Komputer sie wiesza po paru minutach

adamawa · 6 Wrzesień 2007 17:49

Koputer wczoraj był formatowany, wszystkie sterowniki zostały instalowane, programy zreinstalowane, dziś wracam z siłowni - włączam gg, chce zamknąć jego okno, program sie weisza wraz z całym systemem - moge tylko poruszać myszką - zero reakcji gdy naciskam na ikone (widac, tak jak bym jej wogole nie naciskal) ani zero reakcji, kiedy chce z pozycji klawiatury włączyć Menu Start czy Menedżer Zadań. Dzieje sie tak za kazdym razem po włączeniu komputera, po paru minutach poprostu sie wiesza bezwzględu na to, co robie. Pisze teraz z Tryby Awaryjnego, ponieważ z tej pozycji chodzi bez problemu.

Logfile of HijackThis v1.99.1 Scan saved at 16:37:47, on 2007-09-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE E:\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 108.112.42.206 ad.doubleclick.net O1 - Hosts: 184.169.44.29 upgrade.bitdefender.com O1 - Hosts: 106.62.59.13 report.bitdefender.com O1 - Hosts: 178.95.95.213 ad.fastclick.net O1 - Hosts: 107.116.117.138 ads.fastclick.net O1 - Hosts: 174.15.27.94 ar.atwola.com O1 - Hosts: 115.27.183.221 atdmt.com O1 - Hosts: 183.97.110.57 avp.ch O1 - Hosts: 114.153.7.176 avp.com O1 - Hosts: 179.51.181.210 avp.ru O1 - Hosts: 108.15.197.227 awaps.net O1 - Hosts: 180.66.164.240 banner.fastclick.net O1 - Hosts: 112.56.109.230 banners.fastclick.net O1 - Hosts: 177.137.61.67 ca.com O1 - Hosts: 111.18.29.102 http://www.ca.com O1 - Hosts: 180.140.140.115 click.atdmt.com O1 - Hosts: 104.148.31.185 clicks.atdmt.com O1 - Hosts: 186.213.124.100 customer.symantec.com O1 - Hosts: 100.96.64.129 dispatch.mcafee.com O1 - Hosts: 183.2.101.136 download.mcafee.com O1 - Hosts: 104.210.98.148 download.microsoft.com O1 - Hosts: 181.159.189.68 downloads.microsoft.com O1 - Hosts: 112.218.150.78 downloads-eu1.kaspersky-labs.com O1 - Hosts: 181.65.170.225 downloads-eu2.kaspersky-labs.com O1 - Hosts: 115.202.138.212 downloads-eu3.kaspersky-labs.com O1 - Hosts: 185.37.50.218 downloads-us1.kaspersky-labs.com O1 - Hosts: 109.114.81.80 downloads-us2.kaspersky-labs.com O1 - Hosts: 180.183.191.200 downloads-us3.kaspersky-labs.com O1 - Hosts: 111.63.81.72 downloads1.kaspersky-labs.com O1 - Hosts: 187.45.123.197 downloads2.kaspersky-labs.com O1 - Hosts: 102.48.18.192 downloads3.kaspersky-labs.com O1 - Hosts: 180.188.144.114 downloads4.kaspersky-labs.com O1 - Hosts: 111.57.62.146 engine.awaps.net O1 - Hosts: 179.113.96.3 f-secure.com O1 - Hosts: 100.178.73.135 fastclick.net O1 - Hosts: 182.38.71.88 ftp.avp.ch O1 - Hosts: 107.152.141.111 ftp.downloads2.kaspersky-labs.com O1 - Hosts: 186.39.46.12 ftp.f-secure.com O1 - Hosts: 106.65.181.226 ftp.kasperskylab.ru O1 - Hosts: 174.100.75.218 ftp.sophos.com O1 - Hosts: 111.138.97.30 go.microsoft.com O1 - Hosts: 174.194.28.31 ids.kaspersky-labs.com O1 - Hosts: 110.101.147.64 kaspersky-labs.com O1 - Hosts: 182.218.134.18 kaspersky.com O1 - Hosts: 110.50.113.133 liveupdate.symantec.com O1 - Hosts: 178.160.128.199 liveupdate.symantecliveupdate.com O1 - Hosts: 115.84.151.31 mast.mcafee.com O1 - Hosts: 185.0.220.131 mcafee.com O1 - Hosts: 109.92.142.185 media.fastclick.net O1 - Hosts: 176.171.191.233 msdn.microsoft.com O1 - Hosts: 103.113.37.211 my-etrust.com O1 - Hosts: 180.172.202.29 nai.com O1 - Hosts: 115.89.143.98 networkassociates.com O1 - Hosts: 174.46.37.27 office.microsoft.com O1 - Hosts: 109.188.51.100 phx.corporate-ir.net O1 - Hosts: 185.45.204.116 rads.mcafee.com O1 - Hosts: 109.120.41.223 secure.nai.com O1 - Hosts: 177.7.179.127 securityresponse.symantec.com O1 - Hosts: 108.217.74.1 service1.symantec.com O1 - Hosts: 183.50.26.181 sophos.com O1 - Hosts: 109.170.21.186 spd.atdmt.com O1 - Hosts: 187.58.188.136 support.microsoft.com O1 - Hosts: 101.13.209.239 symantec.com O1 - Hosts: 176.188.88.223 trendmicro.com O1 - Hosts: 105.130.169.168 update.symantec.com O1 - Hosts: 182.123.36.37 updates.symantec.com O1 - Hosts: 108.110.33.59 updates1.kaspersky-labs.com O1 - Hosts: 183.59.213.85 updates2.kaspersky-labs.com O1 - Hosts: 100.8.14.248 updates3.kaspersky-labs.com O1 - Hosts: 177.203.115.101 updates4.kaspersky-labs.com O1 - Hosts: 115.99.75.57 updates5.kaspersky-labs.com O1 - Hosts: 177.164.21.164 us.mcafee.com O1 - Hosts: 104.191.68.232 vil.nai.com O1 - Hosts: 178.104.12.229 viruslist.com O1 - Hosts: 115.45.29.170 viruslist.ru O1 - Hosts: 180.17.225.124 windowsupdate.microsoft.com O1 - Hosts: 101.14.104.106 http://www.avp.ch O1 - Hosts: 187.220.183.234 http://www.avp.com O1 - Hosts: 106.32.32.175 http://www.avp.ru O1 - Hosts: 186.54.74.45 http://www.awaps.net O1 - Hosts: 101.143.19.123 http://www.ca.com O1 - Hosts: 174.32.86.13 http://www.f-secure.com O1 - Hosts: 105.116.161.207 http://www.fastclick.net O1 - Hosts: 181.161.67.179 http://www.grisoft.com O1 - Hosts: 112.172.26.189 http://www.kaspersky-labs.com O1 - Hosts: 184.209.149.39 http://www.kaspersky.com O1 - Hosts: 101.182.189.240 http://www.kaspersky.ru O1 - Hosts: 173.37.26.35 http://www.mcafee.com O1 - Hosts: 112.46.139.229 http://www.my-etrust.com O1 - Hosts: 178.225.214.176 http://www.nai.com O1 - Hosts: 108.150.114.26 http://www.networkassociates.com O1 - Hosts: 178.182.181.42 http://www.sophos.com O1 - Hosts: 109.208.204.78 http://www.symantec.com O1 - Hosts: 185.128.102.236 http://www.trendmicro.com O1 - Hosts: 106.65.196.108 http://www.viruslist.com O1 - Hosts: 179.223.125.67 http://www.viruslist.ru O1 - Hosts: 103.38.35.138 www3.ca.com O1 - Hosts: 175.24.52.173 avp.ch O1 - Hosts: 112.167.176.41 avp.com O1 - Hosts: 181.132.72.29 avp.ru O1 - Hosts: 108.51.94.92 awaps.net O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7Pro.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobereader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.7.4.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [DAEMON Tools-1033] “E:\Daemon\daemon.exe” -lang 1033 -noicon O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe O4 - Startup: TrayIt!.lnk = E:\trayit\trayit!.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll O9 - Extra ‘Tools’ menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Windows Firewall” = “C:\WINDOWS\System32\drivers\svchost.exe” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “CTHelper” = “CTHELPER.EXE” [“Creative Technology Ltd”] “UpdReg” = “C:\WINDOWS\UpdReg.EXE” [“Creative Technology Ltd.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “DAEMON Tools-1033” = ““E:\Daemon\daemon.exe” -lang 1033 -noicon” [“DAEMON’S HOME”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Inc.”] “Windows Firewall” = “C:\WINDOWS\System32\drivers\svchost.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00011268-E188-40DF-A514-835FCD78B1BF}(Default) = “IE7Pro” -> {HKLM…CLSID} = “IE7Pro BHO” \InProcServer32(Default) = “C:\Program Files\IE7pro\IE7Pro.dll” [“IE7Pro.com”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “E:\adobereader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “E:\BitComet\tools\BitCometBHO_1.1.7.4.dll” [“BitComet”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{30D02401-6A81-11d0-8274-00C04FD5AE38}” = “IE Search Band” -> {HKLM…CLSID} = “IE Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}” = “Shell DocObject Viewer” -> {HKLM…CLSID} = “Shell DocObject Viewer” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FBF23B40-E3F0-101B-8488-00AA003E56F8}” = “InternetShortcut” -> {HKLM…CLSID} = “Internet Shortcut” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}” = “Microsoft Url History Service” -> {HKLM…CLSID} = “Microsoft Url History Service” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FF393560-C2A7-11CF-BFF4-444553540000}” = “History” -> {HKLM…CLSID} = “History” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}” = “Microsoft Url Search Hook” -> {HKLM…CLSID} = “Microsoft Url Search Hook” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet” -> {HKLM…CLSID} = “The Internet” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{871C5380-42A0-1069-A2EA-08002B30309D}” = “Internet Name Space” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\WinRAR\rarext.dll” [null data] “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}” = “IE Microsoft BrowserBand” -> {HKLM…CLSID} = “IE Microsoft BrowserBand” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}” = “IE Fade Task” -> {HKLM…CLSID} = “IE Fade Task” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{205D7A97-F16D-4691-86EF-F3075DCCA57D}” = “IE Menu Desk Bar” -> {HKLM…CLSID} = “IE Menu Desk Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE AutoComplete” -> {HKLM…CLSID} = “IE AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{43886CD5-6529-41c4-A707-7B3C92C05E68}” = “IE Navigation Bar” -> {HKLM…CLSID} = “IE Navigation Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{44C76ECD-F7FA-411c-9929-1B77BA77F524}” = “IE Menu Site” -> {HKLM…CLSID} = “IE Menu Site” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{4B78D326-D922-44f9-AF2A-07805C2A3560}” = “IE Menu Band” -> {HKLM…CLSID} = “IE Menu Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}” = “IE Microsoft History AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft History AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}” = “IE Tracking Shell Menu” -> {HKLM…CLSID} = “IE Tracking Shell Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6CF48EF8-44CD-45d2-8832-A16EA016311B}” = “IE IShellFolderBand” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{73CFD649-CD48-4fd8-A272-2070EA56526B}” = “IE BandProxy” -> {HKLM…CLSID} = “IE BandProxy” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}” = “IE MRU AutoComplete List” -> {HKLM…CLSID} = “IE MRU AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}” = “IE RSS Feeder Folder” -> {HKLM…CLSID} = “IE RSS Feeds Folder” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}” = “IE Microsoft Shell Folder AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft Shell Folder AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{B31C5FAE-961F-415b-BAF0-E697A5178B94}” = “IE Microsoft Multiple AutoComplete List Container” -> {HKLM…CLSID} = “IE Microsoft Multiple AutoComplete List Container” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}” = “Microsoft Browser Architecture” -> {HKLM…CLSID} = “Microsoft Browser Architecture” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}” = “IE Shell Rebar BandSite” -> {HKLM…CLSID} = “IE Shell Rebar BandSite” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E6EE9AAC-F76B-4947-8260-A9F136138E11}” = “IE Shell Band Site Menu” -> {HKLM…CLSID} = “IE Shell Band Site Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F2CF5485-4E02-4f68-819C-B92DE9277049}” = “&Links” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}” = “IE Registry Tree Options Utility” -> {HKLM…CLSID} = “IE Registry Tree Options Utility” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}” = “IE User Assist” -> {HKLM…CLSID} = “IE User Assist” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}” = “IE Custom MRU AutoCompleted List” -> {HKLM…CLSID} = “IE Custom MRU AutoCompleted List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{35786D3C-B075-49b9-88DD-029876E11C01}” = “Portable Devices” -> {HKLM…CLSID} = “Portable Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS] “{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}” = “Portable Devices Menu” -> {HKLM…CLSID} = “Portable Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “E:\adobereader\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Adam” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\Adam\Menu Start\Programy\Autostart “TrayIt!” -> shortcut to: “E:\trayit\trayit!.exe” [“Igor Nys”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {0026439F-A980-4F18-8C95-4F1CBBF9C1D8}\ “ButtonText” = “IE7Pro Preferences” “MenuText” = “IE7Pro Preferences” “CLSIDExtension” = “{B119EB0C-C021-46CF-85B0-34A760E0D5FE}” -> {HKLM…CLSID} = “IE7Pro ToolsExt” \InProcServer32(Default) = “C:\Program Files\IE7pro\IE7Pro.dll” [“IE7Pro.com”] {461CC20B-FB6E-4F16-8FE8-C29359DB100E}\ “ButtonText” = “BitComet Search” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome” Missing lines (compared with English-language version): [strings]: 2 lines HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! “NavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “DesktopItemNavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “NavigationCanceled” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “OfflineInformation” = “res://ieframe.dll/offcancl.htm” [MS] HIJACK WARNING! “PostNotCached” = “res://ieframe.dll/repost.htm” [MS] HIJACK WARNING! “NoAdd-ons” = “res://ieframe.dll/noaddon.htm” [MS] HIJACK WARNING! “NoAdd-onsInfo” = “res://ieframe.dll/noaddoninfo.htm” [MS] HIJACK WARNING! “SecurityRisk” = “res://ieframe.dll/securityatrisk.htm” [MS] HIJACK WARNING! “Tabs” = “res://ieframe.dll/tabswelcome.htm” [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 235 domain names to IP addresses, 234 of the IP addresses are *not* localhost! All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.exe” [“Creative Technology Ltd”] HTTP SSL, HTTPFilter, “C:\WINDOWS\System32\svchost.exe -k HTTPFilter” {“C:\WINDOWS\System32\w3ssl.dll” [MS]} iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Inc.”] Karta wydajności WMI, WmiApSrv, “C:\WINDOWS\system32\wbem\wmiapsrv.exe” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Usługa administracyjna Menedżera dysków logicznych, dmadmin, “C:\WINDOWS\System32\dmadmin.exe /com” [“Microsoft Corp., Veritas Software”] Usługa dostarczania sieci, xmlprov, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\xmlprov.dll” [MS]} Usługa numeru seryjnego multimediów przenośnych, WmdmPmSN, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\MsPMSNSv.dll” [MS]} Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ““C:\Program Files\Windows Media Player\WMPNetwk.exe”” [MS] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, “C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup” {“C:\WINDOWS\System32\WUDFSvc.dll” [MS]} WMDM PMSP Service, WMDM PMSP Service, “C:\WINDOWS\system32\MsPMSPSv.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 28 seconds, including 10 seconds for message boxes)

Gutek · 6 Wrzesień 2007 19:51

Użyj programu HostsXpert i ustaw domyślne ustawienia plikowi hosts.

Daj log z ComboFix

adamawa · 6 Wrzesień 2007 20:21

Proszę:

ComboFix 07-08-30.3 - “Adam” 2007-09-06 22:15:35.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.403 [GMT 2:00] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32_000883_.tmp.dll C:\WINDOWS\system32\drivers\svchost.exe ((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 ))))))))))))))))))))))))))))))) 2007-09-06 21:56 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-09-06 18:33 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-09-06 16:32 2007-09-06 15:04 2007-09-06 15:04 2007-09-06 14:55 2007-09-06 14:54 2007-09-06 14:54 2007-09-06 14:48 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-09-06 14:48 2007-09-06 14:47 2007-09-06 07:19 2007-09-05 23:24 2007-09-05 23:23 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-09-05 20:13 2007-09-05 19:56 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000002-80661102}.dat 2007-09-05 19:56 288 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000008-00001102-00000002-80661102}.dat 2007-09-05 19:53 545 --a------ C:\WINDOWS\UC.PIF 2007-09-05 19:53 545 --a------ C:\WINDOWS\RAR.PIF 2007-09-05 19:53 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-09-05 19:53 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-09-05 19:53 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-09-05 19:53 545 --a------ C:\WINDOWS\LHA.PIF 2007-09-05 19:53 545 --a------ C:\WINDOWS\ARJ.PIF 2007-09-05 19:51 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-09-05 19:49 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-09-05 19:49 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-09-05 19:49 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-09-05 19:49 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys 2007-09-05 19:49 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-09-05 19:49 10,624 --a–c— C:\WINDOWS\system32\dllcache\gameenum.sys 2007-09-05 19:49 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:47 2007-09-05 19:40 2007-09-05 19:40 2007-09-05 19:39 2007-09-05 19:38 2007-09-05 19:25 2007-09-05 19:23 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys 2007-09-05 19:23 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys 2007-09-05 19:14 2007-09-05 19:11 2007-09-05 19:07 2007-09-05 19:02 2007-09-05 19:00 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-09-05 19:00 2007-09-05 18:55 73,728 --a------ C:\WINDOWS\system32\CTDrmRes.dll 2007-09-05 18:55 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll 2007-09-05 18:55 54,784 --------- C:\WINDOWS\system32\Inetwh32.dll 2007-09-05 18:55 331,776 --------- C:\WINDOWS\system32\CTMedEng.dll 2007-09-05 18:55 28,672 --a------ C:\WINDOWS\system32\CTIntRes.dll 2007-09-05 18:55 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL 2007-09-05 18:55 163,840 --------- C:\WINDOWS\system32\CTDRMUI.dll 2007-09-05 18:55 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll 2007-09-05 18:55 2007-09-05 18:55 2007-09-05 18:54 15,840 --------- C:\WINDOWS\system32\drivers\PFMODNT.SYS 2007-09-05 18:54 2007-09-05 18:43 208,896 --a------ C:\WINDOWS\system32\nvuide.exe 2007-09-05 18:42 82,816 -ra------ C:\WINDOWS\system32\drivers\nvatabus.sys 2007-09-05 18:42 294,400 -ra------ C:\WINDOWS\system32\idecoi.dll 2007-09-05 18:40 2007-09-05 18:40 2007-09-05 18:40 2007-09-05 18:37 2007-09-05 18:28 2007-09-05 18:28 2007-09-05 18:28 2007-09-05 18:28 2007-09-05 18:28 2007-09-05 18:28 2007-09-05 18:27 2007-09-05 18:27 2007-09-05 18:27 2007-09-05 18:27 2007-09-05 18:23 2007-09-05 18:22 2007-09-05 18:21 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-09-05 19:28 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll --------- C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Windows Firewall”=“C:\WINDOWS\System32\drivers\svchost.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44] “Windows Firewall”=“C:\WINDOWS\System32\drivers\svchost.exe” [] C:\DOCUME~1\Adam\MENUST~1\Programy\AUTOST~1\ TrayIt!.lnk - E:\trayit\trayit!.exe [2007-04-12 16:45:03] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] E:\SBLive\PROGRAM\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\UpdReg.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7b0ce4a7-5bd6-11dc-8276-806d6172696f}] AutoRun\command- F:\setup.exe Contents of the ‘Scheduled Tasks’ folder 2007-09-05 17:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-06 22:17:06 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-06 22:17:43 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-09-06 22:17 — E O F —

Gutek · 6 Wrzesień 2007 20:25

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Pobierz program SDFix

adamawa · 6 Wrzesień 2007 20:37

Ciągle siedze w trybie awaryjnym …

SDFix: Version 1.102 Run by Adam on 2007-09-06 at 22:30 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Finished

Gutek · 6 Wrzesień 2007 20:46

No to jest Ok

adamawa · 6 Wrzesień 2007 20:53

Dzięki za pomoc, ale nestety nie jest Ok - problem pozostaje. Zauważyłem że przed zwiechą włacza sie w menedżerze zadan ciś ala: wmipriv.exe (nie musi być dokładnie, może mspriv…) … ? i po tym chyba załapało zwieche.

Gutek · 6 Wrzesień 2007 21:03

możesz przepisać dokładnie?

Skan AVG Anti-Spyware 7.5 po update + raport

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 + optymalizacja Autostartu

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

adamawa · 7 Wrzesień 2007 13:32

Plik dokładnie sie nazywa: msprivs.exe

Optymalizacje Autostartu i czyszczenie rejestru zrobiłem EasyCleaner’em.

Raport:

--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 15:32:22 2007-09-07 + Scan result: D:\INSTALKI\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : No action taken. C:\Documents and Settings\Adam\Cookies\adam@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken. C:\Documents and Settings\Adam\Cookies\adam@advertising[2].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\Adam\Cookies\adam@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\Adam\Cookies\adam@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken. C:\Documents and Settings\Adam\Cookies\adam@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken. C:\Documents and Settings\Adam\Cookies\adam@com[1].txt -> TrackingCookie.Com : No action taken. C:\Documents and Settings\Adam\Cookies\adam@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Adam\Cookies\adam@searchportal.information[1].txt -> TrackingCookie.Information : No action taken. C:\Documents and Settings\Adam\Cookies\adam@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. C:\Documents and Settings\Adam\Cookies\adam@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken. C:\Documents and Settings\Adam\Cookies\adam@revenue[2].txt -> TrackingCookie.Revenue : No action taken. C:\Documents and Settings\Adam\Cookies\adam@revsci[1].txt -> TrackingCookie.Revsci : No action taken. C:\Documents and Settings\Adam\Cookies\adam@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken. C:\Documents and Settings\Adam\Cookies\adam@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken. C:\Documents and Settings\Adam\Cookies\adam@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken. C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken. C:\Documents and Settings\Adam\Cookies\adam@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken. C:\Documents and Settings\Adam\Cookies\adam@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken. C:\Documents and Settings\Adam\Cookies\adam@zedo[2].txt -> TrackingCookie.Zedo : No action taken. E:\System Volume Information_restore{2D6F0D46-E853-4BE6-8301-F132DAEABA31}\RP264\A0076861.exe -> Trojan.LdPinch.bvy : No action taken. ::Report end

Gutek · 7 Wrzesień 2007 21:59

ściągacie cracki a później problem!

Wyłącz i włącz przywracanie systemu

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżkę

C:\WINDOWS\System32\msprivs.exe

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

adamawa · 8 Wrzesień 2007 09:31

Watpie że to przez to, nie pamiętam kiedy go ostatnio odpalałem, a napewno nie po formacie.

Robie tak jak piszesz, i kiedy kończy sie odliczanie wyskakuje to:

Wydaje mi sie, że taki plik nie istnieje, ponieważ sam go chciałem usunąć i znalazłem tylko msprivs. dll , wiec mozę powinienem ten plik usunąć? Ale pojawiła sie jeszcze jedna opcja do zaznaczenia - unregtister dll before deleting… zaznaczać to?

EDIT: problem rozwiazany. Oczywiśćei zdarza sie, żę człowiek jest omylny - chodizło o inny plik - wmipriv*.exe, usunełęm go killbotem i po kłopocie. Dzięki za pomoc.

Gutek · 8 Wrzesień 2007 16:28

ale ściągnołeś.

Użyj Pocket Killbox w trybie awaryjnym