Wirus: Trojan.Win32.Patched

magdamr · 17 Wrzesień 2007 12:56

Mam problem zprzegladarką explorer Wiesza sie i wyskakuje błąd z plikiem iexplore.exe. Przeskanowałam te pliki antywirusem i nic nie wykazał. Za to na stronie http://virusscan.jotti.org/ w jednym wykryto wirus Trojan.Win32.Patched.w zlokalizowany: C:\WINDOWS$NtServicePackUninstall$

A ja nie wiem jak usunąć ten plik czy można ręcznie w trybie awaryjnym?

Wklejam logi może się przydadzą

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”] “Gadu-Gadu” = ““C:\z netu\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NeroCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “Intense Registry Service” = “IntEdReg.exe /CHECK” [null data] “PD0620 STISvc” = “RunDLL32.exe P0620Pin.dll,RunDLL32EP 513” [MS] “FRISK FP-Scheduler” = “C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP” [“FRISK Software International”] “F-StopW” = “C:\Program Files\FSI\F-Prot\F-StopW.EXE” [“Frisk Software International”] “Adobe Photo Downloader” = ““C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided) -> {HKLM…CLSID} = “Windows Live Sign-in Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Notifier BHO” \InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll” [“Google Inc.”] {C08DF07A-3E49-4E25-9AB0-D3882835F153}(Default) = (no title provided) -> {HKLM…CLSID} = “QUICKfind BHO Object” \InProcServer32(Default) = “C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.65 Context Menu Shell Extension” -> {HKLM…CLSID} = “WinAceContext Menu Extension” \InProcServer32(Default) = “C:\Program Files\WinAce\arcext.dll” [“e-merge GmbH”] “{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.65 DragDrop Shell Extension” -> {HKLM…CLSID} = “WinAceDrag-Drop Extension” \InProcServer32(Default) = “C:\Program Files\WinAce\arcext.dll” [“e-merge GmbH”] “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.65 Context Menu Shell Extension” -> {HKLM…CLSID} = “WinAceContext Menu (Add) Extension” \InProcServer32(Default) = “C:\Program Files\WinAce\arcext.dll” [“e-merge GmbH”] “{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.65 Property Sheet Shell Extension” -> {HKLM…CLSID} = “WinAceProperty Sheet Extension” \InProcServer32(Default) = “C:\Program Files\WinAce\arcext.dll” [“e-merge GmbH”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{1474F601-9B4B-4EB0-81FA-20F753C0E1A4}” = “FRISK extension” -> {HKLM…CLSID} = “FRISK Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\FSI\F-Prot\shexthk.dll” [empty string] “{E443A8D5-D905-4401-8789-16AE23A8A96D}” = “FRISK extension” -> {HKLM…CLSID} = “FRISKLinkExt Class” \InProcServer32(Default) = “C:\Program Files\FSI\F-Prot\shexthk.dll” [empty string] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” -> {HKLM…CLSID} = “WinAceContext Menu (Add) Extension” \InProcServer32(Default) = “C:\Program Files\WinAce\arcext.dll” [“e-merge GmbH”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ FRISK(Default) = “{1474F601-9B4B-4EB0-81FA-20F753C0E1A4}” -> {HKLM…CLSID} = “FRISK Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\FSI\F-Prot\shexthk.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” -> {HKLM…CLSID} = “WinAceContext Menu (Add) Extension” \InProcServer32(Default) = “C:\Program Files\WinAce\arcext.dll” [“e-merge GmbH”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Teresa1\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Teresa1” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “LUMIX Simple Viewer” -> shortcut to: “C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe” [“Matsushita Electric Industrial Co., Ltd.”] “Microsoft Office” -> shortcut to: “C:\Office\OSA9.EXE -b -l” [MS] Enabled Scheduled Tasks: ------------------------ “FRU Task #Hewlett-Packard#Deskjet#3420” -> launches: "C:\Program Files\Hewlett-Packard\upapp\hpqfruv.exe -I “#Hewlett-Packard#Deskjet#3420"” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”] F-Prot Antivirus Update Monitor, F-Prot Antivirus Update Monitor, ““C:\Program Files\FSI\F-Prot\fpavupdm.exe”” [“FRISK Software”] Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”] Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC, UserAccess, “C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe” [null data] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt07\Driver = “hpzsnt07.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 64 seconds, including 5 seconds for message boxes)

Logfile of HijackThis v1.99.1 Scan saved at 14:51:26, on 2007-09-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\FSI\F-Prot\F-Sched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\z netu\Gadu-Gadu\gg.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\FSI\F-Prot\fpavupdm.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\FSI\F-Prot\F-StopW.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Teresa1\Moje dokumenty\hj\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [Intense Registry Service] IntEdReg.exe /CHECK O4 - HKLM…\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM…\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP O4 - HKLM…\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\z netu\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Office\OSA9.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1D51AD25-AC85-45A3-96CC-DA49C3536D9F} (SearchEngineControl Class) - file://D:\sn\search\SearchEngine.dll O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.mapa.lodz.pl/VIEWERS/mgaxctrl.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe

Dziękuje za pomoc

jessica · 17 Wrzesień 2007 13:39

Sfiksuj to:

>>Hijack>>scan(Do a system scan only)>>zaznacz go >> Fix checked.

To jest właśnie, to, co masz.

Zastanawiam się, czy “VIRUSTOTAL” nie popełnił pomyłki.

Czy Service Pack miałaś instalowany z pewnego źródła?

jessi

magdamr · 17 Wrzesień 2007 14:27

Wykasowałam ten wpis

Service Pack dostałam od jakiegoś znajomego i nie wiem czy dobry. Czyli moge to wykasować jesli nie bede go odinstalowywać

A co ztym wirusem jest czy go nie ma? Czy sobie to darować i kozystać zopery? Czy wszystko jest ok?

jessica · 17 Wrzesień 2007 20:42

Nie rozumiem: z jakim wirusem? Przecież piszesz, że ten plik został usunięty.

jessi

magdamr · 17 Wrzesień 2007 21:14

przepraszam za nie zrozumienie

Ale wykasowałam ten wpis co mówiłaś czyli: O16 - DPF: {1D51AD25-AC85-45A3-96CC-DA49C3536D9F} (SearchEngineControl Class) - file://D:\sn\search\SearchEngine.dll

ale z tym iexplore nic nie zrobiłam i tam nadal jest ten Trojan.Win32.Patched.w

Złączono Posta : 17.09.2007 (Pon) 23:23

to skoro wirustolar mógł popełnić błąd i nie ma wirusa. To jaka może być przyczyna zawiesznia się internetu i zamykania go po wystąpieniu błędu zaplikacja iexplore.exe. ?Występuje to po kilku minutach pracy a przy skrzynce na o2 odrazu po zalogowaniu.

jessica · 17 Wrzesień 2007 21:25

Wg mnie: nie ma żadnego Trojana. Jeśli na kilkanaście Antivirusów wykrywa Trojana tylko jeden, to wygląda to na jego pomyłkę.

Ale jak chcesz, to przecież możesz to usunąć (przez prawoklik i usuń).

EDIT:

Możesz też, dla większej pewności użyć -->SDFix

Uwaga: Da się go uruchomić tylko w Trybie Awaryjnym.

Pokaż Report.txt znajdujący się w folderze SDFix.

jessi

magdamr · 18 Wrzesień 2007 08:10

Dzięki ale ja już usunełam to zprawokliku wiec nie moge zrobic tego co napisałaś. Oczywiscie to nic nie pomogło i intrnet mi nie działa prawidłowo. Wiec musze kożystać z opery. Może dlatego że dowiedziałam się że nie mam orginalnego windowsa. A kupowałam komp w sklepie normalnym(dostałam na prezent). Dopiero po kilku latach to zauważyłam arczej internet explorer mi to uświadomił bo nie mógł się aktualizować. Może to jest wszystkiego przyczyna?

jessica · 18 Wrzesień 2007 08:53

Nie sądzę, by to była przyczyna.

jessi

system · 18 Wrzesień 2007 09:39

Sprawdź czy masz plik kbdb32.dll w lokalizacji C:\WINDOWS\Inf\kbdb32.dll

Folder Inf jest ukrytym folderem systemowym, więc

Eksplorator Windows >>> Narzędzia >>> Opcje folderów >>> Widok -> zaznacz Pokaż ukryte pliki systemowe i odznacz Ukryj chronione pliki systemu operacyjnego >>> Zastosuj >>> OK

magdamr · 18 Wrzesień 2007 18:10

Niestety nie mma takiego pliku:( Czy to bardzo żle

Załuważyłam ponadto że od pewnego czasu wolniej zamyka i się komputer. Dopiero po któryms z koleji(3) dociera cos do niego zamyka windows.

Gutek · 18 Wrzesień 2007 21:00

Skan AVG Anti-Spyware 7.5 po update + raport

magdamr · 19 Wrzesień 2007 09:18

Oto raport :

_________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

Name: TrackingCookie.Yieldmanager

Path: C:\Documents and Settings\Teresa1\Cookies\teresa1@ad.yieldmanager[1].txt

Risk: Medium

Name: TrackingCookie.Adbrite

Path: C:\Documents and Settings\Teresa1\Cookies\teresa1@adbrite[2].txt

Risk: Medium

Name: TrackingCookie.Adrevolver

Path: C:\Documents and Settings\Teresa1\Cookies\teresa1@adrevolver[3].txt

Risk: Medium

Name: TrackingCookie.Adbrite

Path: C:\Documents and Settings\Teresa1\Cookies\teresa1@ads.adbrite[1].txt

Risk: Medium

Name: TrackingCookie.Adrevolver

Path: C:\Documents and Settings\Teresa1\Cookies\teresa1@media.adrevolver[1].txt

Risk: Medium

Name: TrackingCookie.Netflame

Path: C:\Documents and Settings\Teresa1\Cookies\teresa1@ssl-hints.netflame[1].txt

Risk: Medium

Name: TrackingCookie.Statcounter

Path: C:\Documents and Settings\Teresa1\Cookies\teresa1@statcounter[2].txt

Risk: Medium

Name: TrackingCookie.Tacoda

Path: C:\Documents and Settings\Teresa1\Cookies\teresa1@tacoda[2].txt

Risk: Medium

Name: TrackingCookie.Tradedoubler

Path: C:\Documents and Settings\Teresa1\Cookies\teresa1@tradedoubler[1].txt

Risk: Medium

Name: TrackingCookie.Tribalfusion

Path: C:\Documents and Settings\Teresa1\Cookies\teresa1@tribalfusion[1].txt

Risk: Medium

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\Darek\Cookies\darek@2o7[1].txt

Risk: Medium

Name: TrackingCookie.Atdmt

Path: C:\Documents and Settings\Darek\Cookies\darek@atdmt[2].txt

Risk: Medium

Name: TrackingCookie.Doubleclick

Path: C:\Documents and Settings\Darek\Cookies\darek@doubleclick[2].txt

Risk: Medium

Name: TrackingCookie.Ru4

Path: C:\Documents and Settings\Darek\Cookies\darek@edge.ru4[2].txt

Risk: Medium

Name: TrackingCookie.Ivwbox

Path: C:\Documents and Settings\Darek\Cookies\darek@ivwbox[2].txt

Risk: Medium

Name: TrackingCookie.Webtrends

Path: C:\Documents and Settings\Darek\Cookies\darek@m.webtrends[1].txt

Risk: Medium

Name: TrackingCookie.Mediaplex

Path: C:\Documents and Settings\Darek\Cookies\darek@mediaplex[1].txt

Risk: Medium

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\Darek\Cookies\darek@msnportal.112.2o7[1].txt

Risk: Medium

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\Darek\Cookies\darek@msnportalbeetoffice2007.112.2o7[1].txt

Risk: Medium

Name: TrackingCookie.Questionmarket

Path: C:\Documents and Settings\Darek\Cookies\darek@questionmarket[2].txt

Risk: Medium

Name: TrackingCookie.Msn

Path: C:\Documents and Settings\Darek\Cookies\darek@search.msn[2].txt

Risk: Medium

Name: TrackingCookie.Skype

Path: C:\Documents and Settings\Darek\Cookies\darek@skype[1].txt

Risk: Medium

Name: TrackingCookie.Tradedoubler

Path: C:\Documents and Settings\Darek\Cookies\darek@tradedoubler[2].txt

Risk: Medium

Name: Adware.BHO

Path: C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll

Risk: Medium

Złączono Posta : 19.09.2007 (Sro) 11:18

i co teraz? czy wszystko jest ok?

jessica · 19 Wrzesień 2007 10:04

Wg mnie - jest OK.

Obiekty wykryte przez AVG to tylko “Media” - nic groźnego.

jessi

magdamr · 20 Wrzesień 2007 09:41

Dzięki wszystkim. Internet nadal sie zamyka choć nie zawsze. Przyzwyczajiłam się już. Najważniejsze że nie ma żadnych wiruców i plewów i to mnie cieczy. Pozdrawiam