kRa
27 Październik 2006 06:47
#1
Witam,
Czy ktoś wie co toto jest i jak toto usunąć. Wyskakuje mi jako wirus, znalazłem jedynie w bazie AVIRA. Nic nie ma o tym w necie. Próbowałem skanować antywirami i nic!
Prosze o porady
Pozdrawiam
asterisk
27 Październik 2006 07:21
#2
Dział Bezpieczeństwo … bedzie lepszy.
Nie używasz czasem produktów firmy
Symanteg ?
Bieniol
27 Październik 2006 14:33
#3
adam9870
27 Październik 2006 19:16
#5
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jezeli któryś z nich bedzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.
Wpisy usuń hijackiem w trybie awaryjnym z wyłączonym przywracaniem systemu.
Po wykonaniu nowy log z hjt oraz KONIECZNIE z silenta.
Bieniol
27 Październik 2006 19:44
#7
Otwórz notatnik i wklej w nim to:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64]
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
I dajesz nowy log z Silenta
kRa
27 Październik 2006 20:46
#8
Dzieki Panowie za pomoc, nie wiem dokladnie co sie stało ale zrobilem dokladnie to co mi poradziliscie. Oto najnowsze Logi:
Złączono Posta : 27.10.2006 (Pią) 22:47
Logfile of HijackThis v1.99.1 Scan saved at 22:48:17, on 2006-10-27 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\AntiVir PersonalEdition Classic\sched.exe D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe D:\WINDOWS\System32\atievxx.exe D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe D:\WINDOWS\System32\drivers\CDAC11BA.EXE D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe D:\WINDOWS\System32\oodag.exe D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe D:\Program Files\HP\hpcoretech\hpcmpmgr.exe D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe D:\Program Files\InkSaver\InkSaver.exe D:\WINDOWS\System32\Atiptaxx.exe D:\Program Files\RepliGo\RepliGoMon.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe D:\Program Files\SLOWNIK\Watch.exe C:\Programy\totalcmd\TOTALCMD.EXE c:\Programy\Diagnostics\HijackThis.exe D:\Program Files\Opera\Opera.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.managerzone.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - D:\Program Files\RepliGo\RepliGoIEHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - D:\Program Files\RepliGo\RepliGoIEBar.dll O4 - HKLM…\Run: [DataLayer] D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM…\Run: [avgnt] “D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM…\Run: [TkBellExe] “D:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WheelMouse] D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM…\Run: [HP Component Manager] “D:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HP Software Update] “D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” O4 - HKLM…\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM…\Run: [inkSaver] D:\Program Files\InkSaver\InkSaver.exe hide O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM…\Run: [RepliGo Assistant] “D:\Program Files\RepliGo\RepliGoMon.exe” O4 - HKCU…\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [kerio] D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Aktywacja Testera.lnk = D:\Program Files\SLOWNIK\Watch.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O12 - Plugin for .exe: D:\Program Files\Opera\PLUGINS\NPFgc1.dll O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 0364307580 O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip…{8C8D47BE-3AA2-4A7A-B270-B8723B74A797}: NameServer = 212.2.96.51 212.2.96.52 O17 - HKLM\System\CCS\Services\Tcpip…{FB699105-9A24-4DFE-8960-05D12A8C9DD9}: NameServer = 192.168.10.1 O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - d:\MATLAB7\webserver\bin\win32\matlabserver.exe O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\System32\oodag.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Złączono Posta : 27.10.2006 (Pią) 22:48
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SpybotSD TeaTimer” = “D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [“Safer Networking Limited”] “kerio” = “D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe” [“Kerio Technologies”] “Odkurzacz-MCD” = “D:\Program Files\Odkurzacz\odk_mcd.exe” [“Franmo Software”] “odk_mcd” = “(empty string)” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “DataLayer” = “D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [“Nokia Mobile Phones Ltd.”] “avgnt” = ““D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”] “PCSuiteTrayApplication” = “D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” [“Nokia”] “TkBellExe” = ““D:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “NeroFilterCheck” = “D:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “WheelMouse” = “D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” [“A4Tech Co.,Ltd.”] “HP Component Manager” = ““D:\Program Files\HP\hpcoretech\hpcmpmgr.exe”” [“Hewlett-Packard Company”] “HP Software Update” = ““D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”” [“Hewlett-Packard”] “HPDJ Taskbar Utility” = “D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe” [“HP”] “InkSaver” = “D:\Program Files\InkSaver\InkSaver.exe hide” [“Strydent Software, Inc.”] “KernelFaultCheck” = “D:\WINDOWS\system32\dumprep 0 -k” “AtiPTA” = “Atiptaxx.exe” [“ATI Technologies, Inc.”] “RepliGo Assistant” = ““D:\Program Files\RepliGo\RepliGoMon.exe”” [“Cerience Corporation”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS] >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {91DE4477-9CDC-4806-9BCB-28A963988E94}(Default) = (no title provided) -> {HKLM…CLSID} = “RepliGoIEHelperCtl Class” \InProcServer32(Default) = “D:\Program Files\RepliGo\RepliGoIEHelper.dll” [“Cerience Corporation”] {AE7CD045-E861-484f-8273-0445EE161910}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Conversion Toolbar Helper” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}” = “Adobe.Acrobat.ContextMenu” -> {HKLM…CLSID} = “Acrobat Elements Context Menu” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll” [“Adobe Systems Inc.”] “{AB77609F-2178-4E6F-9C4B-44AC179D937A}” = “a˛ Context Menu Shell Extension” -> {HKLM…CLSID} = “a˛ Context Menu Shell Extension” \InProcServer32(Default) = “D:\PROGRA~1\a2\A2CONT~1.DLL” [null data] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “D:\WINDOWS\System32\Audiodev.dll” [MS] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “D:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “D:\Program Files\Real\RealOne Player\rpshell.dll” [“RealNetworks, Inc.”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “D:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{81F4066B-F330-4872-8094-3E9FBCCEC8C1}” = “&RepliGo” -> {HKLM…CLSID} = “&RepliGo” \InProcServer32(Default) = “D:\Program Files\RepliGo\RepliGoIEBar.dll” [“Cerience Corporation”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“OODBS” [“O&O Software GmbH”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu(Default) = “{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}” -> {HKLM…CLSID} = “Acrobat Elements Context Menu” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll” [“Adobe Systems Inc.”] Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2ContMenu(Default) = “{AB77609F-2178-4E6F-9C4B-44AC179D937A}” -> {HKLM…CLSID} = “a˛ Context Menu Shell Extension” \InProcServer32(Default) = “D:\PROGRA~1\a2\A2CONT~1.DLL” [null data] FineReader(Default) = “{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}” -> {HKLM…CLSID} = “FineReaderExplorerContextMenuHandler” \InProcServer32(Default) = “d:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll” [“ABBYY (BIT Software)”] Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] Default executables: -------------------- HKCU\Software\Classes.scr(Default) = “AutoCADScriptFile” <> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command(Default) = "“D:\WINDOWS\notepad.exe” “%1"” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “D:\Documents and Settings\kRa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “D:\Documents and Settings\kRa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “D:\WINDOWS\System32\ssstars.scr” [MS] Startup items in “kRa” & “All Users” startup folders: ----------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Acrobat Speed Launcher” -> shortcut to: “D:\WINDOWS\Installer{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe” [null data] “Aktywacja Testera” -> shortcut to: “D:\Program Files\SLOWNIK\Watch.exe” [“Young Digital Poland”] Enabled Scheduled Tasks: ------------------------ “RegistryMedicAuotScan” -> launches: “D:\Program Files\Registry Medic\RegMedical.exe -S” [“Iomatic”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 22 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{47833539-D0C5-4125-9FA8-0819E2EAAC93}” -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll” [“Adobe Systems Incorporated”] “{81F4066B-F330-4872-8094-3E9FBCCEC8C1}” -> {HKLM…CLSID} = “&RepliGo” \InProcServer32(Default) = “D:\Program Files\RepliGo\RepliGoIEBar.dll” [“Cerience Corporation”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{47833539-D0C5-4125-9FA8-0819E2EAAC93}” = (no title provided) -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll” [“Adobe Systems Incorporated”] “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet Bar” -> {HKLM…CLSID} = “FlashGet Bar” \InProcServer32(Default) = “D:\PROGRA~1\FlashGet\fgiebar.dll” [“Amaze Soft”] “{81F4066B-F330-4872-8094-3E9FBCCEC8C1}” = (no title provided) -> {HKLM…CLSID} = “&RepliGo” \InProcServer32(Default) = “D:\Program Files\RepliGo\RepliGoIEBar.dll” [“Cerience Corporation”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll” [“Adobe Systems Incorporated”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_02” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll” [“Sun Microsystems, Inc.”] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “D:\PROGRA~1\FlashGet\flashget.exe” [“FlashGet.com ”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Service, AntiVirService, “D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe” [“AVIRA GmbH”] AntiVir Scheduler, AntiVirScheduler, “D:\Program Files\AntiVir PersonalEdition Classic\sched.exe” [“Avira GmbH”] Ati HotKey Poller, Ati HotKey Poller, “D:\WINDOWS\System32\atievxx.exe” [MS] BlueSoleil Hid Service, BlueSoleil Hid Service, “D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe” [null data] C-DillaCdaC11BA, C-DillaCdaC11BA, “D:\WINDOWS\System32\drivers\CDAC11BA.EXE” [“Macrovision”] Kerio Personal Firewall 4, KPF4, “D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe” [“Kerio Technologies”] O&O Defrag, O&O Defrag, “D:\WINDOWS\System32\oodag.exe” [“O&O Software GmbH”] ServiceLayer, ServiceLayer, ““D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe”” [“Nokia.”] Windows User Mode Driver Framework, UMWdf, “D:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = “D:\WINDOWS\System32\AdobePDF.dll” [“Adobe Systems Incorporated.”] RepliGo\Driver = “RgoMon.dll” [“Cerience Corporation”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 475 seconds, including 18 seconds for message boxes)
Bieniol
27 Październik 2006 20:56
#9
Usuń Hijackiem ten wpis:
Kosmetycznie: Otwórz edytor rejestru Start >>> Uruchom >>> regedit i przejdź do klucza HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
Tam kliknij podwójnie na wartość BootExecute i z okienka usuń wszystko z wyjątkiem autocheck autochk *
kRa
27 Październik 2006 21:14
#10
OK zrobilem. STUKROTNE DZIEKI;-)
Złączono Posta : 27.10.2006 (Pią) 23:16
Heh chyba STOKROTNE;-) Ale dzieki!!
