Problem z plikami exe. Proszę o sprawdzenie loga

Dla specjalistów Bezpieczeństwo
#1

Dziś pojawił się problem który uniemożliwia mi otwieranie plików exe, wyskakuje okienko otwórz za pomocą. Mam zablokowany dostęp do rejestru i menadżera zadań. Nie uruchamiają mi się żadne programy które były w autostarcie windows. W trybie awaryjnym to samo. Antywirusy sobie tez nie radzą. RegCure tez nie pomógł. Mam windowsa Xp professional.

Mój log : http://www.wklej.org/id/42167/

#2

Podaj log z Combofix

#3

Niestety lecz combofixa nie mogę uruchomić. Niektóre programy takie jak Hijack udało mi się uruchomić klikając ppm na jakimś spakowanym pliku owtórz za pomocą i HijackThis i otwierał mi się HijackThis :slight_smile: Combofix niestety w ten sposób nie chce się uruchomić.

#4

W czasie pobierania i skanowania combofixem zamknij wszelkie programy ochronne (Antywirusa, zaporę)

Jak nie pomoże:

Spróbuj podczas pobierania zapisać nie pod nazwą ComboFix.exe tylko z kreską pomiędzy:

Combo-Fix.exe

Jeśli to również:

Uruchom combofix w trybie awaryjnym

#5

Nie udało mi się uruchomić Combofixa ale usunąłem problem :slight_smile:

Zrobiłem tak…

Menu Start -> Uruchom -> gpedit.msc -> Konfiguracja użytkownika ->

Szablony administracyjne -> System -> Zapobiegaj dostępowi do narzędzi

edycji rejestru (Wyłączyć)

później…

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT.exe]

@=“exefile”

“Content Type”=“application/x-msdownload”

[HKEY_CLASSES_ROOT.exe\PersistentHandler]

@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]

@=“Application”

“EditFlags”=hex:38,07,00,00

“TileInfo”=“prop:FileDescription;Company;FileVersion”

“InfoTip”=“prop:FileDescription;Company;FileVersion;Create;Size”

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]

@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]

“EditFlags”=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@=""%1" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]

@=""%1" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]

@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]

@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]

@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]

@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\regfile]

@=“Registration Entries”

“EditFlags”=dword:00100000

“BrowserFlags”=dword:00000008

[HKEY_CLASSES_ROOT\regfile\DefaultIcon]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,2e,00,65,00,78,00,65,00,\

2c,00,31,00,00,00

[HKEY_CLASSES_ROOT\regfile\shell]

@=“open”

[HKEY_CLASSES_ROOT\regfile\shell\edit]

[HKEY_CLASSES_ROOT\regfile\shell\edit\command]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\

54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\

00

[HKEY_CLASSES_ROOT\regfile\shell\open]

@=“Mer≥”

[HKEY_CLASSES_ROOT\regfile\shell\open\command]

@="regedit.exe “%1"”

[HKEY_CLASSES_ROOT\regfile\shell\print]

[HKEY_CLASSES_ROOT\regfile\shell\print\command]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\

54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,\

00,25,00,31,00,00,00

[HKEY_CLASSES_ROOT.lnk]

@=“lnkfile”

[HKEY_CLASSES_ROOT.lnk\ShellEx]

[HKEY_CLASSES_ROOT.lnk\ShellEx{000214EE-0000-0000-C000-000000000046}]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT.lnk\ShellEx{000214F9-0000-0000-C000-000000000046}]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT.lnk\ShellEx{00021500-0000-0000-C000-000000000046}]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT.lnk\ShellEx{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT.lnk\ShellNew]

“Command”=“rundll32.exe appwiz.cpl,NewLinkHere %1”

[HKEY_CLASSES_ROOT\lnkfile]

@=“Shortcut”

“EditFlags”=dword:00000001

“IsShortcut”=""

“NeverShowExt”=""

[HKEY_CLASSES_ROOT\lnkfile\CLSID]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\Offline Files]

@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers{00021401-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page]

@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}]

@=“Shortcut”

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\InProcServer32]

@=“shell32.dll”

“ThreadingModel”=“Apartment”

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered]

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered{89BCB740-6119-101A-BCB7-00DD010655AF}]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\PersistentHandler]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\ProgID]

@=“lnkfile”

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\shellex]

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\shellex\MayChangeDefaultMenu]

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT.exe]

@=“exefile”

“Content Type”=“application/x-msdownload”

[HKEY_CLASSES_ROOT.exe\PersistentHandler]

@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]

@=“Application”

“EditFlags”=hex:38,07,00,00

“TileInfo”=“prop:FileDescription;Company;FileVersion”

“InfoTip”=“prop:FileDescription;Company;FileVersion;Create;Size”

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]

@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]

“EditFlags”=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@=""%1" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]

@=""%1" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]

@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]

@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]

@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]

@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\regfile]

@=“Registration Entries”

“EditFlags”=dword:00100000

“BrowserFlags”=dword:00000008

[HKEY_CLASSES_ROOT\regfile\DefaultIcon]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,2e,00,65,00,78,00,65,00,\

2c,00,31,00,00,00

[HKEY_CLASSES_ROOT\regfile\shell]

@=“open”

[HKEY_CLASSES_ROOT\regfile\shell\edit]

[HKEY_CLASSES_ROOT\regfile\shell\edit\command]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\

54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\

00

[HKEY_CLASSES_ROOT\regfile\shell\open]

@=“Mer≥”

[HKEY_CLASSES_ROOT\regfile\shell\open\command]

@="regedit.exe “%1"”

[HKEY_CLASSES_ROOT\regfile\shell\print]

[HKEY_CLASSES_ROOT\regfile\shell\print\command]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\

54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,\

00,25,00,31,00,00,00

[HKEY_CLASSES_ROOT.lnk]

@=“lnkfile”

[HKEY_CLASSES_ROOT.lnk\ShellEx]

[HKEY_CLASSES_ROOT.lnk\ShellEx{000214EE-0000-0000-C000-000000000046}]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT.lnk\ShellEx{000214F9-0000-0000-C000-000000000046}]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT.lnk\ShellEx{00021500-0000-0000-C000-000000000046}]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT.lnk\ShellEx{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT.lnk\ShellNew]

“Command”=“rundll32.exe appwiz.cpl,NewLinkHere %1”

[HKEY_CLASSES_ROOT\lnkfile]

@=“Shortcut”

“EditFlags”=dword:00000001

“IsShortcut”=""

“NeverShowExt”=""

[HKEY_CLASSES_ROOT\lnkfile\CLSID]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\Offline Files]

@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers{00021401-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page]

@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}]

@=“Shortcut”

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\InProcServer32]

@=“shell32.dll”

“ThreadingModel”=“Apartment”

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered]

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered{89BCB740-6119-101A-BCB7-00DD010655AF}]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\PersistentHandler]

@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\ProgID]

@=“lnkfile”

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\shellex]

[HKEY_CLASSES_ROOT\CLSID{00021401-0000-0000-C000-000000000046}\shellex\MayChangeDefaultMenu]

zapisałem to w notatniku jako exefix.reg

i wszystko śmiga :slight_smile:

#6

Może wszystko śmiga ale w logu HJT widać infekcje dlatego

Usuń te wpisy w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Pobierz Combofix przeskanuj system i daj log na forum.