YOUR SYSTEM IS INFECTED
Witam
Taki komunikat pojawia mi sie na pulpicie. A wszystko za sprawa choerstwa spysheriff, który mi sie niestety samoczynnie zainstalowal. Chyba udalo mi sie to usunac, ale system i tak jest zainfekowany. Skanowanie Panda online wykrylo jeszce kilka wirusów i programów szpiegowskich. Najgorsze w tym wszystkim jest to, ze wszystkie moje programy nie dzialaja. W zasadzie nic nie moge uruchomic, zmienic ustawien Windowsa itp. No i co ja mam poczac?
Czy musze przeinstalowac system?
Pomocy!
Taki komunikat pojawia mi sie na pulpicie. A wszystko za sprawa choerstwa spysheriff, który mi sie niestety samoczynnie zainstalowal. Chyba udalo mi sie to usunac, ale system i tak jest zainfekowany. Skanowanie Panda online wykrylo jeszce kilka wirusów i programów szpiegowskich. Najgorsze w tym wszystkim jest to, ze wszystkie moje programy nie dzialaja. W zasadzie nic nie moge uruchomic, zmienic ustawien Windowsa itp. No i co ja mam poczac?
Czy musze przeinstalowac system?
Pomocy!
Odpowiedzi: 5
no dobra jestem niewiastą...czym jest fix?
Wyłacz przywracanie systemu
Przygotuj fixa, otórz notatnik i wklej do niego:
Zapisz z rozszerzeniem reg.
Uruchom system w trybie awaryjnym, zaznacz poniźesz wpisy i kliknij fix
Wyboldowane pliki/katalogi usuń recznie z dysku.
Skasuj równiez z dysku plik winacpi.dll
Pozniej mozesz dodać wczesniej zrobionego fixa.
Przygotuj fixa, otórz notatnik i wklej do niego:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysMemory manager"=–
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{5E2121EE–0300–11D4–8D3B–444553540000}"=–
[–HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\sysacpildap]
Zapisz z rozszerzeniem reg.
Uruchom system w trybie awaryjnym, zaznacz poniźesz wpisy i kliknij fix
Wyboldowane pliki/katalogi usuń recznie z dysku.
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [Internet Explorer] c:\Program Files\Internet Explorer\shttps\http.exe
O4 – HKLM\..\Run: [svchost] c:\Program Files\Internet Explorer\shttps\svchost.exe
O4 – HKLM\..\Run: [CPU Watcher] rundll32.exe C:\WINDOWS\cpu.dll,load
09 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O20 – Winlogon Notify: tcpG4T – C:\WINDOWS\SYSTEM32\tcpG4T.dll
O21 – SSODL: SysTray.Excn – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – C:\WINDOWS\System32\aeiomjbg.dll
O21 – SSODL: SysTray.Exsh – {1768ECFC–4F5C–4f5b–B134–D67294FC78E9} – C:\WINDOWS\System32\dhopjllj.dll (file missing)
O21 – SSODL: Internet Explorer – {F28A40D7–AD0E–034A–C651–5F0ED76232E6} – C:\WINDOWS\System32\Pfhfcf32.dll (file missing)
Skasuj równiez z dysku plik winacpi.dll
Pozniej mozesz dodać wczesniej zrobionego fixa.
Logfile of HijackThis v1.99.1
Scan saved at 21:09:52, on 2005–08–15
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 – HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 – HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 – HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [Internet Explorer] c:\Program Files\Internet Explorer\shttps\http.exe
O4 – HKLM\..\Run: [svchost] c:\Program Files\Internet Explorer\shttps\svchost.exe
O4 – HKLM\..\Run: [CPU Watcher] rundll32.exe C:\WINDOWS\cpu.dll,load
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: BTTray.lnk = ?
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Send To &Bluetooth – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: @btrez.dll,–4015 – {CCA281CA–C863–46ef–9331–5C8D4460577F} – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 – Extra 'Tools' menuitem: @btrez.dll,–4017 – {CCA281CA–C863–46ef–9331–5C8D4460577F} – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106614729180
O16 – DPF: {64D9B72C–E42A–490E–9181–221E1E035A14} (GDL Control) – http://www.graphisoft.com/ftp/gdl/webcontrol/GDLCtl.2.0.1.299.cab
O16 – DPF: {78AF2F24–A9C3–11D3–BF8C–0060B0FCC122} (AcDcToday Control) – file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {AE563720–B4F5–11D4–A415–00108302FDFD} (NOXLATE–BANR) – file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 – DPF: {C6637286–300D–11D4–AE0A–0010830243BD} (InstaFred) – file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 – DPF: {E06E2E99–0AA1–11D4–ABA6–0060082AA75C} (GpcContainer Class) – https://graphisoft.webex.com/client/v_mywebex–t20/webex/ieatgpc.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F281A59C–7B65–11D3–8617–0010830243BD} (AcPreview Control) – file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O20 – Winlogon Notify: Sebring – C:\WINDOWS\System32\LgNotify.dll
O20 – Winlogon Notify: tcpG4T – C:\WINDOWS\SYSTEM32\tcpG4T.dll
O21 – SSODL: SysTray.Excn – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – C:\WINDOWS\System32\aeiomjbg.dll
O21 – SSODL: SysTray.Exsh – {1768ECFC–4F5C–4f5b–B134–D67294FC78E9} – C:\WINDOWS\System32\dhopjllj.dll (file missing)
O21 – SSODL: Internet Explorer – {F28A40D7–AD0E–034A–C651–5F0ED76232E6} – C:\WINDOWS\System32\Pfhfcf32.dll (file missing)
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Bluetooth Service (btwdins) – WIDCOMM, Inc. – C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 – Service: RegSrvc – Intel Corporation – C:\WINDOWS\System32\RegSrvc.exe
O23 – Service: Spectrum24 Event Monitor (S24EventMonitor) – Intel Corporation – C:\WINDOWS\System32\S24EvMon.exe
I co z tym teraz zrobić?
Scan saved at 21:09:52, on 2005–08–15
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 – HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 – HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 – HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [Internet Explorer] c:\Program Files\Internet Explorer\shttps\http.exe
O4 – HKLM\..\Run: [svchost] c:\Program Files\Internet Explorer\shttps\svchost.exe
O4 – HKLM\..\Run: [CPU Watcher] rundll32.exe C:\WINDOWS\cpu.dll,load
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: BTTray.lnk = ?
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Send To &Bluetooth – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: @btrez.dll,–4015 – {CCA281CA–C863–46ef–9331–5C8D4460577F} – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 – Extra 'Tools' menuitem: @btrez.dll,–4017 – {CCA281CA–C863–46ef–9331–5C8D4460577F} – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106614729180
O16 – DPF: {64D9B72C–E42A–490E–9181–221E1E035A14} (GDL Control) – http://www.graphisoft.com/ftp/gdl/webcontrol/GDLCtl.2.0.1.299.cab
O16 – DPF: {78AF2F24–A9C3–11D3–BF8C–0060B0FCC122} (AcDcToday Control) – file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {AE563720–B4F5–11D4–A415–00108302FDFD} (NOXLATE–BANR) – file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 – DPF: {C6637286–300D–11D4–AE0A–0010830243BD} (InstaFred) – file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 – DPF: {E06E2E99–0AA1–11D4–ABA6–0060082AA75C} (GpcContainer Class) – https://graphisoft.webex.com/client/v_mywebex–t20/webex/ieatgpc.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F281A59C–7B65–11D3–8617–0010830243BD} (AcPreview Control) – file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O20 – Winlogon Notify: Sebring – C:\WINDOWS\System32\LgNotify.dll
O20 – Winlogon Notify: tcpG4T – C:\WINDOWS\SYSTEM32\tcpG4T.dll
O21 – SSODL: SysTray.Excn – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – C:\WINDOWS\System32\aeiomjbg.dll
O21 – SSODL: SysTray.Exsh – {1768ECFC–4F5C–4f5b–B134–D67294FC78E9} – C:\WINDOWS\System32\dhopjllj.dll (file missing)
O21 – SSODL: Internet Explorer – {F28A40D7–AD0E–034A–C651–5F0ED76232E6} – C:\WINDOWS\System32\Pfhfcf32.dll (file missing)
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Bluetooth Service (btwdins) – WIDCOMM, Inc. – C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 – Service: RegSrvc – Intel Corporation – C:\WINDOWS\System32\RegSrvc.exe
O23 – Service: Spectrum24 Event Monitor (S24EventMonitor) – Intel Corporation – C:\WINDOWS\System32\S24EvMon.exe
I co z tym teraz zrobić?
O Spysheriff było juź kilka tematów na forum.
Sciagnij HijackThis, wygeneruj log i albo wklej go w tym temacie do sprawdzenia albo jak masz o tym jakies pojęcie skorzystaj z automatu linkowanego w przyklejonym temacie.
Sciagnij HijackThis, wygeneruj log i albo wklej go w tym temacie do sprawdzenia albo jak masz o tym jakies pojęcie skorzystaj z automatu linkowanego w przyklejonym temacie.
Skorzystaj z funkcji Przywracanie systemu (%systemroot%\system32\restore\rstrui.exe), cofając system do stanu sprzed instalacji programu.