otóż od pewnego czasu gdy naciskam klawisze ctr+alt+delete wyskakuje mi napis “menedżer zadań został wyłaczony przez administratora sieci”
a czy mogę go jakoś włączyć spowrotem?
Leon1
(Leon$)
23 Listopad 2008 20:51
#3
Pobierz Combofix http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654 przeskanuj system daj log
Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy
potem przeskanuj HijackThis 2.02 daj log
kolejność skanowania jak podałem
gdy włączam regedit pisze “edytor rejestru został wyłaczony przez administratora sieci”
oto log z combofixa:
ComboFix 08-11-22.02 - Administrator 2008-11-23 22:13:52.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.450 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\vcmgcd32.dl_ c:\windows\system32\vcmgcd32.dll . ---- Previous Run ------- . c:\windows\IE4 Error Log.txt c:\windows\system32\adssite-remove.exe c:\windows\system32\gzmrot-uninst.exe c:\windows\system32\gzmrotate.dll c:\windows\system32\vcmgcd32.dl_ c:\windows\system32\vcmgcd32.dll . ((((((((((((((((((((((((( Pliki utworzone od 2008-10-23 do 2008-11-23 ))))))))))))))))))))))))))))))) . 2008-11-23 22:17 . 2008-11-23 22:18 36,864 --a------ c:\windows\system32\vcmgcd32.dll 2008-11-23 22:17 . 2008-11-23 22:18 17,878 --ah----- c:\windows\system32\vcmgcd32.dl_ 2008-11-23 22:07 . 2008-11-23 22:07 2008-11-18 14:47 . 2008-11-18 14:47 96,093 --a------ c:\windows\system32\wwqxglygdwh.dll-uninst.exe 2008-11-17 15:55 . 2008-11-17 15:55 600,576 --a------ c:\windows\system32\wwqxglygdwh.dll 2008-11-11 18:34 . 2008-11-12 15:40 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-11 18:34 . 2008-11-11 18:34 1,409 --a------ c:\windows\QTFont.for 2008-11-11 10:00 . 2008-11-11 10:00 2008-11-09 15:20 . 2008-11-23 22:17 2008-11-09 15:20 . 2008-11-23 22:17 2008-11-09 15:20 . 2008-11-09 15:33 2008-11-03 22:06 . 2008-10-18 15:33 414,720 --a------ c:\windows\wdmgr.exe 2008-11-03 17:29 . 2008-11-23 21:55 47,583 --a------ c:\windows\system32\bzopyjkqtakexm.exe 2008-11-03 16:57 . 2008-11-19 12:17 325,632 --a------ c:\windows\system32\shvryqncbibsehgly.dll 2008-11-02 19:34 . 2008-11-02 19:34 2008-11-02 19:22 . 2008-11-22 14:42 2008-11-02 00:10 . 2008-11-02 00:10 2008-11-01 16:29 . 2008-11-01 16:41 2008-11-01 16:29 . 2008-11-01 16:30 2008-10-31 12:29 . 2008-10-31 12:29 554,496 --a------ c:\windows\system32\nswC.dll 2008-10-30 21:50 . 2008-10-30 21:50 2008-10-26 22:18 . 2008-04-03 16:09 2008-10-25 18:49 . 2008-06-25 14:41 79,904 --a------ c:\windows\system32\drivers\fsdfw.sys 2008-10-25 18:47 . 2008-10-25 18:53 2008-10-25 18:46 . 2008-10-25 18:57 2008-10-25 18:41 . 2008-10-25 18:49 2008-10-25 01:01 . 2008-11-23 22:11 53,946 --a------ c:\windows\system32\cont_adssite-remove.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-02 18:22 --------- d–h--w c:\program files\InstallShield Installation Information 2008-10-31 15:06 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu 2008-10-19 19:46 --------- d-----w c:\program files\Honor_pol 2008-10-10 20:22 --------- d-----w c:\program files\Angels vs Devils 2008-10-10 19:13 --------- d-----w c:\program files\Nowy folder 2008-10-10 19:13 --------- d-----w c:\program files\Ahead 2008-10-09 19:23 --------- d-----w c:\program files\Nowe Gadu-Gadu 2008-10-09 19:13 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\3DFA 2008-10-09 18:24 --------- d-----w c:\program files\Secret Maryo Chronicles 2008-10-09 17:32 --------- d-----w c:\program files\Warlords II 2008-10-04 19:53 --------- d-----w c:\program files\SuperTux 2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot@2008-11-23_22.10.55.84 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-23 21:18:27 16,384 ----atw c:\windows\temp\Perflib_Perfdata_c44.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{2c2f3770-646b-fba4-49ff-e051f6a49645}] 2008-10-31 12:29 554496 --a------ c:\windows\system32\nswC.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{38FA85BC-2553-9C79-A57E-C73F650E28E5}] 2008-11-19 12:17 325632 --a------ c:\windows\system32\shvryqncbibsehgly.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{D8B24FE8-6AA0-7D89-83FF-584886F42C51}] 2008-11-17 15:55 600576 --a------ c:\windows\system32\wwqxglygdwh.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296] “wdmgr”=“c:\windows\wdmgr.exe” [2008-10-18 414720] “BitTorrent DNA”=“c:\program files\DNA\btdna.exe” [2008-11-12 342336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-02-26 222768] “Gainward”=“c:\program files\VDOTool\TBPanel.exe” [2007-11-27 2239000] “NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-11-28 8523776] “NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-11-28 81920] “TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” [2008-02-23 200704] “SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784] “NeroCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 176128] “F-Secure Manager”=“c:\program files\F-Secure Internet Security\Common\FSM32.EXE” [2008-06-25 182936] “F-Secure TNB”=“c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe” [2008-06-25 957024] “cliraudledbcf”=“c:\windows\system32\shvryqncbibsehgly.dll” [2008-11-19 325632] “nwiz”=“nwiz.exe” [2007-11-28 c:\windows\system32\nwiz.exe] “Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2005-05-20 c:\windows\KHALMNPR.Exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360] c:\documents and settings\Administrator\Menu Start\Programy\Autostart\ Reboot.exe [2002-08-20 452608] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 50176] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-14 471040] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “EnableLUA”= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”= 1 (0x1) “DisableRegistryTools”= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “ForceClassicControlPanel”= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “msacm.iac2”= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax “vidc.iv31”= c:\windows\system32\ir32_32.dll “vidc.iv32”= c:\windows\system32\ir32_32.dll “vidc.iyuv”= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll “vidc.yvu9”= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll “vidc.uyvy”= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll “vidc.yuy2”= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll “vidc.yvyu”= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll “vidc.yv12”= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL “vidc.divx”= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusDisableNotify”=dword:00000001 “UpdatesDisableNotify”=dword:00000001 “AntiVirusOverride”=dword:00000001 “FirewallOverride”=dword:00000001 “UacDisableNotify”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] “AntiVirusOverride”=dword:00000001 “AntiVirusDisableNotify”=dword:00000001 “FirewallDisableNotify”=dword:00000001 “FirewallOverride”=dword:00000001 “UpdatesDisableNotify”=dword:00000001 “UacDisableNotify”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “c:\Program Files\Realore\Tiny Cars 2\TinyCars2.exe”= “c:\WINDOWS\system32\dplaysvr.exe”= “c:\Program Files\Nowe Gadu-Gadu\gg.exe”= “c:\Program Files\Honor_pol\MOHAA.EXE”= “d:\Metin2_PL\metin2.bin”= “c:\WINDOWS\system32\regsvr32.exe”= c:\WINDOWS\System32\regsvr32.exe “c:\Program Files\VDOTool\TBPanel.exe”= “c:\Program Files\Common Files\Real\Update_OB\realsched.exe”= “c:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe”= “c:\WINDOWS\system32\userinit.exe”= “c:\WINDOWS\system32\nwiz.exe”= “c:\Program Files\Logitech\SetPoint\SetPoint.exe”= “c:\Program Files\ACE Mega CoDecS Pack\Media Player Classic\mplayerc.exe”= “c:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”= “c:\Program Files\Real\RealPlayer\RealPlay.exe”= “c:\Program Files\Gadu-Gadu\gg.exe”= “c:\Program Files\F-Secure Internet Security\Common\FSM32.EXE”= “c:\WINDOWS\system32\netsh.exe”= c:\WINDOWS\System32\netsh.exe “c:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Reboot.exe”= “c:\Program Files\DNA\btdna.exe”= “d:\Program Files\BitTorrent\bittorrent.exe”= “c:\Windows\wdmgr.exe”= “c:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE”= “c:\WINDOWS\system32\CF4996.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “3389:TCP”= 3389:TCP:@xpsp2res.dll ,-22009 R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-10-25 79904] R3 abp470n5;abp470n5;??\c:\windows\system32\drivers\fjnsgp.sys [] R3 RegKill;RegKill;c:\windows\system32\Drivers\RegKill.sys [2002-11-27 6400] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-07-14 41792] S1 F-Secure HIPS;F-Secure HIPS Driver;??\c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [] S2 FSIHS;F-Secure Installer restarter;“c:\docume~1\ADMINI~1\USTAWI~1\Temp\Installer\00000001\bootstrap\fsihs.exe” [] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;??\c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [] S3 FSORSPClient;F-Secure ORSP Client;“c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe” [2008-10-25 125536] S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.SYS [2008-02-17 31899] S4 F-Secure Filter;F-Secure File System Filter;??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [] S4 F-Secure Recognizer;F-Secure File System Recognizer;??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{58ee376c-dd8d-11dc-bddb-000ae6a3b6c8}] \shEll\autopLaY\coMmAND - H:\qhiux.pif \shEll\AutoRun\command - H:\qhiux.pif \shEll\explore\cOmmAnd - H:\qhiux.pif \shEll\oPEn\coMmaNd - H:\qhiux.pif [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6d9c717c-16e0-11dd-be7f-000ae6a3b6c8}] \Shell\aUtoplay\command - G:\lgpjj.cmd \Shell\AutoRun\command - G:\lgpjj.cmd \Shell\explOre\CoMmand - G:\lgpjj.cmd \Shell\opEn\cOMMand - G:\lgpjj.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{adc1b400-adbd-11dd-8059-00304f615cb3}] \Shell\auTOpLay\cOmmand - G:\svpnre.pif \Shell\AutoRun\command - G:\svpnre.pif \Shell\expLoRe\COmmaNd - G:\svpnre.pif \Shell\OPeN\cOmMAnd - G:\svpnre.pif . . ------- Skan uzupełniający ------- . FireFox -: Profile - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\a5i38n5p.default\ FF -: plugin - c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll FF -: plugin - c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-23 22:17:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > ‘winlogon.exe’(712) c:\windows\system32\rsaenh.dll - - - - - - - > ‘lsass.exe’(772) c:\windows\system32\msprivs.dll c:\windows\system32\rsaenh.dll c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\rundll32.exe c:\windows\system32\regsvr32.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE c:\progra~1\WINDOW~2\wmplayer.exe c:\docume~1\ADMINI~1\USTAWI~1\Temp\vsrw.exe . ************************************************************************** . Czas ukończenia: 2008-11-23 22:21:30 - komputer został uruchomiony ponownie [Administrator] ComboFix-quarantined-files.txt 2008-11-23 21:21:26 Przed: 6,500,421,632 bajtów wolnych Po: 6,495,723,520 bajtów wolnych 237
hijackthis:
Logfile of HijackThis v1.99.1 Scan saved at 22:21:50, on 2008-11-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\VDOTool\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\WINDOWS\System32\regsvr32.exe C:\Windows\wdmgr.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\vsrw.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.797\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: adssite - {2c2f3770-646b-fba4-49ff-e051f6a49645} - C:\WINDOWS\system32\nswC.dll O2 - BHO: rightonadz browser enhancer - {38FA85BC-2553-9C79-A57E-C73F650E28E5} - C:\WINDOWS\system32\shvryqncbibsehgly.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: mysidesearch search enhancer - {D8B24FE8-6AA0-7D89-83FF-584886F42C51} - C:\WINDOWS\system32\wwqxglygdwh.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [F-Secure Manager] “C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE” /splash O4 - HKLM…\Run: [F-Secure TNB] “C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe” /CHECKALL /WAITFORSW O4 - HKLM…\Run: [cliraudledbcf] C:\WINDOWS\System32\regsvr32.exe /s “C:\WINDOWS\system32\shvryqncbibsehgly.dll” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [wdmgr] C:\Windows\wdmgr.exe O4 - HKCU…\Run: [bitTorrent DNA] “C:\Program Files\DNA\btdna.exe” O4 - Startup: Reboot.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Installer restarter (FSIHS) - Unknown owner - C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Installer\00000001\bootstrap\fsihs.exe (file missing) O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Leon1
(Leon$)
23 Listopad 2008 21:48
#5
włącz HijackThis >> Do a system scan only >> w oknie programu pokaże się log >> zaznacz kratki przy podanych wpisach >> klikasz Fix checked
O2 - BHO: adssite - {2c2f3770-646b-fba4-49ff-e051f6a49645} - C:\WINDOWS\system32\nswC.dll O2 - BHO: rightonadz browser enhancer - {38FA85BC-2553-9C79-A57E-C73F650E28E5} - C:\WINDOWS\system32\shvryqncbibsehgly.dll O2 - BHO: mysidesearch search enhancer - {D8B24FE8-6AA0-7D89-83FF-584886F42C51} - C:\WINDOWS\system32\wwqxglygdwh.dll O4 - HKLM…\Run: [cliraudledbcf] C:\WINDOWS\System32\regsvr32.exe /s “C:\WINDOWS\system32\shvryqncbibsehgly.dll” O4 - HKCU…\Run: [wdmgr] C:\Windows\wdmgr.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
start >> wszystkie programy >> autostart >> usuń Reboot.exe
Otwórz notatnik i wklej do niego:
[Version] Signature="$Chicago$" Provider=Symantec [DefaultInstall] AddReg=UnhookRegKey [unhookRegKey] HKLM, Software\CLASSES\batfile\shell\open\command,"""%1"" %*" HKLM, Software\CLASSES\comfile\shell\open\command,"""%1"" %*" HKLM, Software\CLASSES\exefile\shell\open\command,"""%1"" %*" HKLM, Software\CLASSES\piffile\shell\open\command,"""%1"" %*" HKLM, Software\CLASSES\regfile\shell\open\command,“regedit.exe “”%1"”" HKLM, Software\CLASSES\scrfile\shell\open\command,"""%1"" %*" HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
zapisz jako plik.inf >> wszystkie pliki >> PPM na plik >> zainstaluj >> restart
Otwórz notatnik i wklej
zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
http://img.wklej.org/images/88953CFScri … iemoes.gif
Powinno rozpocząć się usuwanie
Potem log z usuwania Combofix
Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml
Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724
lub format
gdy przeciągam CFScript na combofix pisze"wystąpił problem z aplikacją ComboFix.exe i zostanie ona zamknięta.Przepraszamy za kłopoty"
huber2t
(huber2t)
24 Listopad 2008 14:31
#7
Spróbuj w trybie awaryjnym