Znikanie paska zadań + błedy exploratora windows
Włączyłem komptuer i na pasku aktywnych programów, koło godziny pojawił się czerwony biały krzyźyk na czerwonym tle i napis your computer is infected. Teraz co kilka minut znika mi pasek zadań i odświeźa pulpit. Do tego wyskakują błędy Internet Explorera. Proszę o pomoc:
Logfile of HijackThis v1.99.1
Scan saved at 19:59:37, on 2005–10–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\windows\system32\mdms.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Steam\Steam.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\teamspeak2_RC2\TeamSpeak.exe
D:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\explorer.exe
D:\Program Files\eMule\Incoming\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – D:\Program Files\GetRight\xx2gr.dll
O4 – HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
O4 – HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [SysMemory manager] d:\windows\system32\mdms.exe
O4 – HKCU\..\Run: [Steam] C:\Steam\Steam.exe –silent
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 – Global Startup: HP Image Zone – szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 – Extra context menu item: Download with GetRight – D:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Open with GetRight Browser – D:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – D:\WINDOWS\System32\HPZipm12.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Ostatni wpis po usunięci pojawią sie na nowo po ponownym skoanowaniu
Logfile of HijackThis v1.99.1
Scan saved at 19:59:37, on 2005–10–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\windows\system32\mdms.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Steam\Steam.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\teamspeak2_RC2\TeamSpeak.exe
D:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\explorer.exe
D:\Program Files\eMule\Incoming\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – D:\Program Files\GetRight\xx2gr.dll
O4 – HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
O4 – HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [SysMemory manager] d:\windows\system32\mdms.exe
O4 – HKCU\..\Run: [Steam] C:\Steam\Steam.exe –silent
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 – Global Startup: HP Image Zone – szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 – Extra context menu item: Download with GetRight – D:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Open with GetRight Browser – D:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – D:\WINDOWS\System32\HPZipm12.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Ostatni wpis po usunięci pojawią sie na nowo po ponownym skoanowaniu
Odpowiedzi: 6
Pozbądz się jeszcze:
Biblioteka winacpi.dll wylatuje z dysku, podmieniasz jeszcze raz plik wininet.dll ale dopiero po wszystkim.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SysMemory manager" = "d:\windows\system32\mdms.exe" [file not found]
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{5E2121EE–0300–11D4–8D3B–444553540000}" = "st"
–> {CLSID}\InProcServer32\(Default) = "D:\windows\system32\winacpi.dll" [file not found]
Biblioteka winacpi.dll wylatuje z dysku, podmieniasz jeszcze raz plik wininet.dll ale dopiero po wszystkim.
Respamo usunąłem Norton Antywirusem 2003, jeszcze spróbuje recznie poszukać czy czegoś nie zostawił.
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = "C:\Steam\Steam.exe –silent" ["Valve Corporation"]
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"HP Software Update" = ""D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett–Packard Company"]
"HP Component Manager" = ""D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett–Packard Company"]
"NeroCheck" = "D:\WINDOWS\System32\\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"SysMemory manager" = "d:\windows\system32\mdms.exe" [file not found]
"Symantec NetDriver Monitor" = "D:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 –k" [MS]
"ccApp" = ""D:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"Advanced Tools Check" = "D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{31FF080D–12A3–439A–A2EF–4BA95A3148E8}\(Default) = "bho2gr Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\GetRight\xx2gr.dll" ["Headlight Software, Inc."]
{BDF3E430–B101–42AD–A544–FADC6B084872}\(Default) = "NAV Helper"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{A70C977A–BF00–412C–90B7–034C51DA2439}" = "NvCpl DesktopContext Class"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}" = "Play on my TV helper"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Desktop Explorer"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}" = "nView Desktop Context Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{5E2121EE–0300–11D4–8D3B–444553540000}" = "st"
–> {CLSID}\InProcServer32\(Default) = "D:\windows\system32\winacpi.dll" [file not found]
oleext32.dll nie mam
a pod HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager nie znalazłem wartości PendingFileRenameOperations(tutaj screen wartości tego klucza: http://www.kalisz.mm.pl/~clanwbr/screen.JPG)
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = "C:\Steam\Steam.exe –silent" ["Valve Corporation"]
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"HP Software Update" = ""D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett–Packard Company"]
"HP Component Manager" = ""D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett–Packard Company"]
"NeroCheck" = "D:\WINDOWS\System32\\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"SysMemory manager" = "d:\windows\system32\mdms.exe" [file not found]
"Symantec NetDriver Monitor" = "D:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 –k" [MS]
"ccApp" = ""D:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"Advanced Tools Check" = "D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ms_anti_spywarebxp" = "D:\WINDOWS\mwfirebpx.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{31FF080D–12A3–439A–A2EF–4BA95A3148E8}\(Default) = "bho2gr Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\GetRight\xx2gr.dll" ["Headlight Software, Inc."]
{BDF3E430–B101–42AD–A544–FADC6B084872}\(Default) = "NAV Helper"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{A70C977A–BF00–412C–90B7–034C51DA2439}" = "NvCpl DesktopContext Class"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}" = "Play on my TV helper"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Desktop Explorer"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}" = "nView Desktop Context Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{5E2121EE–0300–11D4–8D3B–444553540000}" = "st"
–> {CLSID}\InProcServer32\(Default) = "D:\windows\system32\winacpi.dll" [file not found]
oleext32.dll nie mam
a pod HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager nie znalazłem wartości PendingFileRenameOperations(tutaj screen wartości tego klucza: http://www.kalisz.mm.pl/~clanwbr/screen.JPG)
Pozbyłeś się Repsamo w całosci ? Tzn usuniecie kluczy z rejestru + wywalenie winacpi.dll
Poszukaj na dysku równieź pliku oleext32.dll
Sciągnij skrypt Silent Runners i podaj log z niego.
Przejdz do klucza: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager i podaj proszę co takiego ma w danych wartosć PendingFileRenameOperations.
P.S. To Twoje ?
Jesli nie pozbądz się tej usługi.
Poszukaj na dysku równieź pliku oleext32.dll
Sciągnij skrypt Silent Runners i podaj log z niego.
Przejdz do klucza: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager i podaj proszę co takiego ma w danych wartosć PendingFileRenameOperations.
P.S. To Twoje ?
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Jesli nie pozbądz się tej usługi.
Pozbyłeś się Repsamo w całosci ? Tzn usuniecie kluczy z rejestru + wywalenie winacpi.dll
Poszukaj na dysku równieź pliku oleext32.dll
Sciągnij skrypt Silent Runners i podaj log z niego.
Przejdz do klucza: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager i podaj proszę co takiego ma w danych wartosć PendingFileRenameOperations.
P.S. To Twoje ?
Jesli nie pozbądz się tej usługi.
Poszukaj na dysku równieź pliku oleext32.dll
Sciągnij skrypt Silent Runners i podaj log z niego.
Przejdz do klucza: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager i podaj proszę co takiego ma w danych wartosć PendingFileRenameOperations.
P.S. To Twoje ?
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Jesli nie pozbądz się tej usługi.
Plik wininet.dll ściągnołem z www.dll–files.com i podmieniłem z tym z system32. Nie pomogło. :(
Pliku wversion.dll nie ma.
Po wpisaniu powyźszego w trybie awaryjnym pojawia się:
Nie moźna otworzyć pliku wyjściowego: d:\windows\system32\wininet.dll
Po wpisaniu powyźszego w trybie awaryjnym pojawia się:
Nie moźna otworzyć pliku wyjściowego: d:\windows\system32\wininet.dll
Strona 1 / 1