wydawalo mi sie ze wszystko juz usunolem a tu taka niespodzianka
pojawia sie komunikat o tresci:
file:///c:/windows/privacy_danger/index.html
a pod nim biale okno
pomozcie jak to mozna usunac???
ok
Hijacka nie moge odpalic poniewaz pojawia sie komunikat o tresci:
“Uruchomienie tej aplikacji nie powiodlo sie, poniewaz nie znaleziono MSVBVM60.DLL. Ponowne zainstalowanie aplikacji pomoze naprawic problem”
Co odnosnie logow z silenta to:
“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“PcSync” = “C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog” [“Time Information Services Ltd.”]
“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
“SUPERAntiSpyware” = “C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [“SUPERAntiSpyware.com”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“HControl” = “C:\WINDOWS\ATK0100\HControl.exe” [empty string]
“IgfxTray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”]
“HotKeysCmds” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”]
“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]
“SynTPLpr” = “C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [“Synaptics, Inc.”]
“SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”]
“ZCfgSvc.exe” = “C:\WINDOWS\system32\ZCfgSvc.exe” [“Intel Corporation”]
“PRONoMgr.exe” = “C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe” [“Intel® Corporation”]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”]
“RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]
“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Inc.”]
“NSLauncher” = “C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup” [null data]
“VX1000” = “C:\WINDOWS\vVX1000.exe” [MS]
“LifeCam” = ““C:\Program Files\Microsoft LifeCam\LifeExp.exe”” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)”
-> {HKLM…CLSID} = “Skype add-on (mastermind)”
\InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Helper”
\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser”
-> {HKLM…CLSID} = “Nokia Phone Browser”
\InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}” = (no title provided)
-> {HKLM…CLSID} = “SABShellExecuteHook Class”
\InProcServer32(Default) = “C:\Program Files\SUPERAntiSpyware\SASSEH.DLL” [“SuperAdBlocker.com”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<> “GinaDLL” = “iwpdgina.dll” [“Windows XP Bundled build C-Centric Single User”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> !SASWinLogon\DLLName = “C:\Program Files\SUPERAntiSpyware\SASWINLO.dll” [“SUPERAntiSpyware.com”]
<> igfxcui\DLLName = “igfxsrvc.dll” [“Intel Corporation”]
<> Sebring\DLLName = “C:\WINDOWS\system32\LgNotify.dll” [“Intel Corporation”]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Sebastian\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Active Desktop web content (hidden if disabled):
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
“FriendlyName” = “Privacy Protection”
“Source” = “file:///C:\WINDOWS\privacy_danger\index.htm”
“SubscribedURL” = “”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]
Startup items in “Sebastian” & “All Users” startup folders:
C:\Documents and Settings\Sebastian\Menu Start\Programy\Autostart
<> “.protected” [null data]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
<> “.protected” [null data]
“Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”]
Enabled Scheduled Tasks:
“AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]
Running Services (Display Name, Service Name, Path {Service DLL}):
Autodata Limited License Service, Autodata Limited License Service, ““C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe”” [“Autodata Limited”]
Crypkey License, Crypkey License, “crypserv.exe” [“Kenonic Controls Ltd.”]
MSCamSvc, MSCamSvc, ““C:\Program Files\Microsoft LifeCam\MSCamS32.exe”” [MS]
RegSrvc, RegSrvc, “C:\WINDOWS\system32\RegSrvc.exe” [“Intel Corporation”]
ServiceLayer, ServiceLayer, ““C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe”” [“Nokia.”]
Spectrum24 Event Monitor, S24EventMonitor, “C:\WINDOWS\system32\S24EvMon.exe” ["Intel Corporation "]
StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”]
WLANKEEPER, WLANKEEPER, “C:\WINDOWS\system32\WLKeeper.exe” [“Intel® Corporation”]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = “hpzsnt10.dll” [“HP”]
---------- (launch time: 2007-08-29 17:58:08)
<>: Suspicious data at a malware launch point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 67 seconds, including 34 seconds for message boxes)
???
A wiec tak:
1.sorry moj blad
2.dziekuje plik skopiowany i hijack dziala
3.log z SDfixa
- log z hijacka
???
Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym nowy log z Deckard’s System Scanner
nie wiem czy juz sie mam cieszyc okno zniknelo :mrgreen:
dzieki bardzo :lol: :lol: :lol:
a ponizej log z DSS czy to juz koniec??
Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 + optymalizacja Autostartu
Czyszczenie rejestru:
RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177
możesz rejestr przelecieć albo
jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509
Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php
Zobacz - Obsługa jv16 PowerTools