brak aktiwe desktop,menu start, paska zadań win xp

[awja]

Witam.
Przy usuwaniu zarazonych plików (usuwałem Awastem, wszystko jak szło także z katalogów system i system32) komputer startuje, po zalogowaniu jjest pusty pulpit, bez paska stanu, menu start i ikon pulpitu, włącza się Explorer, więc można korzystać z kompa ale...
Posyłam logi i proszę znawców o pomoc.
Nie mogę przeinstalować systemu.

Kod: Zaznacz wszystko

[quote]Logfile of HijackThis v1.99.1
Scan saved at 20:53:25, on 2005-12-23
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\centrala\Moje dokumenty\ap\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\centrala\USTAWI~1\Temp\_tc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yaqqk.exe reg_run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Startup: TERMINARZ.lnk = C:\Program Files\CONTEC\Telbaza2\Sched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135187544437
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F72CABE-FFAD-4761-96D4-01CA1772A789}: NameServer = 192.168.174.20
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\m0lsla371d.dll (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)


Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

[/quote]
Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"1" = "C:\WINDOWS\System32\service\explorer.exe" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"CU1" = "C:\Program Files\Common Files\VCClient\VCClient.exe" [null data]
"CU2" = "C:\Program Files\Common Files\VCClient\VCMain.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsmqIntCert" = "regsvr32 /s mqrt.dll" [MS]
"WinVNC" = ""C:\Program Files\TightVNC\WinVNC.exe" -servicehelper" ["AT&T Research Labs Cambridge"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"timessquare" = "C:\windows\timessquare.exe" [file not found]
"Microsoft Office" = "C:\WINDOWS\System32\msvcp.exe" [null data]
"winsync" = "C:\WINDOWS\System32\yaqqk.exe reg_run" [file not found]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"*Restore" = "C:\WINDOWS\system32\restore\rstrui.exe -i" [MS]
"MicrosoftAntiSpywareCleaner" = "C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.0\program\shlxthdl.dll" ["Sun Microsystems, Inc."]
"{5CDEF874-B193-11D5-9C8F-0020AF16D64A}" = "PROInfTip Object"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\PCSCHE~1\PROinf.dll" ["DpS CAD-center ApS"]
"{B39B63C3-B26B-11D5-9C92-0020AF16D64A}" = "TPROProp Object"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\PCSCHE~1\PROprop.dll" ["DpS CAD-center ApS"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{AD142906-7DFF-4D29-A33B-C9D870E38E99}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cUrds.dll" [file not found]
"{909AE410-F579-4021-9601-8198FF1CCFAA}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "run" = "C:\WINDOWS\inet20001\winlogon.exe" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! msupdate\DLLName = "msupdate32.dll" [file not found]
INFECTION WARNING! ThemeManager\DLLName = "C:\WINDOWS\system32\m0lsla371d.dll" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
gyssq\(Default) = "{0dc149b4-c31e-410a-ade3-b021127f9423}"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\gmqql.dll" [file not found]


Group Policies [Description] {enabled Group Policy setting}:
------------------------------------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "ForceActiveDesktopOn"=dword:00000001
[enables Active Desktop and prevents disabling it]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Enable Active Desktop}

HIJACK WARNING! "Wallpaper" = "C:\WINDOWS\desktop.html"
[disables the Display Properties|Desktop (tab) (except the "Customize
Desktop..." button); selects wallpaper if Active Desktop is enabled]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Active Desktop Wallpaper|Wallpaper Name:}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop enabled via Group Policy.

Wallpaper selected via Group Policy.


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "centrala" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\centrala\Menu Start\Programy\Autostart
"TERMINARZ" -> shortcut to: "C:\Program Files\CONTEC\Telbaza2\Sched.exe" [null data]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


HOSTS file
----------

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
HIJACK WARNING! "DataBasePath" = "C:\WINDOWS\nsdb"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Message Queuing, MSMQ, "C:\WINDOWS\System32\mqsvc.exe" [MS]
Message Queuing Triggers, MSMQTriggers, "C:\WINDOWS\System32\mqtgsvc.exe" [MS]
Publikowanie za pomocą usługi  FTP, MSFtpsvc, "C:\WINDOWS\System32\inetsrv\inetinfo.exe" [MS]
VNC Server, winvnc, ""C:\Program Files\TightVNC\WinVNC.exe" -service" ["AT&T Research Labs Cambridge"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
LPR Port\Driver = "lprmon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 123 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 55 seconds.
---------- (total run time: 279 seconds)


[jeff]

poczytaj

http://forum.programosy.pl/hijackthis-gtobsuga-i-umieszczanie-loga-vt9452.html

i zobacz jak sie umieszcza log-a w tagach


przenosze

[Tom@szek]

Kasacja pod awaryjnym po wyłączeniu przywracania systemu, pogrubione pliki ręcznie usuwasz z systemu:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F2 - REG:system.ini: Shell=

O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe

O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yaqqk.exe reg_run

O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe

O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Startup: TERMINARZ.lnk = C:\Program Files\CONTEC\Telbaza2\Sched.exe

O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)

O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)

O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\m0lsla371d.dll (file missing)

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

[Red]

usuwasz z wylaczonym przywracaniem systemu w xp i w trybie awaryjnym f8

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yaqqk.exe reg_run
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\m0lsla371d.dll (file missing)

to co ci pogrubilem usuwasz recznie z systemu a reszte wpisow >>zaznacz w hijacku i nacisnij fix

dajesz dwa logi do kontroli

[awja]

Proszę o kontrolę logów,nadal brak pulpitu i menadżera zadań Po starcie uruchamia się exlorator, programy działają
Logi:
Logfile of HijackThis v1.99.1
Scan saved at 01:37:06, on 2006-01-06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Kod: Zaznacz wszystko

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\centrala\Ustawienia lokalne\temp\Katalog tymczasowy 6 dla hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: TERMINARZ.lnk = C:\Program Files\CONTEC\Telbaza2\Sched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135187544437
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F72CABE-FFAD-4761-96D4-01CA1772A789}: NameServer = 192.168.174.20
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)


"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Kod: Zaznacz wszystko

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"1" = "C:\WINDOWS\System32\service\explorer.exe" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsmqIntCert" = "regsvr32 /s mqrt.dll" [MS]
"WinVNC" = ""C:\Program Files\TightVNC\WinVNC.exe" -servicehelper" ["AT&T Research Labs Cambridge"]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.0\program\shlxthdl.dll" ["Sun Microsystems, Inc."]
"{5CDEF874-B193-11D5-9C8F-0020AF16D64A}" = "PROInfTip Object"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\PCSCHE~1\PROinf.dll" ["DpS CAD-center ApS"]
"{B39B63C3-B26B-11D5-9C92-0020AF16D64A}" = "TPROProp Object"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\PCSCHE~1\PROprop.dll" ["DpS CAD-center ApS"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{AD142906-7DFF-4D29-A33B-C9D870E38E99}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cUrds.dll" [file not found]
"{909AE410-F579-4021-9601-8198FF1CCFAA}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file not found]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
gyssq\(Default) = "{0dc149b4-c31e-410a-ade3-b021127f9423}"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\gmqql.dll" [file not found]


Group Policies [Description] {enabled Group Policy setting}:
------------------------------------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "ForceActiveDesktopOn"=dword:00000001
[enables Active Desktop and prevents disabling it]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Enable Active Desktop}

HIJACK WARNING! "Wallpaper" = "C:\WINDOWS\desktop.html"
[disables the Display Properties|Desktop (tab) (except the "Customize
Desktop..." button); selects wallpaper if Active Desktop is enabled]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Active Desktop Wallpaper|Wallpaper Name:}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop enabled via Group Policy.

Wallpaper selected via Group Policy.


Startup items in "centrala" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\centrala\Menu Start\Programy\Autostart
"TERMINARZ" -> shortcut to: "C:\Program Files\CONTEC\Telbaza2\Sched.exe" [null data]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


HOSTS file
----------

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
HIJACK WARNING! "DataBasePath" = "C:\WINDOWS\nsdb"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Message Queuing, MSMQ, "C:\WINDOWS\System32\mqsvc.exe" [MS]
Message Queuing Triggers, MSMQTriggers, "C:\WINDOWS\System32\mqtgsvc.exe" [MS]
Publikowanie za pomocą usługi  FTP, MSFtpsvc, "C:\WINDOWS\System32\inetsrv\inetinfo.exe" [MS]
VNC Server, winvnc, ""C:\Program Files\TightVNC\WinVNC.exe" -service" ["AT&T Research Labs Cambridge"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
LPR Port\Driver = "lprmon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
  use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 80 seconds, including 18 seconds for message boxes)

[Red]

Otwórz notatnik i wklej do niego:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=-

Plik >> Zapisz jako, zapisz jako typ: wszystkie pliki, nazwa pliku: Fix.reg
Klikasz dwa razy na powstały plik i potwierdzasz.

[awja]

Już tego próbowałem , niestety nic to nie zmienia. Komunikat o wpisie do rejestru jest ok.
Po wciśnięciu ctrl-alt-del Menedzer zadań jest nieaktywny, po wciśnięciu ctrl-shift-esc wyskakuje komunikat :"menedżer zadań został wyłączony przez administratora". Ten sam komunikat po uruchomieniu taskmgr (zalogowany jestem jako administrator)

[ Dodano: Dzisiaj o 1:01 ]
Z menedżerem już ok. Po zmianie rej. :


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableTaskMgr"=-

Ale nadal brak paska zadań i ikon pulpitu.