CentrumXP Forum Tematyka portalu CentrumXP.pl Windows XP Neostrada cały czas mi wysyła –prosze o pomoc.

Neostrada cały czas mi wysyła –prosze o pomoc.

Cały czas cos mi wysyła i odbiera z netu.Jakis program mcafee32. Podaje scan HijackThis. Co wykasować.

Logfile of HijackThis v1.97.7
Scan saved at 22:21:11, on 2005–02–25
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:WINDOWSSystem32CTHELPER.EXE
C:WINDOWSSystem32ctfmon.exe
C:Program FilesAVERTV2KQuickTV.exe
C:Program FilesLogitechMouseWaresystemem_exec.exe
C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:WINDOWSSystem32mcafee32.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:Program FilesOperaOpera.exe
C:Program Files otalcmdTOTALCMD.EXE
D:Uzytkiapora KerioHijackHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F0 – system.ini: Shell=Explorer.exe mcafee32.exe
F2 – REG:system.ini: Shell=Explorer.exe mcafee32.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdreg.exe
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSplash ScreenCTEaxSpl.EXE /run
O4 – HKLM..Run: [Jet Detection] C:Program FilesCreativeSBAudigyPROGRAMADGJDet.exe
O4 – HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 – HKLM..Run: [CTHelper] CTHELPER.EXE
O4 – HKLM..Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – Global Startup: QuickTV.lnk = C:Program FilesAVERTV2KQuickTV.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109356037187
O17 – HKLMSystemCCSServicesTcpip..{B2866A4F–52D4–4DE6–A2FD–D1B125A149E7}: NameServer = 194.204.152.34 217.98.63.164

Dziekuje za pomoc.

Odpowiedzi: 1

Wylacz przywracanie systemu

Zakoncz proces i usun plik:
mcafee32.exe

FIX:

F0 – system.ini: Shell=Explorer.exe mcafee32.exe
F2 – REG:system.ini: Shell=Explorer.exe mcafee32.exe

Przeszukaj rejestr i usun wszystko co w nazwie bedzie miało mcafee32.exe
Poszukaj rowniez navprotect.exe

Bobi

Dodano: 26.02.2005 00:13:26

wodzu-4 31.08.2006 15:07:06

Witam Mam od kilku dni ten sam problem ale mimo zasatosowaniu róznego typu rad ciągle nie mogę sobie poradzić. Neostrada cały czas mi coś wysyła i przezto mam strasznie mały transfer.Moze to coś pomoże w zbadaniu co jest nie tak: Logfile of HijackThis v1.99.1 Scan saved at 12:22:57, on 2006-08-31 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\devldr32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\wodzu\Pulpit\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\system.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [Komunikator] "C:\Program Files\Tlen.pl\tlen.exe" --confdir=home O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O15 - Trusted Zone: <a href="http://click.getmirar.com/">http://click.getmirar.com</a> (HKLM) O15 - Trusted Zone: <a href="http://click.mirarsearch.com/">http://click.mirarsearch.com</a> (HKLM) O15 - Trusted Zone: <a href="http://redirect.mirarsearch.com/">http://redirect.mirarsearch.com</a> (HKLM) O15 - Trusted Zone: <a href="http://www.mirarsearch.com/">http://www.mirarsearch.com</a> (HKLM) O16 - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-611111193429} - O16 - DPF: {33331111-1111-1111-1111-611111193457} - <a>file://c:\ex.cab</a> O16 - DPF: {33331111-1111-1111-1111-611111193458} - <a>file://c:\ex.cab</a> O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1111-1111-1111-622221193458} - <a>file://c:\ex.cab</a> O16 - DPF: {33331111-1131-1111-1111-611111193428} - O16 - DPF: {43331111-1111-1111-1111-611111195622} - O16 - DPF: {64311111-1111-1121-1111-111191113457} - <a>file://c:\eied_s7.cab</a> O17 - HKLM\System\CCS\Services\Tcpip\..\{89050E03-7203-403E-80C0-E48DC3F8F495}: NameServer = 194.204.152.34 217.98.63.164 O20 - AppInit_DLLs:  C:\WINDOWS\System32\rundll32.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\wodzu\USTAWI~1\Temp\dnlsvc.exe (file missing) O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeProsze o pomoc bo już sam nie wiem co robić a nie mam czasu ani ochoty zeby bawić sie w foematowanie dysku
Żółty 31.08.2006 15:12:21

W dziale Bezpieczeństwo jest instrukcja jak sobie loga sprawdzić - zajrzyj tam i najpierw sprawdź samodzielnie (a masz trochę syfów). Jak skończysz to wrzuć loga kontrolnego. Jak będziesz miał wątpliwości lub sobie nie będziesz z czymś radził  to pisz.
wodzu-4 07.09.2006 13:11:27

Witam ponownieZrobiłem dokładnie tak jak opisane w dziale "bezpieczeństwo" I wydawało mnie sie że coś to pomogło bo było kilka dni spokoju. NIestety od dziś jest znowu to samo, z taką różnicą ze po sprawdzeniu loga analizator twierdzi ze wszysko jest już OK ale komp cały czas coś wysyła. Oto obecny stan zeczyLogfile of HijackThis v1.99.1 Scan saved at 11:00:36, on 2006-09-07 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\wodzu\Pulpit\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [Komunikator] "C:\Program Files\Tlen.pl\tlen.exe" --confdir=home O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O15 - Trusted Zone: <a href="http://click.getmirar.com/">http://click.getmirar.com</a> (HKLM) O15 - Trusted Zone: <a href="http://click.mirarsearch.com/">http://click.mirarsearch.com</a> (HKLM) O15 - Trusted Zone: <a href="http://redirect.mirarsearch.com/">http://redirect.mirarsearch.com</a> (HKLM) O15 - Trusted Zone: <a href="http://www.mirarsearch.com/">http://www.mirarsearch.com</a> (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{89050E03-7203-403E-80C0-E48DC3F8F495}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\wodzu\USTAWI~1\Temp\dnlsvc.exe (file missing) O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Seeker 07.09.2006 13:59:03

to jeszce wywalO17 - HKLM\System\CCS\Services\Tcpip\..\{89050E03-7203-403E-80C0-E48DC3F8F495}: NameServer = 194.204.152.34 217.98.63.164-chyba że znasz ten adres i z nim jakieś wymiany plików robicie O wylaczeniu przywracania pamiętałeś? To mogło spowodować że problem powrócił
EL NINO 07.09.2006 14:30:48

<BLOCKQUOTE><div><img src="http://portal.centrumxp.pl/Themes/default/images/icon-quote.gif"> Seeker:</div><div>to jeszce wywalO17 - HKLM\System\CCS\Services\Tcpip\..\{89050E03-7203-403E-80C0-E48DC3F8F495}: NameServer = 194.204.152.34 217.98.63.164</div></BLOCKQUOTE>Seeker, toz to tepsniane DNSy. wodzu, nie usuwaj tego. Pozbadz sie uslugi: O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\wodzu\USTAWI~1\Temp\dnlsvc.exe (file missing) To trojan. Z Uruchom "services.msc", wyszukaj usluge MS Software Shadow Download Provider (dnlsvc), wylacz, uruchaianie ustaw na "wylaczone". Wyszukaj na dysku plik dnlsvc.exe i usun. Pozniej wywolaj z Uruchom "cmd" i wykonaj: sc delete dnlsvc
Seeker 07.09.2006 14:37:03

<BLOCKQUOTE><div><img src="http://portal.centrumxp.pl/Themes/default/images/icon-quote.gif"> EL NINO:</div><div><BLOCKQUOTE><div><img src="http://portal.centrumxp.pl/Themes/default/images/icon-quote.gif"> Seeker:</div><div> to jeszce wywalO17 - HKLM\System\CCS\Services\Tcpip\..\{89050E03-7203-403E-80C0-E48DC3F8F495}: NameServer = 194.204.152.34 217.98.63.164</div></BLOCKQUOTE>Seeker, toz to tepsniane DNSy.  </div></BLOCKQUOTE>Taaak? nie używam , ,<img src="http://portal.centrumxp.pl/emoticons/emotion-4.gif" alt="Stick out tongue" /> a bo mnie się pomylyło  z takim jednym <img src="http://portal.centrumxp.pl/emoticons/emotion-10.gif" alt="Embarrassed" /> <img src="http://portal.centrumxp.pl/emoticons/emotion-2.gif" alt="Big Smile" />
EL NINO 07.09.2006 14:39:18

<BLOCKQUOTE><div><img src="http://portal.centrumxp.pl/Themes/default/images/icon-quote.gif"> Seeker:</div><div>Taaak? nie używam , ,<img src="http://portal.centrumxp.pl/emoticons/emotion-4.gif" alt="Stick out tongue" /></div></BLOCKQUOTE>W Twoim wieku to nawet nie jest wskazane<img src="http://portal.centrumxp.pl/emoticons/emotion-4.gif" alt="Stick out tongue" />.
wodzu-4 07.09.2006 15:11:17

Witam Zrobiłem wszystko dokłądnie tak ja napisane ale niestety to też nic nie pomogło. Neostrada dalej coś wysyła. Oto najnowszy logLogfile of HijackThis v1.99.1 Scan saved at 13:10:28, on 2006-09-07 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mmc.exe C:\Documents and Settings\wodzu\Pulpit\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [Komunikator] "C:\Program Files\Tlen.pl\tlen.exe" --confdir=home O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O15 - Trusted Zone: <a href="http://click.getmirar.com/">http://click.getmirar.com</a> (HKLM) O15 - Trusted Zone: <a href="http://click.mirarsearch.com/">http://click.mirarsearch.com</a> (HKLM) O15 - Trusted Zone: <a href="http://redirect.mirarsearch.com/">http://redirect.mirarsearch.com</a> (HKLM) O15 - Trusted Zone: <a href="http://www.mirarsearch.com/">http://www.mirarsearch.com</a> (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{89050E03-7203-403E-80C0-E48DC3F8F495}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
EL NINO 08.09.2006 12:23:42

wodzu, dwie sprawy: 1. Wszystkie wpisy (4 sztuki) O15 z "mirarsearch.com" - czy masz stamtad jakis Toolbar ? Bo jesli nie, trzeba czyscic. <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078818" target="_blank">http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078818</a> na dole strony w okienkach znajdziesz nazwy plikow, wpisow w rejestrze. 2. Czy podczas robienia loga korzystales z przystawki MMC ? -> C:\WINDOWS\system32\mmc.exe Jesli nie, bylaby to prawdopodobnie Nimda i oczywiscie na to tez jest lekarstwo -><a href="http://www.kaspersky.pl/services.html?s=faq&s_faq=details&category_id=3&details_id=29" target="_blank"> http://www.kaspersky.pl/services.html?s=faq&s_faq=details&category_id=3&details_id=29</a>
wodzu-4 08.09.2006 17:59:15

WitamZrobiłem wszystko dokładnie tak jak opisane i nic sie niepoprawiło. Powiem wiecej jest chyab nawet gorzej bo zwiększył się transfer wysyłanych. Otworzenie tej strony zajeło mi około 10 min. Ja już sam nie wiem co jest i gdzie jeszcze mozna tego szukać.Oto najnowszy logLogfile of HijackThis v1.99.1 Scan saved at 15:58:23, on 2006-09-08 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\taskmgr.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\wodzu\Pulpit\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [Komunikator] "C:\Program Files\Tlen.pl\tlen.exe" --confdir=home O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{89050E03-7203-403E-80C0-E48DC3F8F495}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Żółty 08.09.2006 18:35:10

Ściągnij i zrób loga Silent Runners. Loga pokaż.
wodzu-4 08.09.2006 19:31:22

Oto log z Silent Runners Nie wiem czy kompletny czy nie ale moze coś pomoże"Silent Runners.vbs", revision 48, <a href="http://www.silentrunners.org/">http://www.silentrunners.org/</a> Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: ---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Komunikator" = ""C:\Program Files\Tlen.pl\tlen.exe" --confdir=home" ["o2.pl Sp. z o.o."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "DriverLoad" = (empty string) "DriverCheck" = (empty string) "SystemDriverLoad" = (empty string) "Winhost" = (empty string) "Winhost1" = (empty string) "Winhost2" = (empty string) "Winhost3" = (empty string) "Winhost4" = (empty string) "SystemDriver" = "c:\DriverLoad\windrv.exe" [file not found] "FDriver" = "c:\DriverLoad\windrv.exe" [file not found] "ADriver" = "c:\DriverLoad\windrv.exe" [file not found] "CDriver" = "c:\DriverLoad\windrv.exe" [file not found] "DDriver" = "c:\DriverLoad\windrv.exe" [file not found]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."] "MKS_MENU" = "C:\Program Files\MKS\Bin\mks_menu.exe" ["MKS Sp. z o.o."] "ABREGMON" = "C:\Program Files\MKS\Bin\ABregmon.exe" ["ArcaBit"] "SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON multimedia"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "TrojanScanner" = "C:\Program Files\Trojan Remover\Trjscan.exe" ["Simply Super Software"] "MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)   -> {HKLM...CLSID} = "AcroIEHlprObj Class"                    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)   -> {HKLM...CLSID} = (no title provided)                    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)   -> {HKLM...CLSID} = "SSVHelper Class"                    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"   -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"                    \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"   -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
Żółty 08.09.2006 19:37:09

Nie jest kompletny ten log. Zrób go jeszcze raz - poczekaj na komunikat o zakończeniu.
wodzu-4 08.09.2006 19:44:20

Czekałem około 10 min i nic się nie pojawiło. Spróbuje zrobić jeszcze raz i poczekam dłóżej
wodzu-4 08.09.2006 20:24:55

Czekałem 30 min i nic nie wyskoczyłe Ale w logu jest jakby wiecej informacji"Silent Runners.vbs", revision 48, <a href="http://www.silentrunners.org/">http://www.silentrunners.org/</a> Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: ---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Komunikator" = ""C:\Program Files\Tlen.pl\tlen.exe" --confdir=home" ["o2.pl Sp. z o.o."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "DriverLoad" = (empty string) "DriverCheck" = (empty string) "SystemDriverLoad" = (empty string) "Winhost" = (empty string) "Winhost1" = (empty string) "Winhost2" = (empty string) "Winhost3" = (empty string) "Winhost4" = (empty string) "SystemDriver" = "c:\DriverLoad\windrv.exe" [file not found] "FDriver" = "c:\DriverLoad\windrv.exe" [file not found] "ADriver" = "c:\DriverLoad\windrv.exe" [file not found] "CDriver" = "c:\DriverLoad\windrv.exe" [file not found] "DDriver" = "c:\DriverLoad\windrv.exe" [file not found]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."] "MKS_MENU" = "C:\Program Files\MKS\Bin\mks_menu.exe" ["MKS Sp. z o.o."] "ABREGMON" = "C:\Program Files\MKS\Bin\ABregmon.exe" ["ArcaBit"] "SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON multimedia"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "TrojanScanner" = "C:\Program Files\Trojan Remover\Trjscan.exe" ["Simply Super Software"]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)   -> {HKLM...CLSID} = "AcroIEHlprObj Class"                    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)   -> {HKLM...CLSID} = (no title provided)                    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)   -> {HKLM...CLSID} = "SSVHelper Class"                    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"   -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"                    \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"   -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"   -> {HKLM...CLSID} = "WinRAR"                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"   -> {HKLM...CLSID} = "RealOne Player Context Menu Class"                    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"   -> {HKLM...CLSID} = "DesktopContext Class"                    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"   -> {HKLM...CLSID} = "NVIDIA CPL Extension"                    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"   -> {HKLM...CLSID} = "Desktop Explorer"                    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"   -> {HKLM...CLSID} = (no title provided)                    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"   -> {HKLM...CLSID} = "nView Desktop Context Menu"                    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"   -> {HKLM...CLSID} = "Trojan Remover Shell Extension"                    \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ MkS_Vir\(Default) = "{CC4245C0-D511-11D0-8918-444553540000}"   -> {HKLM...CLSID} = "MkS_Vir Shell Extension"                    \InProcServer32\(Default) = "C:\Program Files\MKS\Bin\MkSShell.dll" [null data] Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"   -> {HKLM...CLSID} = "Trojan Remover Shell Extension"                    \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"   -> {HKLM...CLSID} = "WinRAR"                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"   -> {HKLM...CLSID} = "WinRAR"                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ MkS_Vir\(Default) = "{CC4245C0-D511-11D0-8918-444553540000}"   -> {HKLM...CLSID} = "MkS_Vir Shell Extension"                    \InProcServer32\(Default) = "C:\Program Files\MKS\Bin\MkSShell.dll" [null data] Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"   -> {HKLM...CLSID} = "Trojan Remover Shell Extension"                    \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"   -> {HKLM...CLSID} = "WinRAR"                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: -----------------------------Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\wodzu\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: ---------------------HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "wodzu" & "All Users" startup folders: -------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS] "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] Winsock2 Service Provider DLLs: -------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console"
hommini 09.09.2006 22:09:36

U mnie bylo tak samo. Pomogla instalacja firewalla. Konkretnie Outposta.
wodzu-4 10.09.2006 01:32:45

Zainstalowałem ten program co radził mi "hommini" ale mam z nim małe problemy. Albo blokuje mi sieć że nic nie działa albo mogę go wyłaczyć i wtedy i tak neostrada cały czas wysyła obciążając sieć. No a co do loga z Silent Runners to znowu czekałem około 30 min i żadnego komunikatu nie było. Ja już sam nie wiem co jeszcze mozę być Jeśli ktoś ma jeszcze jakiś pomysła to BARDZO PROSZE pomocy bo jeśli nie to skończy sie na formacie :(
wodzu-4 10.09.2006 22:47:25

WitamChyba wreszcie udało mnie sie zrobić tego loga w Silent Runners. Oto on:"Silent Runners.vbs", revision 48, <a href="http://www.silentrunners.org/">http://www.silentrunners.org/</a> Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: ---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Komunikator" = ""C:\Program Files\Tlen.pl\tlen.exe" --confdir=home" ["o2.pl Sp. z o.o."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "DriverLoad" = (empty string) "DriverCheck" = (empty string) "SystemDriverLoad" = (empty string) "Winhost" = (empty string) "Winhost1" = (empty string) "Winhost2" = (empty string) "Winhost3" = (empty string) "Winhost4" = (empty string) "SystemDriver" = "c:\DriverLoad\windrv.exe" [file not found] "FDriver" = "c:\DriverLoad\windrv.exe" [file not found] "ADriver" = "c:\DriverLoad\windrv.exe" [file not found] "CDriver" = "c:\DriverLoad\windrv.exe" [file not found] "DDriver" = "c:\DriverLoad\windrv.exe" [file not found]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."] "MKS_MENU" = "C:\Program Files\MKS\Bin\mks_menu.exe" ["MKS Sp. z o.o."] "ABREGMON" = "C:\Program Files\MKS\Bin\ABregmon.exe" ["ArcaBit"] "SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON multimedia"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "Outpost Firewall" = "C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice" ["Agnitum Ltd."] "OutpostFeedBack" = "C:\PROGRA~1\AGNITUM\OUTPOS~1.0\feedback.exe /dump:os_startup" ["Agnitum Ltd."]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)   -> {HKLM...CLSID} = "AcroIEHlprObj Class"                    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)   -> {HKLM...CLSID} = (no title provided)                    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)   -> {HKLM...CLSID} = "SSVHelper Class"                    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"   -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"                    \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"   -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"   -> {HKLM...CLSID} = "WinRAR"                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"   -> {HKLM...CLSID} = "RealOne Player Context Menu Class"                    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"   -> {HKLM...CLSID} = "DesktopContext Class"                    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"   -> {HKLM...CLSID} = "NVIDIA CPL Extension"                    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"   -> {HKLM...CLSID} = "Desktop Explorer"                    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"   -> {HKLM...CLSID} = (no title provided)                    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"   -> {HKLM...CLSID} = "nView Desktop Context Menu"                    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"   -> {HKLM...CLSID} = "Trojan Remover Shell Extension"                    \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! "AppInit_DLLs" = " C:\PROGRA~1\AGNITUM\OUTPOS~1.0\wl_hook.dll" ["Agnitum Ltd."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"   -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"                    \InProcServer32\(Default) = "C:\PROGRA~1\AGNITUM\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."] MkS_Vir\(Default) = "{CC4245C0-D511-11D0-8918-444553540000}"   -> {HKLM...CLSID} = "MkS_Vir Shell Extension"                    \InProcServer32\(Default) = "C:\Program Files\MKS\Bin\MkSShell.dll" [null data] Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"   -> {HKLM...CLSID} = "Trojan Remover Shell Extension"                    \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"   -> {HKLM...CLSID} = "WinRAR"                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"   -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"                    \InProcServer32\(Default) = "C:\PROGRA~1\AGNITUM\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"   -> {HKLM...CLSID} = "WinRAR"                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"   -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"                    \InProcServer32\(Default) = "C:\PROGRA~1\AGNITUM\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."] MkS_Vir\(Default) = "{CC4245C0-D511-11D0-8918-444553540000}"   -> {HKLM...CLSID} = "MkS_Vir Shell Extension"                    \InProcServer32\(Default) = "C:\Program Files\MKS\Bin\MkSShell.dll" [null data] Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"   -> {HKLM...CLSID} = "Trojan Remover Shell Extension"                    \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"   -> {HKLM...CLSID} = "WinRAR"                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: -----------------------------Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\wodzu\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: ---------------------HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "wodzu" & "All Users" startup folders: -------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS] "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] Winsock2 Service Provider DLLs: -------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------Explorer BarsDormant Explorer Bars in "View, Explorer Bar" menuHKLM\Software\Classes\CLSID\{A1A7E22D-1587-4230-8F16-081C68D21448}\(Default) = "Szybkie dostosowywanie programu" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\AGNITUM\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll" ["Agnitum Ltd."]HKLM\Software\Classes\CLSID\{A2595F37-48D0-46A1-9B51-478591A97764}\(Default) = "Protection Bar" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\IntCodec\iesplugin.dll" [file not found]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"   -> {HKCU...CLSID} = "Java Plug-in"                    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]   -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"                    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]{44627E97-789B-40D4-B5C2-58BD171129A1}\ "ButtonText" = "Szybkie dostosowywanie programu Outpost Firewall Pro" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ArcaBit NetMonitor, ABNetMon, "C:\Program Files\MKS\Bin\NetMonSV.exe" ["ArcaBit sp. z o.o."] MkS_Scan, MkS_Scan, "C:\Program Files\MKS\Bin\mks_scan.exe" [empty string] MkS_Vir Monitor, MksVirMonSvc, "C:\Program Files\MKS\Bin\mksmonsv.exe" [empty string] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds,   launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives   took 350 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars   took 832 seconds. ---------- (total run time: 2792 seconds)
wodzu-4 16.09.2006 23:18:36

Fajnie że juz tydzień czekam na jaką kolwiek odpowiedź a tutaj nic a nic. Nawe nikt nieodwazyła się napisać że nie wie co zrobić. Najlepiej to zostawić człowieka samego z problemem. WIELKIE DZIĘKI ZA BRAK POMOCY
De Niro 18.09.2006 13:11:11

<BLOCKQUOTE><div>F2 - REG:system.ini: UserInit=userinit.exe</div></BLOCKQUOTE>ten wpis również należy usunąć
wodzu-4 18.09.2006 15:37:25

Witam ponownie Zrobiłem zgodnie za poradą De Niro ale niestety problem cały czas zostaje bez zmiany :(

Rejter

Dodano:: 25.02.2005 23:22:55
Komentarzy:: 1

Strona 1 / 1