Witam.Mam problem typu Trojan-system Vista.Mianowicie wykrylo mi trojana lecz bylo juz za pozno…po uruchomieniu sie systemu wyskakuje informacja typu Windows explorer has stoped a nastepnie Windows explorer is restarted.I tak non stop co 5sek,Zainstalowalem program SpyDoctor ktory (mam nadzieje) usuna tego robaka lecz explorer dalej swoje Internet dziala…Prosze o pomoc i rade…
Wybaczcie robie to pierwszy raz.Za chwile poprawie…
Złączono Posta : 07.05.2007 (Pon) 20:26
Logfile of HijackThis v1.99.1 Scan saved at 19:26:20, on 08/05/2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Windows\system32\Taskmgr.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Windows\System32\rundll32.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe C:\Windows\Explorer.exe C:\Users\Jedrek\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe” O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM…\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM…\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM…\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0\bin\jusched.exe” O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll” O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [spyLocked 3.6] “C:\Program Files\SpyLocked 3.6\SpyLocked 3.6.exe” /h O4 - HKLM…\Run: [MalwareWiped 6.1] “C:\Program Files\MW\MalwareWiped 6.1\MalwareWiped 6.1.exe” /h O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKLM…\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKLM…\RunOnce: [isDeleteMe] “C:\Windows\system32\cmd.exe” /c “C:\Users\Jedrek\AppData\Local\Temp\isDel.bat” O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Złączono Posta : 07.05.2007 (Pon) 20:31
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows Vista RC1 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Sidebar” = “C:\Program Files\Windows Sidebar\sidebar.exe /autoRun” [MS] “WindowsWelcomeCenter” = “rundll32.exe oobefldr.dll,ShowWelcomeCenter” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Windows Defender” = “C:\Program Files\Windows Defender\MSASCui.exe -hide” “NvSvc” = “RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart” [MS] “NvCplDaemon” = “RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup” [MS] “NvMediaCenter” = “RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit” [MS] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “QPService” = ““C:\Program Files\HP\QuickPlay\QPService.exe”” [“CyberLink Corp.”] “HP Software Update” = “C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”] “NapsterShell” = “C:\Program Files\Napster\napster.exe /systray” [file not found] “QlbCtrl” = “C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start” “HP Health Check Scheduler” = “C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [null data] “WAWifiMessage” = “C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” “hpWirelessAssistant” = “C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “Symantec PIF AlertEng” = ““C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”” [“Symantec Corporation”] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “SpyLocked 3.6” = ““C:\Program Files\SpyLocked 3.6\SpyLocked 3.6.exe” /h” [file not found] “MalwareWiped 6.1” = ““C:\Program Files\MW\MalwareWiped 6.1\MalwareWiped 6.1.exe” /h” [file not found] “SDTray” = ““C:\Program Files\Spyware Doctor\SDTrayApp.exe”” [“PC Tools”] HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++} “Launcher” = “C:\Windows\SMINST\launcher.exe” “isDeleteMe” = ““C:\Windows\system32\cmd.exe” /c “C:\Users\Jedrek\AppData\Local\Temp\isDel.bat”” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0\bin\ssv.dll” [“Sun Microsystems, Inc.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{E7DE9B1A-7533-4556-9484-B26FB486475E}” = (no title provided) -> {HKLM…CLSID} = “Network Map” \InProcServer32(Default) = “C:\Windows\system32\shdocvw.dll” [MS] “{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}” = “IGD Property Sheet Handler” -> {HKLM…CLSID} = “IGD Property Page” \InProcServer32(Default) = “C:\Windows\System32\icsigd.dll” [MS] “{8856f961-340a-11d0-a96b-00c04fd705a2}” = “Microsoft Web Browser” -> {HKLM…CLSID} = “Microsoft Web Browser” \InProcServer32(Default) = “C:\Windows\system32\ieframe.dll” [MS] “{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}” = “MSHTML Document” -> {HKLM…CLSID} = “MHTML Document” \InProcServer32(Default) = “C:\Windows\system32\mshtml.dll” [MS] “{25336920-03f9-11cf-8fd0-00aa00686f13}” = “HTML Document” -> {HKLM…CLSID} = “HTML Document” \InProcServer32(Default) = “C:\Windows\system32\mshtml.dll” [MS] “{74246bfc-4c96-11d0-abef-0020af6b0b7a}” = “Device Manager” -> {HKLM…CLSID} = “Device Manager” \InProcServer32(Default) = “C:\Windows\System32\devmgr.dll” [MS] “{44f3dab6-4392-4186-bb7b-6282ccb7a9f6}” = “MyDocuments menu and properties” -> {HKLM…CLSID} = “MyDocuments menu and properties” \InProcServer32(Default) = “C:\Windows\system32\mydocs.dll” [MS] “{D34A6CA6-62C2-4C34-8A7C-14709C1AD938}” = “Common Places Folder” -> {HKLM…CLSID} = “Common Places FS Folder” \InProcServer32(Default) = “C:\Windows\System32\shdocvw.dll” [MS] “{865e5e76-ad83-4dca-a109-50dc2113ce9a}” = “Programs Folder and Fast Items” -> {HKLM…CLSID} = “Programs Folder and Fast Items” \InProcServer32(Default) = “C:\Windows\system32\shell32.dll” [MS] “{21ec2020-3aea-1069-a2dd-08002b30309d}” = “Control Panel” -> {HKLM…CLSID} = “Control Panel” \InProcServer32(Default) = “shell32.dll” [MS] “{25585dc7-4da0-438d-ad04-e42c8d2d64b9}” = “Client application shell extension” -> {HKLM…CLSID} = “Client application shell extension” \InProcServer32(Default) = “C:\Windows\system32\shell32.dll” [MS] “{4d5c8c2a-d075-11d0-b416-00c04fb90376}” = “Microsoft CommBand” -> {HKLM…CLSID} = “Microsoft CommBand” \InProcServer32(Default) = “C:\Windows\system32\browseui.dll” [MS] “{92337A8C-E11D-11D0-BE48-00C04FC30DF6}” = “OlePrn.PrinterURL” -> {HKLM…CLSID} = “prturl Class” \InProcServer32(Default) = “C:\Windows\system32\oleprn.dll” [MS] “{16C2C29D-0E5F-45f3-A445-03E03F587B7D}” = “group_wab_auto_file” -> {HKLM…CLSID} = “.group shell context menu” \InProcServer32(Default) = “C:\Program Files\Common Files\System\wab32.dll” [MS] “{CF67796C-F57F-45F8-92FB-AD698826C602}” = “contact_wab_auto_file” -> {HKLM…CLSID} = “.contact shell context menu” \InProcServer32(Default) = “C:\Program Files\Common Files\System\wab32.dll” [MS] “{90b9bce2-b6db-4fd3-8451-35917ea1081b}” = “Search Execute Command” -> {HKLM…CLSID} = “CLSID_SearchExecute” \InProcServer32(Default) = “ExplorerFrame.dll” [MS] “{1a184871-359e-4f67-aad9-5b9905d62232}” = “Microsoft Windows Font File Context Menu Handler” -> {HKLM…CLSID} = “Microsoft Windows Font Context Menu Handler” \InProcServer32(Default) = “fontext.dll” [MS] “{8a7cae0e-5951-49cb-bf20-ab3fa1e44b01}” = “Microsoft Windows Font Previewer” -> {HKLM…CLSID} = “Microsoft Windows Font Preview Handler” \InProcServer32(Default) = “fontext.dll” [MS] “{BC65FB43-1958-4349-971A-210290480130}” = “Network Explorer Property Sheet Handler” -> {HKLM…CLSID} = “Ncd Property Page” \InProcServer32(Default) = “C:\Windows\System32\NcdProp.dll” [MS] “{0a4286ea-e355-44fb-8086-af3df7645bd9}” = “Windows Media Player” -> {HKLM…CLSID} = “&Windows Media Player” \InProcServer32(Default) = “C:\PROGRA~1\WI4EB4~1\wmpband.dll” [MS] “{BB6B2374-3D79-41DB-87F4-896C91846510}” = “EMDFileProperties” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “emdmgmt.dll” [MS] “{7A0F6AB7-ED84-46B6-B47E-02AA159A152B}” = “Sync Center Simple Conflict Presenter” -> {HKLM…CLSID} = “Simple Conflict Presenter” \InProcServer32(Default) = “C:\Windows\System32\SyncCenter.dll” [MS] “{BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A}” = (no title provided) -> {HKLM…CLSID} = “Windows Anytime Upgrade” \InProcServer32(Default) = “C:\Windows\System32\shdocvw.dll” [MS] “{00f20eb5-8fd6-4d9d-b75e-36801766c8f1}” = “PhotoAcqDropTarget” -> {HKLM…CLSID} = “PhotoAcqDropTarget” \InProcServer32(Default) = “C:\Program Files\Windows Photo Gallery\PhotoAcq.dll” [MS] “{91ADC906-6722-4B05-A12B-471ADDCCE132}” = “Touch Band” -> {HKLM…CLSID} = “Touch Pointer” \InProcServer32(Default) = “C:\Windows\System32\TouchX.dll” [MS] “{7D4734E6-047E-41e2-AEAA-E763B4739DC4}” = “Windows Media Player Play as Playlist Context Menu Handler” -> {HKLM…CLSID} = “WMP Play Folder As Playlist Launcher” \InProcServer32(Default) = “C:\Windows\system32\wmpshell.dll” [MS] “{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}” = “GameUX.RichGameMediaThumbnail” -> {HKLM…CLSID} = “RichGameMediaThumbnail Class” \InProcServer32(Default) = “C:\Windows\System32\gameux.dll” [MS] “{15D633E2-AD00-465b-9EC7-F56B7CDF8E27}” = “Tablet PC Input Panel” -> {HKLM…CLSID} = “Tablet PC Input Panel” \InProcServer32(Default) = “C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll” [MS] “{6b9228da-9c15-419e-856c-19e768a13bdc}” = “Windows gadget DropTarget” -> {HKLM…CLSID} = “Windows gadget DropTarget” \InProcServer32(Default) = “C:\Program Files\Windows Sidebar\sbdrop.dll” [MS] “{8A734961-C4AA-4741-AC1E-791ACEBF5B39}” = “Windows Media Player Shop Music Context Menu Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Windows\system32\wmpshell.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\Windows\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\Windows\system32\nvcpl.dll” [“NVIDIA Corporation”] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{7F67036B-66F1-411A-AD85-759FB9C5B0DB}” = “ShellViewRTF” -> {HKLM…CLSID} = “ShellViewRTF” \InProcServer32(Default) = “C:\Windows\System32\ShellvRTF.dll” [“XSS”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <> “{da3b49f6-8c54-4429-a275-21a86dcca413}” = “admissibility” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Windows\system32\xuoce.dll” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “ConsentPromptBehaviorAdmin” = (REG_DWORD) hex:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} “ConsentPromptBehaviorUser” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} “EnableInstallerDetection” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Detect Application Installations And Prompt For Elevation} “EnableLUA” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} “EnableSecureUIAPaths” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Only elevate UIAccess applications that are installed in secure locations} “EnableVirtualization” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Virtualize file and registry write failures to per-user locations} “PromptOnSecureDesktop” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Conrol: Switch to the secure desktop when prompting for elevation} “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “FilterAdministratorToken” = (REG_DWORD) hex:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Admin Approval Mode for the Built-in Administrator Account} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Windows\web\wallpaper\CompaqFlow.jpg” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\windows\web\wallpaper\CompaqFlow.jpg” DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- D:\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\Windows\System32\ShellvRTF.dll” [“XSS”] D:$RECYCLE.BIN\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\Windows\System32\ShellvRTF.dll” [“XSS”] D:\boot\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\Windows\System32\ShellvRTF.dll” [“XSS”] D:\HP\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\Windows\System32\ShellvRTF.dll” [“XSS”] D:\preload\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\Windows\System32\ShellvRTF.dll” [“XSS”] D:\SOURCES\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\Windows\System32\ShellvRTF.dll” [“XSS”] D:\Tools\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\Windows\System32\ShellvRTF.dll” [“XSS”] D:\WINDOWS\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\Windows\System32\ShellvRTF.dll” [“XSS”] Startup items in “Jedrek” & “All Users” startup folders: -------------------------------------------------------- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Adobe Reader Synchronizer” -> shortcut to: “C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe” [“Adobe Systems Incorporated”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\system32\NLAapi.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\system32\napinsp.dll” [MS] 000000000005\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS] 000000000006\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 18 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.6.0” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0\bin\ssv.dll” [“Sun Microsystems, Inc.”] HOSTS file ---------- C:\Windows\System32\drivers\etc\HOSTS maps: 2 domain names to IP addresses, 1 of the IP addresses is *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ““C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”” [“Symantec Corporation”] CNG Key Isolation, KeyIso, “C:\Windows\system32\lsass.exe” [MS] Computer Browser, Browser, “C:\Windows\System32\svchost.exe -k netsvcs” {“C:\Windows\System32\browser.dll” [MS]} Extensible Authentication Protocol, EapHost, “C:\Windows\System32\svchost.exe -k netsvcs” {“C:\Windows\System32\eapsvc.dll” [MS]} HP Health Check Service, HP Health Check Service, ““C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe”” [null data] hpqwmiex, hpqwmiex, “C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe” [“Hewlett-Packard Development Company, L.P.”] IP Helper, iphlpsvc, “C:\Windows\System32\svchost.exe -k NetSvcs” {(missing data)} LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, ““c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon” [file not found] Network Store Interface Service, nsi, “C:\Windows\system32\svchost.exe -k LocalService” {(missing data)} Spyware Doctor Auxiliary Service, sdAuxService, “C:\Program Files\Spyware Doctor\svcntaux.exe” [“PC Tools”] Spyware Doctor Service, sdCoreService, “C:\Program Files\Spyware Doctor\swdsvc.exe” [“PC Tools”] Symantec Lic NetConnect service, CLTNetCnService, ““c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon” [file not found] TCP/IP NetBIOS Helper, lmhosts, “C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted” {(missing data)} Windows Driver Foundation - User-mode Driver Framework, wudfsvc, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\System32\WUDFSvc.dll” [MS]} Windows Event Log, Eventlog, “C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted” {(missing data)} Windows Image Acquisition (WIA), stisvc, “C:\Windows\system32\svchost.exe -k imgsvc” {“C:\Windows\System32\wiaservc.dll” [MS]} WLAN AutoConfig, Wlansvc, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\System32\wlansvc.dll” [MS]} XAudioService, XAudioService, “C:\Windows\system32\DRIVERS\xaudio.exe” [“Conexant Systems, Inc.”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 52 seconds. ---------- (total run time: 111 seconds)
Joan
(Joan Sunshine)
7 Maj 2007 19:36
#5
usun foldery z dysku w trybie awaryjnym, wpisy zafixuj w hijacku
Daj nowe logi
Skan AVG AntySpyware 7.5 po update, wklej raport.
Przenoszę do Bezpieczeństwa. OT > KOSZ.
Niewiem moze robie cos zle…Po pierwsze nie widac takiego folderu jak SpyLocked a po drugie nawet w trybie Safe Mode jest to samo:pracuje normalnie 5sek i pulpit znika i od nowa Czekam na wskazowki :oops:
Złączono Posta : 07.05.2007 (Pon) 22:53
Udalo sie.To sa nowe logi po usunieciu tamtych folderow…
Złączono Posta : 07.05.2007 (Pon) 22:54
[quote]Logfile of HijackThis v1.99.1
Scan saved at 21:53:17, on 08/05/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\Explorer.exe
C:\Users\Jedrek\AppData\Local\Temp\Temp1_hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe[/quote]
Złączono Posta : 07.05.2007 (Pon) 23:26
No i znowu leze>Chwilw bylo dobrze i znowu to sam o…
Gutek
(Gutek)
7 Maj 2007 22:38
#7
ComboFix nie odpala sie ani z tego linka ani po zapisaniu na dysku.Nie moge takze odpalic AVg AntySpyware poniewaz cos blokuje mi do niego dostemp i krzyczy '‘The application failed to initialize propely (0x000142).Click OK to terminate the program’'a nastepnie Avg antySpyware has stopped working…
Złączono Posta : 08.05.2007 (Wto) 18:08
Dodam że mam laptop firmy COMPAQ, niemam Visty na cd i dostepu do WinExplorera.Czy da się to naprawić czy czeka mnie format którego poprostu nie lubie.?.
Złączono Posta : 08.05.2007 (Wto) 20:14
Czy ktoś jest w stanie rozwiazać ten problem??Plisssss… :roll: