mam taki problem przy wlaczaniu kompa wyskakuje mi takie okienko C:\Users|Dominika|AppData\Local\Temp\xsyoaulu.dll Brak Wpisu run
pozniej nie moge wlaczyc folderow ani nic wiecej nie moge rowniez przywrocic systemu do postaci kiedy bylo wszystko dobrze
prosze o jakos pomoc
Log wyglada nastepujaca
Logfile of HijackThis v1.99.1
Scan saved at 21:07:52, on 2008-02-27
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\igfxsrvc.exe
D:\programy\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\programy\eMule\emule.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Dominika\AppData\Local\Temp\Rar$EX00.335\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [HotkeyApp] “C:\Program Files\Launch Manager\HotkeyApp.exe”
O4 - HKLM…\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [ccApp] “c:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [osCheck] “c:\Program Files\Norton Internet Security\osCheck.exe”
O4 - HKLM…\Run: [recinfo91] c:\RecInfo\RecInfo.exe
O4 - HKLM…\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM…\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM…\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM…\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM…\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
O4 - HKCU…\Run: [DAEMON Tools Lite] “D:\programy\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU…\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU “C:\Users\Dominika\AppData\Local\Temp\E_S7936.tmp” /EF “HKCU”
O4 - HKCU…\Run: [MSServer] rundll32.exe C:\Users\Dominika\AppData\Local\Temp\xxyab.dll,#1
O4 - HKCU…\Run: [cmds] rundll32.exe C:\Users\Dominika\AppData\Local\Temp\ddayx.dll,c
O4 - HKCU…\Run: [MS Juan] rundll32 “C:\Users\Dominika\AppData\Local\Temp\hjjlllsa.dll”,run
O4 - HKCU…\Run: [3a1bbb3a] rundll32.exe “C:\Users\Dominika\AppData\Local\Temp\ujbccljb.dll”,b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [iNTERNATIONAL] International*
O13 - Gopher Prefix:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
prosze o pomoc 
Użyj automatu - Daj log z ComboFix
Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350
Kurcze ale zapommnialem dodac ze nie moge nic sciagac wiec niemoge wkleic tego tak jak potrzeba
Gdy by sie dalo to prosze o szybka pomoc bo nie wiem co mam robic a mam wazne rzeczy na kompi i nie wiem czy mam robic formata
start >> uruchom >> cmd
sc stop WMPNetworkSvc
sc delete WMPNetworkSvc
wpisy
O4 - HKLM\..\Run: [recinfo91] c:\RecInfo\RecInfo.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Dominika\AppData\Local\Temp\xxyab.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dominika\AppData\Local\Temp\ddayx.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Dominika\AppData\Local\Temp\hjjlllsa.dll",run
O4 - HKCU\..\Run: [3a1bbb3a] rundll32.exe "C:\Users\Dominika\AppData\Local\Temp\ujbccljb.dll",b
usuń HijackThisem >> Fix checked pliki
c:\RecInfo\RecInfo.exe
C:\Users\Dominika\AppData\Local\Temp\xxyab.dll
C:\Users\Dominika\AppData\Local\Temp\ddayx.dll
C:\Users\Dominika\AppData\Local\Temp\hjjlllsa.dll
C:\Users\Dominika\AppData\Local\Temp\ujbccljb.dll
usuń w trybie awaryjnym lub Unlockerem
Wpisy fix.
Po restarcie kompa spróbuj dać pobrać combofixa
Gdzie nowe logi
Gutek tomek pisał
Wejdź do wiersza poleceń (start >> uruchom >> cmd)
wpisz tam sc stop WMPNetworkSvc >> Enter
następnie wpisz sc delete WMPNetworkSvc >> Enter
włącz HijackThis >> Do a system scan only >> zrobi skan i pokaże listę wpisów >> zaznacz
kliknij Fix checked
wejdź w podane ścieżki i usuń
Jeśli nie pójdzie normalnie to pobierz Unlocker http://dobreprogramy.pl/index.php?dz=2&id=1571&Unlocker+1.8.5 i spróbuj nim
Microsoft Windows [Wersja 6.0.6000]
Copyright © 2006 Microsoft Corporation. Wszelkie prawa zastrzeżone.
C:\Users\Dominika>sc stop WMPNetworkSvc
[sC] OpenService NIEPOWODZENIE 5:
Odmowa dostępu.
C:\Users\Dominika>
Wyskakuje mi cos takiego jak uruchomie cmd a tego drugiego tez nie moge zrobic jak rowniez nie moge pobrac unlockera
Jak cos to mozna przeslac na poroszewski@o2.pl dzieki 
Zaloguj się jako administrator i wtedy to zrób
Ale caly czas jestesm administratorem =P~
Podane pliki usuń w trybie awaryjnym
a mozna dokladniej opisac to usuwanie w trybie awayjnym bo jestem w tym zielony. i jak to usune to bedzie dzialac wszystko normalnie??