Lupus36
(Krzysztofwilczynski)
24 Wrzesień 2006 20:48
#1
Po zlokalizowaniu zapisu [guote]HKLM\System\CurrentControlSet\Control\Session Manager\
“BootExecute” = ** WARNING – empty or invalid data! **
Bieniol
(Bbieniol)
24 Wrzesień 2006 20:53
#2
Wklej do notatnika to:
REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
I dalej postępuj według instruckji
Gutek
(Gutek)
24 Wrzesień 2006 20:54
#3
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,4f,00,4f,00
tak zapisz - spróbuj
I daj nowy log z silenta albo z REGEDIT4 tylko że moja wartość jest inna
Lupus36
(Krzysztofwilczynski)
24 Wrzesień 2006 20:59
#4
Nadal odmowa importu do rejestru…
Złączono Posta : 24.09.2006 (Nie) 22:11
Próbowałem oba klucze i niestety ponownie odmowa zaimportowania to jest log po dokonaniu zmian:
“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe” [“Google Inc.”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z o.o.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “VTTrayp” = “VTtrayp.exe” [“S3 Graphics Co., Ltd.”] “VTTimer” = “VTTimer.exe” [“S3 Graphics, Inc.”] “Symantec NetDriver Monitor” = “C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer” [“Symantec Corporation”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “SMSERIAL” = “sm56hlpr.exe” [“Motorola Inc.”] “OdTray.exe” = ““C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe”” [“Funk Software, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “CloneCDTray” = ““C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe”” [“Elaborate Bytes”] “CloneCDElbyCDFL” = ““C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe” /L ElbyCDFL” [“Elaborate Bytes”] “ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {9ECB9560-04F9-4bbc-943D-298DDF1699E1}(Default) = “Norton Internet Security” -> {HKLM…CLSID} = “CNisExtBho Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll” [“Symantec Corporation”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] {BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = “NAV Helper” -> {HKLM…CLSID} = “CNavExtBho Class” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{8e9d6600-f84a-11ce-8daa-00aa004a5691}” = “Shell extensions for NetWare” -> {HKLM…CLSID} = “NetWare Objects” \InProcServer32(Default) = “nwprovau.dll” [MS] “{e3f2bac0-099f-11cf-8daa-00aa004a5691}” = “Shell extensions for NetWare” -> {HKLM…CLSID} = “NetWare UNC Folder Menu” \InProcServer32(Default) = “nwprovau.dll” [MS] “{52c68510-09a0-11cf-8daa-00aa004a5691}” = “Shell extensions for NetWare” -> {HKLM…CLSID} = “NetWare Hood Verbs” \InProcServer32(Default) = “nwprovau.dll” [MS] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! “GinaDLL” = “C:\WINDOWS\System32\BCMLogon.dll” [“Broadcom Corporation”] HKLM\System\CurrentControlSet\Control\Session Manager\ “BootExecute” = ** WARNING – empty or invalid data! ** HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! OdysseyClient\DLLName = “odyEvent.dll” [“Funk Software, Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! application/octet-stream\CLSID = “{1E66F26B-79EE-11D2-8710-00C04F79ED0D}” -> {HKLM…CLSID} = “Cor MIME Filter, CorFltr, CorFltr 1” \InProcServer32(Default) = “C:\WINDOWS\ServicePackFiles\i386\mscoree.dll” [MS] INFECTION WARNING! application/x-complus\CLSID = “{1E66F26B-79EE-11D2-8710-00C04F79ED0D}” -> {HKLM…CLSID} = “Cor MIME Filter, CorFltr, CorFltr 1” \InProcServer32(Default) = “C:\WINDOWS\ServicePackFiles\i386\mscoree.dll” [MS] INFECTION WARNING! application/x-msdownload\CLSID = “{1E66F26B-79EE-11D2-8710-00C04F79ED0D}” -> {HKLM…CLSID} = “Cor MIME Filter, CorFltr, CorFltr 1” \InProcServer32(Default) = “C:\WINDOWS\ServicePackFiles\i386\mscoree.dll” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NetWareUNCMenu(Default) = “{e3f2bac0-099f-11cf-8daa-00aa004a5691}” -> {HKLM…CLSID} = “NetWare UNC Folder Menu” \InProcServer32(Default) = “nwprovau.dll” [MS] Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Tatulo” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] Enabled Scheduled Tasks: ------------------------ “Norton AntiVirus - Skanuj komputer - Tatulo” -> launches: “C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /task:“C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca”” [“Symantec Corporation”] “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] “{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}” -> {HKLM…CLSID} = “Norton Internet Security” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] “{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}” = “Norton Internet Security” -> {HKLM…CLSID} = “Norton Internet Security” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll” [“Symantec Corporation”] “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” = “Norton AntiVirus” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Agent SAP, NwSapAgent, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\ipxsap.dll” [MS]} Broadcom Wireless LAN Tray Service, wltrysvc, “C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe” [null data] ISSvc, ISSVC, ““C:\Program Files\Norton Internet Security\ISSVC.exe”” [“Symantec Corporation”] Odyssey Client for Fujitsu Siemens Computers, odClientService, “C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe” [“Funk Software, Inc.”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Network Drivers Service, SNDSrvc, ““C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe”” [“Symantec Corporation”] Symantec Network Proxy, ccProxy, ““C:\Program Files\Common Files\Symantec Shared\ccProxy.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] Symantec SPBBCSvc, SPBBCSvc, ““C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe”” [“Symantec Corporation”] Usługa Auto-Protect programu Norton AntiVirus, navapsvc, ““C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe”” [“Symantec Corporation”] Usługa klienta dla systemu NetWare, NWCWorkstation, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\nwwks.dll” [MS]} ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 25 seconds, including 2 seconds for message boxes)
Bieniol
(Bbieniol)
24 Wrzesień 2006 21:18
#5
W takim razie wejdź w edytor rejestru: Start --> uruchom --> regedit i przejdź do klucza: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
Z prawej strony okna kliknij prawym przyciskiem myszy i weź Nowy a następnie Wartość wielociągu .
Nadaj nazwę BootExecute , następnie weź prawym przyciskiem myszy na niego i wybierz opcję Modyfikuj dane binarne , skasuj to co będzie w oknie i wpisuj ten ciąg liczb/liter:
6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000000000
I klikasz OK
I dajesz nowy log z Silenta