Zablokowane opcje internetowe


(Henio3 31) #1

Witam Jestem tu poraz pierwszy i mam nadzieje że ten temam jeszcze niebył poruszany

Otóż ściągnąłem sobie taki programik z vortalu dobre programy Vista Transformation Pack 7.0

zainstalowałem a póżniej mi się zablokowała moja strona startowa próbowałem z tym cóś zrobić ale nic niewskórałem więc odinstalowałem i pojawia mi sie komunikat że

"Operacja została anulowanana ze wzgledu na ograniczenia nałożone nałożone na komputer

skontaktuj się z administratorem systemu "więc zrobiłem skanowanie spy i ad -i nic takiego niewykryły i zrobiłem sacnowanie HI i silentem i oto logi

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 18:17:17, on 2007-06-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

D:\Ad-Aware SE Personal\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

D:\HiJacckThis_v2\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.pl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU..\Run: [skinClock] D:\Free Desktop Clock\DesktopClock.exe

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Konwertuj do Adobe PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Ad-Aware SE Personal\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--

End of file - 4623 bytes

i silent

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SkinClock" = "D:\Free Desktop Clock\DesktopClock.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

HKLM\Software\Microsoft\Active Setup\Installed Components\

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = "Outlook Express"

\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = "flashget urlcatch"

-> {HKLM...CLSID} = "FGCatchUrl"

\InProcServer32(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "D:\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided)

-> {HKLM...CLSID} = "FlashGet GetFlash Class"

\InProcServer32(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"

-> {HKLM...CLSID} = "Microsoft Office Binder Unbind"

\InProcServer32(Default) = "C:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{80933416-C33F-407E-BCC1-6246E3EE34DF}" = "ExtractNow"

-> {HKLM...CLSID} = "ExtractNow"

\InProcServer32(Default) = "C:\Program Files\ExtractNow\extractmenu.dll" ["Nathan Moinvaziri"]

HKLM\System\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

ExtractNow(Default) = "{80933416-C33F-407E-BCC1-6246E3EE34DF}"

-> {HKLM...CLSID} = "ExtractNow"

\InProcServer32(Default) = "C:\Program Files\ExtractNow\extractmenu.dll" ["Nathan Moinvaziri"]

TzShell(Default) = "{B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}"

-> {HKLM...CLSID} = "TzShell"

\InProcServer32(Default) = "C:\PROGRA~1\tugzip\TUGZip\TzShell.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

ExtractNow(Default) = "{80933416-C33F-407E-BCC1-6246E3EE34DF}"

-> {HKLM...CLSID} = "ExtractNow"

\InProcServer32(Default) = "C:\Program Files\ExtractNow\extractmenu.dll" ["Nathan Moinvaziri"]

TzShell(Default) = "{B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}"

-> {HKLM...CLSID} = "TzShell"

\InProcServer32(Default) = "C:\PROGRA~1\tugzip\TUGZip\TzShell.dll" [null data]

Group Policies {GPedit.msc branch and setting}:


Note: detected settings may not have any effect.

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

"Homepage" = (REG_DWORD) hex:0x00000001

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|

Disable changing home page settings}

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

"NoBrowserOptions" = (REG_DWORD) hex:0x00000001

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Browser Menus|

Tools menu: Disable Internet Options... menu option}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\windowsxp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Startup items in "windowsxp" & "All Users" startup folders:


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet"

-> {HKLM...CLSID} = "FlashGet"

\InProcServer32(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "FlashGet"

"Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):


Ad-Aware 2007 Service, aawservice, ""D:\Ad-Aware SE Personal\aawservice.exe"" ["Lavasoft AB"]

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 112 seconds.

---------- (total run time: 355 seconds)

Proszę o Pomoc gdyż nic na własną ręke niechce usuwać


(Joan Sunshine) #2

Obejmij proszę logi w tagi QUOTE lub CODE > użyj przycisku icon_edit.gif

czy to jest konto z ograniczeniami?