Problemów ciąg dalszy
Wydawało mi się źe juź wszystko wporzadku jednak tak nie jest. Mam problem szczegolnie z wpisem
O17 – HKLM\System\CCS\Services\Tcpip\..\{6AE58D8B–7C90–4721–ABF6–ECB0D4C94F28}: NameServer = 194.204.152.34 217.98.63.164
Usunę go a on znowu po restarcie jest. Ponadto po wejściu do awaryjnego jest obecny proces userinit.exe
Wydaje mi sie źe cos podmienilo plik systemowy.
Oto cały log
Logfile of HijackThis v1.99.1
Scan saved at 12:19:43, on 2005–07–22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\MKS\Bin\NetMonSV.exe
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
E:\WINDOWS\System32\tcpsvcs.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\nutsrv4.exe
E:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
E:\Program Files\Wanadoo\EspaceWanadoo.exe
E:\Program Files\Wanadoo\ComComp.exe
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
E:\Program Files\Wanadoo\Watch.exe
E:\Program Files\Mozilla Firefox\firefox.exe
D:\instalki\Hijack This\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – E:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O4 – HKLM\..\Run: [iKeyWorks] E:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 – HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O8 – Extra context menu item: Download All by FlashGet – \\Rafa–fahdvkbj3o\ rafał c (C)\programy\FLASHGET\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – \\Rafa–fahdvkbj3o\ rafał c (C)\programy\FLASHGET\jc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 – Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{6AE58D8B–7C90–4721–ABF6–ECB0D4C94F28}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – E:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: ASP.NET Admin Service (aspnet_admin) – Unknown owner – E:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (file missing)
O23 – Service: ASP.NET State Service (aspnet_state) – Unknown owner – E:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_state.exe (file missing)
O23 – Service: Aplikacja systemowa modelu COM+ (COMSysApp) – Unknown owner – E:\WINDOWS\System32\dllhost.exe (file missing)
O23 – Service: NuTCRACKER Service (NuTCRACKERService) – DataFocus, Inc. – E:\WINDOWS\System32\nutsrv4.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – Unknown owner – E:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 – Service: MS Software Shadow Copy Provider (SwPrv) – Unknown owner – E:\WINDOWS\System32\dllhost.exe (file missing)
O23 – Service: SecuROM User Access Service (V7) (UserAccess7) – Unknown owner – E:\WINDOWS\System32\UAService7.exe (file missing)
Czy ktoś wie co to moźe być ??
O17 – HKLM\System\CCS\Services\Tcpip\..\{6AE58D8B–7C90–4721–ABF6–ECB0D4C94F28}: NameServer = 194.204.152.34 217.98.63.164
Usunę go a on znowu po restarcie jest. Ponadto po wejściu do awaryjnego jest obecny proces userinit.exe
Wydaje mi sie źe cos podmienilo plik systemowy.
Oto cały log
Logfile of HijackThis v1.99.1
Scan saved at 12:19:43, on 2005–07–22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\MKS\Bin\NetMonSV.exe
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
E:\WINDOWS\System32\tcpsvcs.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\nutsrv4.exe
E:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
E:\Program Files\Wanadoo\EspaceWanadoo.exe
E:\Program Files\Wanadoo\ComComp.exe
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
E:\Program Files\Wanadoo\Watch.exe
E:\Program Files\Mozilla Firefox\firefox.exe
D:\instalki\Hijack This\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – E:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O4 – HKLM\..\Run: [iKeyWorks] E:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 – HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O8 – Extra context menu item: Download All by FlashGet – \\Rafa–fahdvkbj3o\ rafał c (C)\programy\FLASHGET\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – \\Rafa–fahdvkbj3o\ rafał c (C)\programy\FLASHGET\jc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 – Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{6AE58D8B–7C90–4721–ABF6–ECB0D4C94F28}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – E:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: ASP.NET Admin Service (aspnet_admin) – Unknown owner – E:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (file missing)
O23 – Service: ASP.NET State Service (aspnet_state) – Unknown owner – E:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_state.exe (file missing)
O23 – Service: Aplikacja systemowa modelu COM+ (COMSysApp) – Unknown owner – E:\WINDOWS\System32\dllhost.exe (file missing)
O23 – Service: NuTCRACKER Service (NuTCRACKERService) – DataFocus, Inc. – E:\WINDOWS\System32\nutsrv4.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – Unknown owner – E:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 – Service: MS Software Shadow Copy Provider (SwPrv) – Unknown owner – E:\WINDOWS\System32\dllhost.exe (file missing)
O23 – Service: SecuROM User Access Service (V7) (UserAccess7) – Unknown owner – E:\WINDOWS\System32\UAService7.exe (file missing)
Czy ktoś wie co to moźe być ??
Odpowiedzi: 1
Mnie natomiast się wydaje ze chcesz za wszelką cenę przedobrzyć.
Wpis 017 to numerki DNS neostrady, nie ruszaj tego.
Userinit to plik systemowy, powtarzam to systemowy i własnie on ładuje się w awaryjnym.
Wpis 017 to numerki DNS neostrady, nie ruszaj tego.
Userinit to plik systemowy, powtarzam to systemowy i własnie on ładuje się w awaryjnym.
Strona 1 / 1