Občas se mi zasekne internet, nevypisuje žádné hlášky ale taky nic neukazuje (ping na stránky však jde). Všiml jsem si, že v procesech se objevuje spuštěný program WinTcpips.exe, přes nouzový režim jsem smazal z registrů vše co se týkalo wintcpips.exe a navíc jsem jej našel v c:\windows\system32 a smazal jsem jej, přes HijackThis jsem dal proces odstranit.. Projel jsem notebook NOD32, ruznymi antispywary a žádný mi nic nedetokoval.
Po chvili se mi opět zasekne net a je tu opět wintcpips.exe. Jak jej odstranit když nic nepomáhá?
Výpis z hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:00:10, on 29.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\omniNames\bin\srvany.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\omniNames\bin\omniNames.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cominfo\Watt\runapp.exe
c:\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Restore Desktop\RestoreDesktop.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\systemy\proccesskiller\ProcessKiller.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\ICQ\Icq.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
C:\systemy\hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nb-lmynarik/watt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MicroSoft Getway Dire] WinTcpips.exe
O4 - HKLM\..\RunServices: [MicroSoft Getway Dire] WinTcpips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Restore Desktop] "C:\Program Files\Restore Desktop\Restore Desktop.exe"
O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - Startup: ProcessKiller.lnk = C:\systemy\proccesskiller\ProcessKiller.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://nb-lmynarik:8080/reports/scriptX/ScriptX.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://cms.spur.cz/Remote/msrdp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cmf communication client - Cominfo, a.s. - C:\Program Files\Cominfo\cm\CmfClnt.exe
O23 - Service: Cmf server - Cominfo, a.s. - C:\Program Files\Cominfo\cm\CmfSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Unknown owner - C:\WINDOWS\system32\ifxtcs.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: omniNames - Unknown owner - C:\Program Files\omniNames\bin\srvany.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Cominfo Watt service (Watt) - Cominfo a.s. - C:\Program Files\Cominfo\Watt\runapp.exe
wintcpips
- kocourleo
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Brno
A zrušils i tu službu? Dělals to v nouzovém režimu? Nemohlo se stát, že jsi to svinstvo odstranil a následně chytil znovu?
Gigabyte GA-MA78G-DS3H, Athlon 64 X2 5050+, 6GB RAM, 2X WD6400AAKS 640GB, integrovaný zvuk i grafika, zdroj SEASONIC S12-550 Energy+, AverTV DVB-T Volar X, Samsung SH-203B, Logitech MX-518
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
