2 małe problemy :)
#1
Mam problemy takie jak:
1. Częste wyłączanie się różnych stron internetowych z komunikatem:

[Aby zobaczyć linki, zarejestruj się tutaj]


2. Podczas wyłączania systemu komunikat: Trwa zamykanie programu sw.
Co to jest sw?

mój log:
Cytat:
Logfile of HijackThis v1.99.1
Scan saved at 18:29:30, on 2006-11-25
Platform: Windows XP(WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSygateSPFsmc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAntiVir PersonalEdition Classicsched.exe
C:Program FilesAntiVir PersonalEdition Classicavguard.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSsystem32pctspk.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1NEOSTR~1CnxMon.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesAntiVir PersonalEdition Classicavgnt.exe
C:WINDOWSSystem32ctfmon.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:PROGRA~1NEOSTR~1ComComp.exe
C:PROGRA~1NEOSTR~1Watch.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsLida & wojtASPulpithijackthis.com

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:PROGRA~1TEXTwareQUICKF~1PlugInsIEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM..Run: [WooCnxMon]C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [WOOWATCH]C:PROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON]C:PROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics]"C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [NvCplDaemon]RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter]RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [avgnt]"C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [CountrySelection]pctptt.exe
O4 - HKLM..Run: [SmcService]C:PROGRA~1SygateSPFsmc.exe -startgui
O4 - HKCU..Run: [CTFMON.EXE]C:WINDOWSSystem32ctfmon.exe
O8 - Extra context menu item: &Search -

[Aby zobaczyć linki, zarejestruj się tutaj]

O8 - Extra context menu item: Subskrybuj w RssSpeed -

[Aby zobaczyć linki, zarejestruj się tutaj]

FilesRssSpeedadd_feed.htm
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:Program FilesFree SurferFS20.exe
O9 - Extra ''Tools'' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:Program FilesFree SurferFS20.exe
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O17 - HKLMSystemCCSServicesTcpip..{89CF2CE1-B2A5-47E1-B9B5-A057EE89CDC5}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:WINDOWSSystem32textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32rpcc.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:WINDOWSSystem32vbsys2.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: IomegaAccess - Unknown owner - C:Program FilesIomegaTools_NTIOMEGAACCESS.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:WINDOWSsystem32pctspk.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:Program FilesSygateSPFsmc.exe
O23 - Service: ZipToA - Unknown owner - C:WINDOWSSystem32ZipToA.exe


Proszę o pomoc
Odpowiedz
#2
Usuń Hijackiem te wpisy:
Cytat: R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O8 - Extra context menu item: &Search -

[Aby zobaczyć linki, zarejestruj się tutaj]


O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32rpcc.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:WINDOWSSystem32vbsys2.dll (file missing)

Po zabiegach nowy log z Hijacka + log z

[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#3
ok dzieki

nowy log z hijacka:
Cytat:
Logfile of HijackThis v1.99.1
Scan saved at 17:38:21, on 2006-11-27
Platform: Windows XP(WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSygateSPFsmc.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSsystem32pctspk.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1NEOSTR~1CnxMon.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:WINDOWSSystem32ctfmon.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:PROGRA~1NEOSTR~1ComComp.exe
C:PROGRA~1NEOSTR~1Watch.exe
C:Program FilesAntiVir PersonalEdition Classicavguard.exe
C:Program FilesAntiVir PersonalEdition Classicavgnt.exe
C:Program FilesAntiVir PersonalEdition Classicsched.exe
c:program filesinternet exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Documents and SettingsLida & wojtASPulpithijackthis.com

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:PROGRA~1TEXTwareQUICKF~1PlugInsIEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [WooCnxMon]C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [WOOWATCH]C:PROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON]C:PROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics]"C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [NvCplDaemon]RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter]RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [avgnt]"C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [CountrySelection]pctptt.exe
O4 - HKLM..Run: [SmcService]C:PROGRA~1SygateSPFsmc.exe -startgui
O4 - HKCU..Run: [CTFMON.EXE]C:WINDOWSSystem32ctfmon.exe
O8 - Extra context menu item: Subskrybuj w RssSpeed -

[Aby zobaczyć linki, zarejestruj się tutaj]

FilesRssSpeedadd_feed.htm
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:Program FilesFree SurferFS20.exe
O9 - Extra ''Tools'' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:Program FilesFree SurferFS20.exe
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O17 - HKLMSystemCCSServicesTcpip..{89CF2CE1-B2A5-47E1-B9B5-A057EE89CDC5}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:WINDOWSSystem32textwareilluminatorbaseProtocol.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: IomegaAccess - Unknown owner - C:Program FilesIomegaTools_NTIOMEGAACCESS.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:WINDOWSsystem32pctspk.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:Program FilesSygateSPFsmc.exe
O23 - Service: ZipToA - Unknown owner - C:WINDOWSSystem32ZipToA.exe



kod z silent runners:
Cytat:
"Silent Runners.vbs", revision 49,

[Aby zobaczyć linki, zarejestruj się tutaj]

Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"CTFMON.EXE" = "C:WINDOWSSystem32ctfmon.exe" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"WooCnxMon" = "C:PROGRA~1NEOSTR~1CnxMon.exe" [empty string]
"WOOWATCH" = "C:PROGRA~1NEOSTR~1Watch.exe" ["France TĂŠlĂŠcom R&D"]
"WOOTASKBARICON" = "C:PROGRA~1NEOSTR~1TaskbarIcon.exe" ["France TĂŠlĂŠcom R&D"]
"SpeedTouch USB Diagnostics" = ""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit" [MS]
"avgnt" = ""C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min" ["Avira GmbH"]
"CountrySelection" = "pctptt.exe" ["PCtel, Inc."]
"SmcService" = "C:PROGRA~1SygateSPFsmc.exe -startgui" ["Sygate Technologies, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{C08DF07A-3E49-4E25-9AB0-D3882835F153}(Default) = (no title provided)
-> {HKLM...CLSID} = "QUICKfind BHO Object"
InProcServer32(Default) = "C:PROGRA~1TEXTwareQUICKF~1PlugInsIEHelp.dll" [null data]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
InProcServer32(Default) = "C:WINDOWSSystem32Audiodev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSSystem32nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSSystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"
-> {HKLM...CLSID} = "JetFlExt"
InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKCU...CLSID} = (no title provided)
InProcServer32(Default) = ""C:Program FilesOpenOffice.ux.pl 2.0.2programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKCU...CLSID} = (no title provided)
InProcServer32(Default) = ""C:Program FilesOpenOffice.ux.pl 2.0.2programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKCU...CLSID} = (no title provided)
InProcServer32(Default) = ""C:Program FilesOpenOffice.ux.pl 2.0.2programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKCU...CLSID} = (no title provided)
InProcServer32(Default) = ""C:Program FilesOpenOffice.ux.pl 2.0.2programshlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
TzShell(Default) = "{B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}"
-> {HKLM...CLSID} = "TzShell"
InProcServer32(Default) = "C:PROGRA~1TUGZipTzShell.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
jetAudio(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt"
InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
jetAudio(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt"
InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
TzShell(Default) = "{B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}"
-> {HKLM...CLSID} = "TzShell"
InProcServer32(Default) = "C:PROGRA~1TUGZipTzShell.dll" [null data]


Default executables:
--------------------

HKCUSoftwareClasses.bat(Default) = (value not set)

HKCUSoftwareClasses.cmd(Default) = (value not set)

HKCUSoftwareClasses.com(Default) = (value not set)

HKCUSoftwareClasses.exe(Default) = (value not set)


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:Documents and SettingsLida & wojtASUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsLida & wojtASDane aplikacjiMicrosoftInternet ExplorerTapeta programu Internet Explorer.bmp"


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSKROLEW~2.SCR" (Krolewskie-4.scr) [empty string]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name] , (at) ## range:
%SystemRoot%system32mswsock.dll [MS] , 01 - 03, 06 - 15
%SystemRoot%system32rsvpsp.dll [MS] , 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars

HKLMSoftwareClassesCLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = "Volet Wanadoo"
Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]
InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string]

HKLMSoftwareClassesCLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = "ToolBand Class"
Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]
InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string]

HKLMSoftwareClassesCLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = "Volet Wanadoo"
Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]
InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{AFC3FA82-AD07-45CD-8B57-983435B9899E}
"ButtonText" = "Free Surfer"
"MenuText" = "Free Surfer"
"Exec" = "C:Program FilesFree SurferFS20.exe" ["EMS-Project 2002 ©"]


Miscellaneous IE Hijack Points
------------------------------

HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
InProcServer32(Default) = "C:PROGRA~1NEOSTR~1SEARCH~1.DLL" [empty string]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Service, AntiVirService, "C:Program FilesAntiVir PersonalEdition Classicavguard.exe" ["AVIRA GmbH"]
AntiVir Scheduler, AntiVirScheduler, "C:Program FilesAntiVir PersonalEdition Classicsched.exe" ["Avira GmbH"]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSSystem32nvsvc32.exe" ["NVIDIA Corporation"]
Sygate Personal Firewall, SmcService, "C:Program FilesSygateSPFsmc.exe" ["Sygate Technologies, Inc."]
W2k PCtel speaker phone, Pctspk, "C:WINDOWSsystem32pctspk.exe" ["PCtel, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSSystem32wdfmgr.exe" [MS]


----------
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 343 seconds.
---------- (total run time: 1162 seconds)
Odpowiedz
#4
Logi czyste.
Odpowiedz
#5
Dzięki za pomoc.Grin"Sw" podczas zamykania systemu już się nie pokazuje ale nie wiem co z tym wyłączaniem się niektórych stron internetowych z błędem iexplore.exe np. gono czy film.web.
Wiecie jak wyłączyć odświeżanie się dolnego paska windows :?:Strasznie wkurzające.
Odpowiedz
#6
z tym błędem. Odinstaluj IE i zainstaluj cos konkretnego jak opera ,firefox itp. eh tyle razy mowa o tym. Tongue (choć wiadomo ze sama przeglądarka nie załatwki sprawy ale w pewnym stopniu zapewnia bezpieczenstwo)
NIE DZIWCIE SIE JAK WAM COS NAWALA W IE! to normalkaTongue


ps. nie patrzcie sie na to ze ja mam IE ostatnio mam problemy z systemami dzis ten jutro moze innyGrin
Odpowiedz
#7
dymek9229 napisał(a):Odinstaluj IE


Jak odinstaluje IE to mu się system rozsypie

dymek9229 napisał(a):zainstaluj cos konkretnego jak opera ,firefox itp. eh tyle razy mowa o tym. :/ ale warto to powturzyć


Gdzie i kiedy :roll:

dymek9229 napisał(a):NIE DZIWCIE SIE JAK WAM COS NAWALA W IE! to normalka


Z tym się mogę zgodzić

Ale dymek9229spójrz w prawy dolny róg swojego posta.
Wiedzę że korzystasz z IE, którego dopiero co, tak ostro z krytykowałeś
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Odpowiedz
#8
sorry za wprowadzenie w błąd bo ten sw pojawia się jeśli używam Offica. Czemu po odinstalowaniu IE zwaliłby mi się system, inni przecież użwają Firefoxa itp.:?:
Odpowiedz
#9
IE jest częścią widowsa, jeśli wywalisz IE to jedynym ratunkiem będzie format


wojtAS napisał(a):inni przecież użwają Firefoxa


Ale IE nadal mają

Update :

A z resztą poczytaj:

[Aby zobaczyć linki, zarejestruj się tutaj]

"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Odpowiedz
#10
OK. Dzięki za link ale powiedz czy można zrobić tak, że zainstaluję np. FF ale nie będzie domyślny? (a będę go używał tylko do tych wyłączających się stronek). Czy w ogóle problem nie zniknie i strony będą się wyłączać
Odpowiedz
#11
Jasne, że możesz tak zrobić. Po instalacji i przy próbie pierwszego uruchomienia przeglądarki, zostanie zadane Ci pytanie, czy chcesz aby była ona domyślna. Klikasz na nie i cieszysz się Smile
Odpowiedz
#12
Mam jeszcze takie pytanko.
Często podczas wchodzenia do internetu o zgodę prosi aplikacja csrss.exe.
Ze strony:

[Aby zobaczyć linki, zarejestruj się tutaj]

dowiedziałem się że to robak a z:

[Aby zobaczyć linki, zarejestruj się tutaj]

że to ważny proces i nie wiem czy mu pozwalać na połączenie czy nie.
Mam taki plik w dwóch folderach:
C:WINDOWSsystem32 i w
C:WINDOWSSoftwareDistributionDownload(pełno literek i liczb)
Odpowiedz
#13
W takim razie wrzuć tu loga z hijacka. Możliwe, że masz jakiś syf w systemie
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Odpowiedz
#14
Cytat:
Logfile of HijackThis v1.99.1
Scan saved at 14:21:28, on 2006-12-24
Platform: Windows XP(WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSygateSPFsmc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAntiVir PersonalEdition Classicsched.exe
C:Program FilesAntiVir PersonalEdition Classicavguard.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSsystem32pctspk.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1NEOSTR~1CnxMon.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesAntiVir PersonalEdition Classicavgnt.exe
C:Program FilesJavajre1.5.0_09binjusched.exe
C:WINDOWSSystem32ctfmon.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:PROGRA~1NEOSTR~1ComComp.exe
C:PROGRA~1NEOSTR~1Watch.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesShareazaShareaza.exe
D:Nasze dokumentywojtASProgramyDraco Organizer 3Organizer.exe
C:Program FilesMozilla Firefoxfirefox.exe
D:Nasze dokumentywojtASProgramyNarzędziahijackthis.com

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_09binssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:PROGRA~1TEXTwareQUICKF~1PlugInsIEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [WooCnxMon]C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [WOOWATCH]C:PROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON]C:PROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics]"C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [NvCplDaemon]RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter]RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [avgnt]"C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [CountrySelection]pctptt.exe
O4 - HKLM..Run: [SmcService]C:PROGRA~1SygateSPFsmc.exe -startgui
O4 - HKLM..Run: [SunJavaUpdateSched]"C:Program FilesJavajre1.5.0_09binjusched.exe"
O4 - HKCU..Run: [CTFMON.EXE]C:WINDOWSSystem32ctfmon.exe
O8 - Extra context menu item: Subskrybuj w RssSpeed -

[Aby zobaczyć linki, zarejestruj się tutaj]

FilesRssSpeedadd_feed.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09binssv.dll
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:Program FilesFree SurferFS20.exe
O9 - Extra ''Tools'' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:Program FilesFree SurferFS20.exe
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O17 - HKLMSystemCCSServicesTcpip..{89CF2CE1-B2A5-47E1-B9B5-A057EE89CDC5}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:WINDOWSSystem32textwareilluminatorbaseProtocol.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: IomegaAccess - Unknown owner - C:Program FilesIomegaTools_NTIOMEGAACCESS.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:WINDOWSsystem32pctspk.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:Program FilesSygateSPFsmc.exe
O23 - Service: ZipToA - Unknown owner - C:WINDOWSSystem32ZipToA.exe
Odpowiedz
#15
W logu nic nie ma. Dla pewności wrzuć jeszcze loga z

[Aby zobaczyć linki, zarejestruj się tutaj]

i

[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#16
pytanie techniczne a propos Firefox''a:
jak ściągnąć plik multimedialny, który po kliknięciu na link otwiera program (np. WMP). W IE po kliknięciu na: Zapisz element docelowy jako... ładnie się ściąga a w firefoxie się nie da. Ściąga mi np plik *.php (w IE jest wszystko ok)


Silent Runners:
Cytat:
"Silent Runners.vbs", revision 49,

[Aby zobaczyć linki, zarejestruj się tutaj]

Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"CTFMON.EXE" = "C:WINDOWSSystem32ctfmon.exe" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"WooCnxMon" = "CTongueROGRA~1NEOSTR~1CnxMon.exe" [empty string]
"WOOWATCH" = "CTongueROGRA~1NEOSTR~1Watch.exe" ["France TĂŠlĂŠcom R&D"]
"WOOTASKBARICON" = "CTongueROGRA~1NEOSTR~1TaskbarIcon.exe" ["France TĂŠlĂŠcom R&D"]
"SpeedTouch USB Diagnostics" = ""CTonguerogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit" [MS]
"avgnt" = ""CTonguerogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min" ["Avira GmbH"]
"CountrySelection" = "pctptt.exe" ["PCtel, Inc."]
"SmcService" = "CTongueROGRA~1SygateSPFsmc.exe -startgui" ["Sygate Technologies, Inc."]
"SunJavaUpdateSched" = ""CTonguerogram FilesJavajre1.5.0_09binjusched.exe"" ["Sun Microsystems, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
InProcServer32(Default) = "CTonguerogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "CTonguerogram FilesJavajre1.5.0_09binssv.dll" ["Sun Microsystems, Inc."]
{C08DF07A-3E49-4E25-9AB0-D3882835F153}(Default) = (no title provided)
-> {HKLM...CLSID} = "QUICKfind BHO Object"
InProcServer32(Default) = "CTongueROGRA~1TEXTwareQUICKF~1PlugInsIEHelp.dll" [null data]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
InProcServer32(Default) = "C:WINDOWSSystem32Audiodev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSSystem32nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSSystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "CTonguerogram FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"
-> {HKLM...CLSID} = "JetFlExt"
InProcServer32(Default) = "CTonguerogram FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKCU...CLSID} = (no title provided)
InProcServer32(Default) = ""CTonguerogram FilesOpenOffice.ux.pl 2.0.2programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKCU...CLSID} = (no title provided)
InProcServer32(Default) = ""CTonguerogram FilesOpenOffice.ux.pl 2.0.2programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKCU...CLSID} = (no title provided)
InProcServer32(Default) = ""CTonguerogram FilesOpenOffice.ux.pl 2.0.2programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKCU...CLSID} = (no title provided)
InProcServer32(Default) = ""CTonguerogram FilesOpenOffice.ux.pl 2.0.2programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "CTonguerogram FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "CTonguerogram FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "CTonguerogram FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
TzShell(Default) = "{B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}"
-> {HKLM...CLSID} = "TzShell"
InProcServer32(Default) = "CTongueROGRA~1TUGZipTzShell.dll" [null data]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "CTonguerogram FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
jetAudio(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt"
InProcServer32(Default) = "CTonguerogram FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "CTonguerogram FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
jetAudio(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt"
InProcServer32(Default) = "CTonguerogram FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "CTonguerogram FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
TzShell(Default) = "{B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}"
-> {HKLM...CLSID} = "TzShell"
InProcServer32(Default) = "CTongueROGRA~1TUGZipTzShell.dll" [null data]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "CTonguerogram FilesWinRARrarext.dll" [null data]


Default executables:
--------------------

HKCUSoftwareClasses.bat(Default) = (value not set)

HKCUSoftwareClasses.cmd(Default) = (value not set)

HKCUSoftwareClasses.com(Default) = (value not set)

HKCUSoftwareClasses.exe(Default) = (value not set)


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "CGrinocuments and SettingsLida & wojtASUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "CGrinocuments and SettingsLida & wojtASDane aplikacjiMicrosoftInternet ExplorerTapeta programu Internet Explorer.bmp"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name] , (at) ## range:
%SystemRoot%system32mswsock.dll [MS] , 01 - 03, 06 - 15
%SystemRoot%system32rsvpsp.dll [MS] , 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars

HKLMSoftwareClassesCLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = "Volet Wanadoo"
Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]
InProcServer32(Default) = "CTongueROGRA~1NEOSTR~1audienceaudience.dll" [empty string]

HKLMSoftwareClassesCLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = "ToolBand Class"
Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]
InProcServer32(Default) = "CTongueROGRA~1NEOSTR~1audienceaudience.dll" [empty string]

HKLMSoftwareClassesCLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = "Volet Wanadoo"
Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]
InProcServer32(Default) = "CTongueROGRA~1NEOSTR~1audienceaudience.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
InProcServer32(Default) = "CTonguerogram FilesJavajre1.5.0_09binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
InProcServer32(Default) = "CTonguerogram FilesJavajre1.5.0_09binnpjpi150_09.dll" ["Sun Microsystems, Inc."]

{AFC3FA82-AD07-45CD-8B57-983435B9899E}
"ButtonText" = "Free Surfer"
"MenuText" = "Free Surfer"
"Exec" = "CTonguerogram FilesFree SurferFS20.exe" ["EMS-Project 2002 ©"]


Miscellaneous IE Hijack Points
------------------------------

HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
InProcServer32(Default) = "CTongueROGRA~1NEOSTR~1SEARCH~1.DLL" [empty string]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Service, AntiVirService, "CTonguerogram FilesAntiVir PersonalEdition Classicavguard.exe" ["AVIRA GmbH"]
AntiVir Scheduler, AntiVirScheduler, "CTonguerogram FilesAntiVir PersonalEdition Classicsched.exe" ["Avira GmbH"]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSSystem32nvsvc32.exe" ["NVIDIA Corporation"]
Sygate Personal Firewall, SmcService, "CTonguerogram FilesSygateSPFsmc.exe" ["Sygate Technologies, Inc."]
W2k PCtel speaker phone, Pctspk, "C:WINDOWSsystem32pctspk.exe" ["PCtel, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSSystem32wdfmgr.exe" [MS]


----------
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 830 seconds.
---------- (total run time: 3167 seconds)
Odpowiedz
#17
Użyj

[Aby zobaczyć linki, zarejestruj się tutaj]

.

Jeśli chodzi o FF... U mnie wszystko jest okej. Sprawdź na dole w liście rozwijanej jako jaki typ Ci zapisuje.
Odpowiedz
#18
z tego unHooka mam coś takiego:
Cytat:
[Version]
Signature="$Chicago$"
Provider=Symantec

[DefaultInstall]
AddReg=UnhookRegKey

[UnhookRegKey]
HKLM, SoftwareCLASSESbatfileshellopencommand,,,"""%1"" %*"
HKLM, SoftwareCLASSEScomfileshellopencommand,,,"""%1"" %*"
HKLM, SoftwareCLASSESexefileshellopencommand,,,"""%1"" %*"
HKLM, SoftwareCLASSESpiffileshellopencommand,,,"""%1"" %*"
HKLM, SoftwareCLASSESregfileshellopencommand,,,"regedit.exe ""%1"""
HKLM, SoftwareCLASSESscrfileshellopencommand,,,"""%1"" %*"
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem,DisableRegistryTools,0x00000020,0
Odpowiedz
#19
To teraz wklej to do notatnika i zapisz pod nazwą UnHookExec.inf
Kliknij na plik prawym przyciskiem myszy i wybierz instaluj
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Odpowiedz
#20
To nie do końca tak, jak napisał bodek . Zapisanie w ten sposób nic nie da.

Kliknij prawym przyciskiem myszy na ten link ->

[Aby zobaczyć linki, zarejestruj się tutaj]

-> Zapisz element docelowy jako -> zapisujesz (najlepiej na pulpicie) ->
bodek napisał(a):Kliknij na plik prawym przyciskiem myszy i wybierz instaluj
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości