cmd.EXE I ftp.EXE problem

28.02.06, 22:48
w menadzeze zadan nie moge tego wyłaczyc pisze ze brak uprawnien jak to
zmienic jeszcze do wczoraj mogłem to zrobic zmieniłem usb na karte sieciowa i
nie moge .dodam ze teraz na usb tez nie moge . jak zmienia sie uprawnienia do
debugowania?wklejam log moze co pomozecie pliiiiiiis
Logfile of HijackThis v1.99.1
Scan saved at 22:47:38, on 2006-02-28
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ypcwuqwy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
c:\winsysban12.exe
C:\Program Files\mozzila new\firefox.exe
C:\Documents and Settings\swiderro\Pulpit\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
searchbar.findthewebsiteyouneed.com
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} -
C:\WINDOWS\System32\ssqpq.dll
O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} -
C:\WINDOWS\System32\ddabc.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
-lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
runtime
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [tcsvc] rundll32.exe C:\WINDOWS\System32\tcsvc.dll,start
O4 - HKLM\..\Run: [winsysupd] c:\\winsysupd12.exe
O4 - HKLM\..\Run: [winsysban] c:\\winsysban12.exe
O4 - HKLM\..\Run: [gimmygames] c:\\gimmygames12.exe
O4 - HKLM\..\Run: [Microsoft FixUp] ypcwuqwy.exe
O4 - HKLM\..\RunServices: [Microsoft FixUp] ypcwuqwy.exe
O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI
Technologies\ATI.ACE\CLI.exe
O20 - Winlogon Notify: ddabc - C:\WINDOWS\System32\ddabc.dll
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\o0pq0a75ed.dll
O20 - Winlogon Notify: ssqpq - C:\WINDOWS\SYSTEM32\ssqpq.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program
Files\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe

    • barracuda7110 Re: cmd.EXE I ftp.EXE problem 28.02.06, 23:19
      Masz nieupdate'owany system: www.windowsupdate.com

      po drugie:
      > c:\winsysban12.exe
      Zakończ w menadżerze zadań, skasuj plik z dysku i wywal wpis w hijackthis

      Skasuj:
      > O4 - HKLM\..\Run: [winsysupd] c:\\winsysupd12.exe
      > O4 - HKLM\..\Run: [winsysban] c:\\winsysban12.exe
      > O4 - HKLM\..\Run: [gimmygames] c:\\gimmygames12.exe


      To jest podejrzane:
      > C:\WINDOWS\System32\ypcwuqwy.exe
      > O4 - HKLM\..\Run: [Microsoft FixUp] ypcwuqwy.exe
      > O4 - HKLM\..\RunServices: [Microsoft FixUp] ypcwuqwy.exe
      > O20 - Winlogon Notify: ddabc - C:\WINDOWS\System32\ddabc.dll
      > O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\o0pq0a75ed.dll
      > O20 - Winlogon Notify: ssqpq - C:\WINDOWS\SYSTEM32\ssqpq.dll
      • kolobos Re: cmd.EXE I ftp.EXE problem 01.03.06, 11:57
        Do tego skan:
        linorg.ciagri.usp.br/ftp/pub/windows/anti-spyware/ssfsetup1_0.exe
        download.ewido.net/ewido-setup.exe
        Przed skanowaniem zrob update definicji, po przeskanowaniu odinstaluj oba
        programy.
        www.simplytech.it/L2MRemover/index_e.htm
        www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/Killme.shtml
        Po wszystkim nowy log.
        • swiderro69 Re: cmd.EXE I ftp.EXE problem 01.03.06, 15:29
          Nadal nie moge usunac wpisów 02 i 20.Przegladak mi szaleje sama sie odpala na
          rozne strony przeskakuje zmniejsza sie normalnie nie da sie
          pracowac.skandal.Nadal nie moge wyłaczyc procesow pisze mi ze brakuprawnien ale
          wszystko w winowsie ustawiłem.ten program kill2me nic nie znajduje a l2me
          remover znajduje dwa pliki i sie zawiesza.

          Logfile of HijackThis v1.99.1
          Scan saved at 15:24:30, on 2006-03-01
          Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\SYSTEM32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Avast4\aswUpdSv.exe
          C:\Program Files\Avast4\ashServ.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\SYSTEM32\rundll32.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\System32\devldr32.exe
          C:\PROGRA~1\Avast4\ashDisp.exe
          C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
          C:\Program Files\DAEMON Tools\daemon.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
          C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
          C:\Program Files\mozzila new\firefox.exe
          C:\Documents and Settings\swiderro\Pulpit\HijackThis\HijackThis.exe

          O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} -
          C:\WINDOWS\System32\ddabc.dll
          O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control
          Panel\atiptaxx.exe"
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
          O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
          -lang 1033
          O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
          runtime
          O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
          O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program
          Files\Unlocker\UnlockerAssistant.exe
          O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI
          Technologies\ATI.ACE\CLI.exe
          O20 - Winlogon Notify: ddabc - C:\WINDOWS\System32\ddabc.dll
          O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\mpdtcuiu.dll
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
          C:\Program Files\Avast4\aswUpdSv.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
          C:\WINDOWS\System32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: avast! Antivirus - Unknown owner - C:\Program
          Files\Avast4\ashServ.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
          - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

          • swiderro69 Re: cmd.EXE I ftp.EXE problem 01.03.06, 16:17
            poczytałem troche i zauwazyłem ze te okienka to jest look2me. nie daja mi one
            spokoju .jak je usunac?probowałem jeszcze ETRemover_v212 ale ten to nic nie
            działa odpala sie i jak wybieram skan to pisze ze trzeba zrestarowac kompa pred
            uzyciem tego programu i po restarcie to samo .moze log z VX2Finder cos
            pomoze.prosze o pomoc
            Files Found---

            Additional Files---

            Keys Under Notify---
            ddabc
            policies


            Guardian Key-
            • barracuda7110 Re: cmd.EXE I ftp.EXE problem 01.03.06, 18:14
              Spróbuj w trybie awaryjnym albo zobacz czy program killbox sobie z tym poradzi.
          • kolobos Re: cmd.EXE I ftp.EXE problem 01.03.06, 19:08
            Zostalo:
            O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} -
            C:\WINDOWS\System32\ddabc.dll <- wyrejestruj to: Start->Uruchom->regsvr32 /u
            C:\WINDOWS\System32\ddabc.dll nastepnie usun plik oraz oba wpisy.
            O20 - Winlogon Notify: ddabc - C:\WINDOWS\System32\ddabc.dll
            O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\mpdtcuiu.dll <- dalej
            masz look2me.

            Sprobuj uruchomic programy do usuwania l2m w trybie awaryjnym, a jak nie
            zadzialaja to usun recznie:
            www.searchengines.pl/phpbb203/index.php?
            showtopic=12510&st=30&p=109496&#entry114917
            • swiderro69 Re: cmd.EXE I ftp.EXE problem 01.03.06, 20:52
              wielkie dzieki udało sie usunac pliki w trybie textowym .wklejam naprawiony log.
              chciałbym w meadzeze zadan wyłaczyc cmd.exe i ftp.exe ale pisze mi ze odmowa
              dostepu .Czemu?wczoraj jeszcze to mogłem zrobic .czy to znaczy ze jeszcze cos
              mam złosiwego w sysytemie .ustawien nie zmieniałem wiec co sie mogło stac?
              prosze o pomoc jezeli to mozliwe

              Logfile of HijackThis v1.99.1
              Scan saved at 20:46:03, on 2006-03-01
              Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\SYSTEM32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\System32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Avast4\aswUpdSv.exe
              C:\Program Files\Avast4\ashServ.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\cmd.exe
              C:\PROGRA~1\Avast4\ashDisp.exe
              C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
              C:\Program Files\DAEMON Tools\daemon.exe
              C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
              C:\WINDOWS\System32\devldr32.exe
              C:\WINDOWS\SYSTEM32\ftp.exe
              C:\Program Files\Unlocker\UnlockerAssistant.exe
              C:\Program Files\mozzila new\firefox.exe
              C:\Documents and Settings\swiderro\Pulpit\HijackThis\HijackThis.exe

              O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control
              Panel\atiptaxx.exe"
              O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
              O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
              O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
              -lang 1033
              O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
              runtime
              O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
              O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program
              Files\Unlocker\UnlockerAssistant.exe
              O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI
              Technologies\ATI.ACE\CLI.exe
              O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
              C:\Program Files\Avast4\aswUpdSv.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
              C:\WINDOWS\System32\Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: avast! Antivirus - Unknown owner - C:\Program
              Files\Avast4\ashServ.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
              - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

              • kolobos Re: cmd.EXE I ftp.EXE problem 01.03.06, 21:04
                Jestes zalogowany jako uzytkownik z prawami administratora?
                Wklej log z:
                www.silentrunners.org/Silent%20Runners.vbs
                • swiderro69 Re: cmd.EXE I ftp.EXE problem 01.03.06, 21:09
                  No właśnie jestem zalogowany jako admin.
                  Kurcze normalnie jestes WIELKI ,ja z tego loga nic nie kumam.dzieki!

                  'Silent Runners.vbs
                  • kolobos Re: cmd.EXE I ftp.EXE problem 01.03.06, 21:16
                    Masz sciagnac ten plik na dysk i uruchomic, a nie go otworzyc i wkleic
                    zawartosc...
                    • swiderro69 Re: cmd.EXE I ftp.EXE problem 01.03.06, 21:36
                      mam plik sr.vbr no jak na niego klikam to pojawia mi sie komunikat windowsa:

                      Host skryptów systemu windows
                      skrypt: c:\dokument and settigs\swiderro\pulpit\silientRunners.vbs
                      wiersz:644
                      znak:2
                      Błąd:0x80041003
                      Kod:80041003
                      Źródło:(null)
                      • kolobos Re: cmd.EXE I ftp.EXE problem 01.03.06, 22:00
                        Chyba jednak nie jestes zalogowany jako administrator...
                        • swiderro69 Re: cmd.EXE I ftp.EXE problem 01.03.06, 22:07
                          w panelu sterowania w kontach uzytkownika wyraznie mam napisane swiderro
                          administrator komputera.cos jest nie tak
                          • Gość: k Re: cmd.EXE I ftp.EXE problem IP: *.warszawa.sdi.tpnet.pl 01.03.06, 22:28
                            Sprobuj uruchomic w trybie awaryjnym.
                            • swiderro69 Re: cmd.EXE I ftp.EXE problem 02.03.06, 10:24
                              "Silent Runners.vbs", revision 43, www.silentrunners.org/
                              Operating System: Windows XP
                              Output limited to non-default values, except where indicated by "{++}"


                              Startup items buried in registry:
                              ---------------------------------

                              HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                              "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe""
                              ["ATI Technologies, Inc."]
                              "avast!" = "C:\PROGRA~1\Avast4\ashDisp.exe" [null data]
                              "AudioHQ" = "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" ["Creative
                              Technology Ltd."]
                              "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT
                              Soft Ltd."]
                              "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]
                              "WinFast Schedule" = "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" ["Leadtek
                              Research Inc."]
                              "UnlockerAssistant" = "C:\Program Files\Unlocker\UnlockerAssistant.exe" [null data]

                              HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}
                              "Flag" = (empty string)

                              HKLM\Software\Microsoft\Active Setup\Installed Components\
                              {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
                              \StubPath =
                              ""C:\WINDOWS\System32\rundll32.exe" "C:\Program
                              Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

                              HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
                              {20D57A66-F7DF-467d-907B-9B7F4A118AB7}\(Default) = (no title provided)
                              -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ddccd.dll" [null data]

                              HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                              "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
                              -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
                              ["Hilgraeve, Inc."]
                              "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
                              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                              [null data]
                              "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
                              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll"
                              ["ALWIL Software"]
                              "{7A4097B2-6022-4670-995F-DA363EBF947F}" = "Custom shell context menu extension"
                              -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shctxex.dll" [empty
                              string]
                              "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
                              -> {CLSID}\InProcServer32\(Default) =
                              "C:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS]
                              "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
                              -> {CLSID}\InProcServer32\(Default) =
                              "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
                              "{65915652-50B1-4F60-AA68-98E4FC1AC4D3}" = (no title provided)
                              -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mnqm.dll" [file not
                              found]
                              "{CAC48E5D-781E-4B97-9318-656D7BC8DB8D}" = (no title provided)
                              -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file
                              not found]
                              "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
                              -> {CLSID}\InProcServer32\(Default) = "C:\Program
                              Files\Unlocker\UnlockerCOM.dll" [null data]

                              HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
                              INFECTION WARNING! "{20D57A66-F7DF-467d-907B-9B7F4A118AB7}" = (no title provided)
                              -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ddccd.dll" [null data]

                              HKLM\System\CurrentControlSet\Control\Session Manager\
                              INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not
                              found], [MS], [file not found], [file not found]

                              HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
                              INFECTION WARNING! ddccd\DLLName = "ddccd.dll" [null data]

                              HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
                              avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
                              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll"
                              ["ALWIL Software"]
                              Custom shell context menu extension\(Default) =
                              "{7A4097B2-6022-4670-995F-DA363EBF947F}"
                              -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shctxex.dll" [empty
                              string]
                              WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                              [null data]

                              HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
                              Custom shell context menu extension\(Default) =
                              "{7A4097B2-6022-4670-995F-DA363EBF947F}"
                              -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shctxex.dll" [empty
                              string]
                              WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                              [null data]

                              HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
                              avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
                              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll"
                              ["ALWIL Software"]
                              UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
                              -> {CLSID}\InProcServer32\(Default) = "C:\Program
                              Files\Unlocker\UnlockerCOM.dll" [null data]
                              WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                              [null data]


                              Active Desktop and Wallpaper:
                              -----------------------------

                              Active Desktop is disabled at this entry:
                              HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


                              Startup items in "swiderro" & "All Users" startup folders:
                              ----------------------------------------------------------

                              C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
                              "ATI CATALYST � pasek zadań" -> shortcut to: "C:\Program Files\ATI
                              Technologies\ATI.ACE\CLI.exe SystemTray" [null data]


                              Winsock2 Service Provider DLLs:
                              -------------------------------

                              Namespace Service Providers

                              HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
                              {++}
                              000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
                              000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
                              000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

                              Transport Service Providers

                              HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
                              {++}
                              0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
                              %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
                              %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


                              Toolbars, Explorer Bars, Extensions:
                              ------------------------------------

                              Toolbars

                              HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
                              "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
                              -> {CLSID}\InProcServer32\(Default) = "c:\program
                              files\google\googletoolbar1.dll" ["Google Inc."]


                              Running Services (Display Name, Service Name, Path {Service DLL}):
                              ------------------------------------------------------------------

                              Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI
                              Technologies Inc."]
                              avast! Antivirus, avast! Antivirus, ""C:\Program Files\Avast4\ashServ.exe""
                              [null data]
                              avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Avast4\aswUpdSv.exe""
                              [null data]
                              Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


                              ----------
                              + This report excludes default entries except where indicated.
                              + To see *everywhere* the script checks and *everything* it finds,
                              launch it from a command prompt or a shortcut with the -all parameter.
                              + To search all directories of local fixed drives for DESKTOP.INI
                              DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
                              use the -supp parameter or answer "No" at the first message box.
                              --------
                              • kolobos Re: cmd.EXE I ftp.EXE problem 02.03.06, 13:12
                                Wylacz usluge: Windows User Mode Driver Framework
                                W Start->Uruchom->services.msc

                                Uruchom regedit, przejdz do:
                                HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\
                                "Flag" = (empty string) <- to usun

                                HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
                                {20D57A66-F7DF-467d-907B-9B7F4A118AB7}\(Default) = (no title provided) <- ten
                                wpis usun

                                HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                                "{65915652-50B1-4F60-AA68-98E4FC1AC4D3}" = (no title provided) <- i ten

                                "{CAC48E5D-781E-4B97-9318-656D7BC8DB8D}" = (no title provided)
                                -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file
                                not found] <- ten tez usun.

                                HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
                                INFECTION WARNING! "{20D57A66-F7DF-467d-907B-9B7F4A118AB7}" = (no title
                                provided) <- i ten

                                HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
                                INFECTION WARNING! ddccd\DLLName = "ddccd.dll" [null data] <- i ten, a plik
                                usun z dysku!

                                eh...
                                • swiderro69 Re: cmd.EXE I ftp.EXE problem 02.03.06, 15:09
                                  Juz sam nie wiem teraz nie moge ani przeniesc ani zmienic nazwy ani tez wyrzucic
                                  dowolnych katalowów i plikow pisze mi ze explorer.exe spowodował bład i ze
                                  zostanie zamkniety

                                  "Silent Runners.vbs", revision 43, www.silentrunners.org/
                                  Operating System: Windows XP
                                  Output limited to non-default values, except where indicated by "{++}"


                                  Startup items buried in registry:
                                  ---------------------------------

                                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                                  "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe""
                                  ["ATI Technologies, Inc."]
                                  "avast!" = "C:\PROGRA~1\Avast4\ashDisp.exe" [null data]
                                  "AudioHQ" = "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" ["Creative
                                  Technology Ltd."]
                                  "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT
                                  Soft Ltd."]
                                  "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]
                                  "WinFast Schedule" = "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" ["Leadtek
                                  Research Inc."]
                                  "UnlockerAssistant" = "C:\Program Files\Unlocker\UnlockerAssistant.exe" [null data]

                                  HKLM\Software\Microsoft\Active Setup\Installed Components\
                                  {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
                                  \StubPath =
                                  ""C:\WINDOWS\System32\rundll32.exe" "C:\Program
                                  Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

                                  HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                                  "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
                                  ["Hilgraeve, Inc."]
                                  "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                                  [null data]
                                  "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll"
                                  ["ALWIL Software"]
                                  "{7A4097B2-6022-4670-995F-DA363EBF947F}" = "Custom shell context menu extension"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shctxex.dll" [empty
                                  string]
                                  "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
                                  -> {CLSID}\InProcServer32\(Default) =
                                  "C:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS]
                                  "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
                                  -> {CLSID}\InProcServer32\(Default) =
                                  "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
                                  "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\Program
                                  Files\Unlocker\UnlockerCOM.dll" [null data]

                                  HKLM\System\CurrentControlSet\Control\Session Manager\
                                  INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not
                                  found], [MS], [file not found], [file not found]

                                  HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
                                  avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll"
                                  ["ALWIL Software"]
                                  Custom shell context menu extension\(Default) =
                                  "{7A4097B2-6022-4670-995F-DA363EBF947F}"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shctxex.dll" [empty
                                  string]
                                  WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                                  [null data]

                                  HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
                                  Custom shell context menu extension\(Default) =
                                  "{7A4097B2-6022-4670-995F-DA363EBF947F}"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shctxex.dll" [empty
                                  string]
                                  WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                                  [null data]

                                  HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
                                  avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll"
                                  ["ALWIL Software"]
                                  UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\Program
                                  Files\Unlocker\UnlockerCOM.dll" [null data]
                                  WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                                  [null data]


                                  Active Desktop and Wallpaper:
                                  -----------------------------

                                  Active Desktop is disabled at this entry:
                                  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


                                  Startup items in "swiderro" & "All Users" startup folders:
                                  ----------------------------------------------------------

                                  C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
                                  "ATI CATALYST – pasek zadań" -> shortcut to: "C:\Program Files\ATI
                                  Technologies\ATI.ACE\CLI.exe SystemTray" [null data]


                                  Winsock2 Service Provider DLLs:
                                  -------------------------------

                                  Namespace Service Providers

                                  HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
                                  {++}
                                  000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
                                  000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
                                  000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

                                  Transport Service Providers

                                  HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
                                  {++}
                                  0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
                                  %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
                                  %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


                                  Toolbars, Explorer Bars, Extensions:
                                  ------------------------------------

                                  Toolbars

                                  HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
                                  "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
                                  -> {CLSID}\InProcServer32\(Default) = "c:\program
                                  files\google\googletoolbar1.dll" ["Google Inc."]

                                  "{44BE0690-5429-47F0-85BB-3FFD8020233E}" = "UCmore XP - The Search Accelerator"
                                  [from CLSID]
                                  -> {CLSID}\InProcServer32\(Default) = "C:\Program
                                  Files\TheSearchAccelerator\UCMTSAIE.dll" ["Effective-i Inc."]


                                  All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
                                  ---------------------------------------------------------------------------

                                  ASP.NET State Service, aspnet_state,
                                  "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [MS]
                                  Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI
                                  Technologies Inc."]
                                  ATI Smart, ATI Smart, "C:\WINDOWS\system32\ati2sgag.exe" [empty string]
                                  avast! Antivirus, avast! Antivirus, ""C:\Program Files\Avast4\ashServ.exe""
                                  [null data]
                                  avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Avast4\aswUpdSv.exe""
                                  [null data]
                                  InstallDriver Table Manager, IDriverT, "C:\Program Files\Common
                                  Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" ["Macrovision Corporation"]
                                  Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
                                  Portable Media Serial Number Service, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe
                                  -k netsvcs" {"C:\WINDOWS\System32\MsPMSNSv.dll" [MS]}
                                  Usługa administracyjna Menedżera dysków logicznych, dmadmin,
                                  "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]


                                  ----------
                                  + This report excludes default entries except where indicated.
                                  + To see *everywhere* the script checks and *everything* it finds,
                                  launch it from a command prompt or a shortcut with the -all parameter.
                                  + To search all directories of local fixed drives for DESKTOP.INI
                                  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
                                  use the -supp parameter or answer "No" at the first message box.
                                  --------
                                  • Gość: k Re: cmd.EXE I ftp.EXE problem IP: *.warszawa.sdi.tpnet.pl 02.03.06, 15:40
                                    Widze, ze sobie zainstalowales nowy spyware:
                                    "{44BE0690-5429-47F0-85BB-3FFD8020233E}" = "UCmore XP - The Search Accelerator"
                                    [from CLSID]
                                    -> {CLSID}\InProcServer32\(Default) = "C:\Program
                                    Files\TheSearchAccelerator\UCMTSAIE.dll" ["Effective-i Inc."]

                                    Wiec jaki sens ma usuwanie skoro zaraz znowu cos psujesz?
                                    Przeskanuj jeszcze raz system tym co podalem na poczatku.

                                    Moze lepiej bedzie jak przeinstalujesz system, zainstalujesz aktualizacje,
                                    firewall, antyvirus oraz inna przegladarke np. Opere lub Firefox i nie bedziesz
                                    wiecej instalowal spywareu itp...
                                    • swiderro69 Re: cmd.EXE I ftp.EXE problem 02.03.06, 16:27
                                      wiesz najdziwniejsze jest to ze niczego nie sciagałem .Jak zrestaruje kompa to
                                      avast mi wyje ze znalazł wiry i je usuwa a pokolejnym restarcie jest to samo te
                                      same pliki i avast znowu wyje . i nadal problem z explorerem.nie bardzo mam
                                      ochote na format bo mam wazne materiały ze uczelnii
                                      • Gość: k Re: cmd.EXE I ftp.EXE problem IP: *.warszawa.sdi.tpnet.pl 02.03.06, 16:29
                                        Wiec to co wazne zgraj na inna partycje lub nagraj na plyte.
    • swiderro69 Re: cmd.EXE I ftp.EXE problem 01.03.06, 21:42
      niezauwazyłam ale jak uruchomiłem tego SR to pojawił sie jeszcze taki plik tekstowy
      "Silent Runners.vbs", revision 43, www.silentrunners.org/
      Operating System: Windows XP
      Output limited to non-default values, except where indicated by "{++}"
Pełna wersja