllsa.dll

C:\Users\Dominika\AppData\Local\Temp\ujbccljb.dll

usuń w trybie awaryjnym lub Unlockerem

:slight_smile:


(Arekmalek) #7

Wpisy fix.

Po restarcie kompa spróbuj dać pobrać combofixa


(Poroszewski1991) #8

(Gutek) #9

Gdzie nowe logi


(Leon$) #10

Gutek tomek pisał

Wejdź do wiersza poleceń (start >> uruchom >> cmd)

wpisz tam sc stop WMPNetworkSvc >> Enter

następnie wpisz sc delete WMPNetworkSvc >> Enter

włącz HijackThis >> Do a system scan only >> zrobi skan i pokaże listę wpisów >> zaznacz

kliknij Fix checked

wejdź w podane ścieżki i usuń

Jeśli nie pójdzie normalnie to pobierz Unlocker http://dobreprogramy.pl/index.php?dz=2&id=1571&Unlocker+1.8.5 i spróbuj nim

:slight_smile:


(Poroszewski1991) #11

Microsoft Windows [Wersja 6.0.6000]

Copyright © 2006 Microsoft Corporation. Wszelkie prawa zastrzeżone.

C:\Users\Dominika>sc stop WMPNetworkSvc

[sC] OpenService NIEPOWODZENIE 5:

Odmowa dostępu.

C:\Users\Dominika>

Wyskakuje mi cos takiego jak uruchomie cmd a tego drugiego tez nie moge zrobic jak rowniez nie moge pobrac unlockera

Jak cos to mozna przeslac na poroszewski@o2.pl dzieki :cry:


(Leon$) #12

Zaloguj się jako administrator i wtedy to zrób

:slight_smile:


(Poroszewski1991) #13

Ale caly czas jestesm administratorem =P~


(Leon$) #14

Podane pliki usuń w trybie awaryjnym

:slight_smile:


(Poroszewski1991) #15

a mozna dokladniej opisac to usuwanie w trybie awayjnym bo jestem w tym zielony. i jak to usune to bedzie dzialac wszystko normalnie??


(Leon$) #16

Ale czytać umiesz http://www.google.pl/search?hl=pl&client=firefox-a&channel=s&rls=org.mozilla%3Apl%3Aofficial&q=tryb+awaryjny+xp&btnG=Szukaj&lr=lang_pl

nie wiem

:slight_smile: