Masz kupe śmiecia w systemie.
Wyłącz przywracanie systemu, usuwaj wyboldowane pliki w awaryjnym (który de facto teraz jest uruchomiony)
W Hijacku do usuniecia:

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 – BHO: HomepageBHO – {4da4616d–7e6e–4fd9–a2d5–b6c535733e22} – D:\WINDOWS\system32\hpACB0.tmp (file missing)
O3 – Toolbar: WorldWide–Cash.net – {CB458CB0–9C9B–4f1a–94EC–6B195AE998A1} – D:\Program Files\Internet Explorer\PLUGINS\toolbar5290365.dll
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)

O4 – HKLM\..\Run: [SpywareStrike] D:\Program Files\SpywareStrike\SpywareStrike.exe /h
Usuwanie: http://www.bleepingcomputer.com/forums/topic40303.html

O4 – HKLM\..\RunServices: [SystemTools] D:\WINDOWS\system32\kernels64.exe
O20 – Winlogon Notify: browsela – D:\WINDOWS\system32\browsela.dll
O21 – SSODL: wwRdljlPl – {B03B1F5F–1A91–B5F5–7F68–79EEA1B39281} – D:\WINDOWS\system32\bjfgb.dll

Dodatkowo to czego nie widac w HJT, a pokazał Silent:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = "mscornet.exe" [null data]
"kernel32.dll" = "D:\WINDOWS\system32\mssearchnet.exe" [file not found]
"nvctrl.exe" = "nvctrl.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{31EE3286–D785–4E3F–95FC–51D00FDABC01}" = "Master Browseui"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\browsela.dll" [null data]

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "NoBandCustomize"=dword:00000001

Remote Procedure Call (RPC) Extensions, RpcxSs, "D:\WINDOWS\System32\svchost.exe –k netsvcs" {"RpcxSs.Dll" [MS]}
http://forum.centrumxp.pl/viewtopic.php?t=44610 – przedostatni post.

Otwierasz notatnik i wklejasz:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"wininet.dll"=–
"nvctrl.exe"=–
"kernel32.dll"=–

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{31EE3286–D785–4E3F–95FC–51D00FDABC01}"=–

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoBandCustomize"=–

Zapisujesz z rozszerzeniem reg i dodajesz do rejestru
Sciągasz SmitRem i uruchamiasz:
http://noahdfear.geekstogo.com/

Na samym końcu wrzuc dwa nowe logi do ewentualnej korekty.

Witam.

Mam ten sam problem...

Log z Hijack'a:

Logfile of HijackThis v1.99.1
Scan saved at 09:06:05, on 2006–02–10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Spybot – Search & Destroy\SpybotSD.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
F:\WinRAR\WinRAR.exe
D:\DOCUME~1\TATA~1.PAL\USTAWI~1\Temp\Rar$EX02.475\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {DE96E51C–CA34–F322–04BB–9FDE04B57D48} – (no file)
O2 – BHO: HomepageBHO – {4da4616d–7e6e–4fd9–a2d5–b6c535733e22} – D:\WINDOWS\system32\hpACB0.tmp (file missing)
O3 – Toolbar: WorldWide–Cash.net – {CB458CB0–9C9B–4f1a–94EC–6B195AE998A1} – D:\Program Files\Internet Explorer\PLUGINS\toolbar5290365.dll
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O4 – HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [SpywareStrike] D:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 – HKLM\..\RunServices: [Detect] D:\Program Files\iNTERNET Turbo\idetect.exe /auto
O4 – HKLM\..\RunServices: [SystemTools] D:\WINDOWS\system32\kernels64.exe
O4 – Startup: Skrót do gamma.lnk = F:\gamma\gamma.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: Run WinHTTrack – {36ECAF82–3300–8F84–092E–AFF36D6C7040} – D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 – Extra 'Tools' menuitem: Launch WinHTTrack – {36ECAF82–3300–8F84–092E–AFF36D6C7040} – D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O20 – Winlogon Notify: browsela – D:\WINDOWS\system32\browsela.dll
O21 – SSODL: wwRdljlPl – {B03B1F5F–1A91–B5F5–7F68–79EEA1B39281} – D:\WINDOWS\system32\bjfgb.dll
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\system32\nvsvc32.exe
O23 – Service: StyleXPService – Unknown owner – D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

i jeszcze silentrunners

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"


Startup items buried in registry:
–––––––––––––––––––––––––––––––––

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = "mscornet.exe" [null data]
"kernel32.dll" = "D:\WINDOWS\system32\mssearchnet.exe" [file not found]
"nvctrl.exe" = "nvctrl.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSConfig" = "D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
"SpywareStrike" = "D:\Program Files\SpywareStrike\SpywareStrike.exe /h" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{4da4616d–7e6e–4fd9–a2d5–b6c535733e22}\(Default) = "HomepageBHO" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\hpACB0.tmp" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Eksplorator pulpitów"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]
"{4EFE464B–3D0B–4800–A5DE–2321283A3256}" = "QCD IconHandler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Quintessential Player\QCDIcons.dll" [empty string]
"{F0CB00CD–5A07–4D91–97F5–A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{30351348–7B7D–4FCC–81B4–1E394CA267EB}" = "TortoiseSVN"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{30351347–7B7D–4FCC–81B4–1E394CA267EB}" = "TortoiseSVN"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{3035134A–7B7D–4FCC–81B4–1E394CA267EB}" = "TortoiseSVN"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{3035134C–7B7D–4FCC–81B4–1E394CA267EB}" = "TortoiseSVN"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{30351346–7B7D–4FCC–81B4–1E394CA267EB}" = "TortoiseSVN"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{30351349–7B7D–4FCC–81B4–1E394CA267EB}" = "TortoiseSVN"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{3035134B–7B7D–4FCC–81B4–1E394CA267EB}" = "TortoiseSVN"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{3035134D–7B7D–4FCC–81B4–1E394CA267EB}" = "TortoiseSVN"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{3035134E–7B7D–4FCC–81B4–1E394CA267EB}" = "TortoiseSVN"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{CA5FEE26–14C1–4B5A–86E9–233FC0EE2682}" = "IZArc DragDrop Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
"{8D9D4D0D–FDDD–44CB–AAB2–6161FA0757C5}" = "IZArc Shell Context Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
"{00020D75–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{31EE3286–D785–4E3F–95FC–51D00FDABC01}" = "Master Browseui"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\browsela.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B–CF93–414F–8984–8CE7FDE0D391}" = "ewido shell guard"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ewido\security suite\shellhook.dll" ["TODO: "]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"wwRdljlPl" = "{B03B1F5F–1A91–B5F5–7F68–79EEA1B39281}"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\bjfgb.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! browsela\DLLName = "D:\WINDOWS\system32\browsela.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5–5146–11D5–A672–00B0D022E945}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7–CE32–4600–9B1C–1A0C47EFC02E}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
IZArcCM\(Default) = "{8D9D4D0D–FDDD–44CB–AAB2–6161FA0757C5}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
TortoiseSVN\(Default) = "{30351349–7B7D–4FCC–81B4–1E394CA267EB}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7–CE32–4600–9B1C–1A0C47EFC02E}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
IZArcCM\(Default) = "{8D9D4D0D–FDDD–44CB–AAB2–6161FA0757C5}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
TortoiseSVN\(Default) = "{30351349–7B7D–4FCC–81B4–1E394CA267EB}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
TortoiseSVN\(Default) = "{30351349–7B7D–4FCC–81B4–1E394CA267EB}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]


Group Policies [Description] {enabled Group Policy setting}:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "NoBandCustomize"=dword:00000001
[disables toolbar status changes in Internet Explorer|View|Toolbars]
{User Configuration|Administrative Templates|Windows Components|
Internet Explorer|Toolbars|Disable customizing browser toolbars}


Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"


Startup items in "Tata" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––

D:\Documents and Settings\Tata.PALIUSZ–7E09307\Menu Start\Programy\Autostart
"Skrót do gamma" –> shortcut to: "F:\gamma\gamma.exe" [null data]


Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05


Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{CB458CB0–9C9B–4F1A–94EC–6B195AE998A1}" = "WorldWide–Cash.net"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Internet Explorer\PLUGINS\toolbar5290365.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{36ECAF82–3300–8F84–092E–AFF36D6C7040}\
"ButtonText" = "Run WinHTTrack"
"MenuText" = "Launch WinHTTrack"
"CLSIDExtension" = "{86529161–034E–4F8A–88D2–3C625E612E04}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll" [null data]

{FB5F1910–F110–11D2–BB9E–00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]


All Non–Disabled Services (Display Name, Service Name, Path {Service DLL}):
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

HTTP SSL, HTTPFilter, "D:\WINDOWS\System32\svchost.exe –k HTTPFilter" {"D:\WINDOWS\System32\w3ssl.dll" [MS]}
NVIDIA Driver Helper Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Remote Procedure Call (RPC) Extensions, RpcxSs, "D:\WINDOWS\System32\svchost.exe –k netsvcs" {"RpcxSs.Dll" [MS]}
StyleXPService, StyleXPService, ""D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]
Usługa administracyjna Menedźera dysków logicznych, dmadmin, "D:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Usługa dostarczania sieci, xmlprov, "D:\WINDOWS\System32\svchost.exe –k netsvcs" {"D:\WINDOWS\System32\xmlprov.dll" [MS]}


––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 78 seconds, including 10 seconds for message boxes)




Mała informacja, robiłem to w trakcie skanowania przez SPY BOT S&D i w trybie awaryjnym z obsługą sieci (bez obsługi sieci ten bombel się niepokazuje !!!)
Z góry dzięki.

kopanie teź nie przynosi rezultatu :] ....

still nothing...

przegladalem wczesniej ten temat kilka razy – nic ;/

Poczytaj ten temat http://www.searchengines.pl/phpbb203/index.php?showtopic=15989 i znajdz na samym końcu tego linku podpunkt Problemy z uruchomieniem Silent Runners moze ci pomoźe z uruchomieniem.

na kaźdym kroku napotykam dodatkowe problemy XD

próba odpalenia silent runnera zakonczyła się błędem dotyczącym włączenia usługi WMI

próba włączenia tej usługi skończyła się brakiem jednego z plików folderu wbem

kiedy juź go skopiowałem kolejna próba włączenia usługi skończyła się błędem 1053 dotyczącym tego źe nie reaguje na polecenie wykonania zadania w określonym czasie

ciekawe co jeszcze mnie dziś czeka XD
––––––––––––––––––––––––––––––––––––––––––––––––––––
podsumowywując chciałbym aktualnie prosić o rozwiązanie problemu z błędem 1053 i ukazaniem mi prawidłowej i dokładnej zawartości folderu wbem, który wygląda u mnie dość dziwnie o.O

W logu nic nie widac daj jeszcze log z Silent Runners tu masz info http://forum.centrumxp.pl/viewtopic.php?t=35349

no niestety, nie udało mi się znaleść pasującej odpowiedzi na mój problem, który nadal występuje

Logfile of HijackThis v1.99.1
Scan saved at 00:00:23, on 2006–01–23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\klimowicz\Pulpit\hijackthis_199\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe –AutoStart
O4 – Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINNT\System32\nvsvc32.exe
O23 – Service: Sygate Personal Firewall (SmcService) – Sygate Technologies, Inc. – C:\Program Files\Sygate\SPF\smc.exe
O23 – Service: Karta wydajności WMI (WmiApSrv) – Unknown owner – C:\WINNT\System32\wbem\wmiapsrv.exe (file missing)

tak obecnie to wygląda, nie wiem jak z ostatnim procese,m

dobra przełamałem, dalej powinno pójść bez problemu, powiedzcie mi tylko jeszcze czy zawartośc wbemu powinna być tak uboga? 3 pliki i 2 foldery na krzyź + framedyn który dodałem, bo ta ilośc mnie lekko zaniepokoiła czy moźe wszystko jest w najlepszym porządku?

Skoro odmawia dostępu to zaloguj sie w trybie awaryjnym na konto admina i stamtad spróbuj. Sprawdź równieź czy rzeczywiście nie masz praw do tego katalogu, wyłacz proste udostępnianie i we własciwosciach katalogu bedziesz mial nową zakładke [zakładam w ciemno źe XP w wersji Pro na NTFSie]

heh jest jeszcze gorzej niź się spodziewałem XD
nie mogę wyłączyć przywracania systemu z powodu jakiegoś błędu, przy wchodzeniu do tego wyświetla mi źe nie znaleziono framedyn.dll
potem jak juz sie przez niego przebije wyswietla mi:
napotkano blad podczas proby wylaczania jednego lub wiecej dyskow. uruchom ponownie komputer (co oczywiscie nic nie daje)

==========================================
starałem się rozwiązać powyźszy problem ale komputer odmawia mi dostępu do folderu system/wbem, path w środowiskach jest więc nie wiem co tu mógłbym zrobić

Poczytaj http://forum.centrumxp.pl/viewtopic.php?t=38238&highlight=spy+sheriff