Brak apletów w panelu sterowania

Wszystko co dotyczy bezpieczeństwa systemów oraz walki z malware, w szczególności analiza logów
Awatar użytkownika
fusion

Użytkownik
Posty: 331
Rejestracja: 28 lut 2009, 21:44
Lokalizacja: Łódź

Brak apletów w panelu sterowania

Post04 mar 2009, 20:41

Cześć
Podejrzewam ,że mam jakiegoś wirusa.Gdy próbuję wejść w panel sterowania widać tylko to :

Dostępne tylko dla zarejestrowanych użytkowników

Proszę o sprawdzenie logów:

Kod: Zaznacz cały

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"COMODO SafeSurf" = ""C:\Program Files\Comodo\SafeSurf\cssurf.exe" -s" ["COMODO"]
"COMODO Internet Security" = ""C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h" ["COMODO"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{4255A182-CAD9-4214-A19B-7BA7FB633BBD}" = "Comodo Antivirus"
  -> {HKLM...CLSID} = "Comodo AntiVirus"
                   \InProcServer32\(Default) = "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll" [null data]
"{85D26561-0241-4BE2-A8DF-8F921A0EF948}" = "a-squared Free Shell Extension x64"
  -> {HKLM...CLSID} = "a-squared Free Shell Extension x64"
                   \InProcServer32\(Default) = "C:\Program Files (x86)\a-squared Free\a2freecontmenu64.dll" ["Emsi Software GmbH"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "PDBoot.exe" ["Raxco Software, Inc."]|"autocheck autochk *"

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Comodo Antivirus\(Default) = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"
  -> {HKLM...CLSID} = "Comodo AntiVirus"
                   \InProcServer32\(Default) = "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll" [null data]
WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
a-squared Free Shell Extension x64\(Default) = "{85D26561-0241-4BE2-A8DF-8F921A0EF948}"
  -> {HKLM...CLSID} = "a-squared Free Shell Extension x64"
                   \InProcServer32\(Default) = "C:\Program Files (x86)\a-squared Free\a2freecontmenu64.dll" ["Emsi Software GmbH"]
Comodo Antivirus\(Default) = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"
  -> {HKLM...CLSID} = "Comodo AntiVirus"
                   \InProcServer32\(Default) = "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll" [null data]
WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a-squared Free Shell Extension x64\(Default) = "{85D26561-0241-4BE2-A8DF-8F921A0EF948}"
  -> {HKLM...CLSID} = "a-squared Free Shell Extension x64"
                   \InProcServer32\(Default) = "C:\Program Files (x86)\a-squared Free\a2freecontmenu64.dll" ["Emsi Software GmbH"]


Default executables:
--------------------

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"DisableThumbnails" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AlcoholAutoPlayV2.BurnDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "BurnDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files (x86)\Alcohol Soft\Alcohol 120\alcohol_.exe" %1" ["Alcohol Soft Development Team"]

AlcoholAutoPlayV2.ReadDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "BurnDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files (x86)\Alcohol Soft\Alcohol 120\alcohol_.exe" %1" ["Alcohol Soft Development Team"]

MSPlayCDAudioOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.AudioCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS]

MSPlayDVDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.DVD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"" [MS]

MSPlaySuperVideoCDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.VCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSPlayVideoCDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.VCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSRipCDAudioOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.RipCD"
"InvokeVerb" = "Rip"
HKLM\SOFTWARE\Classes\WMP.RipCD\shell\Rip\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L" " [MS]

MSWMPBurnCDOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.BurnCD"
"InvokeVerb" = "Burn"
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" " [MS]

MSWMPBurnDataDVDArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.BurnDVD"
"InvokeVerb" = "Burn"
HKLM\SOFTWARE\Classes\WMP.BurnDVD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:DVDWrite /Device:"%L" " [MS]

NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files (x86)\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
  -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
                   \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

WIA_{72D4AB6D-7603-48DE-97C6-9B78AE78182E}\
"Provider" = "Microsoft Office Publisher"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE /IMG_STI /StiDevice:%1 /StiEvent:%2;"
  -> {HKLM...CLSID} = "WPDShextAutoplay"
                   \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{C127208D-2367-4116-B14D-7761E1C14986}\
"Provider" = "Microsoft Office Publisher"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE /IMG_WIA;"
  -> {HKLM...CLSID} = "WPDShextAutoplay"
                   \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{EB2D27F5-BBA0-4E65-ADC9-0426417F30B0}\
"Provider" = "Microsoft Office Word"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA;"
  -> {HKLM...CLSID} = "WPDShextAutoplay"
                   \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]


Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" ->  launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
  -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
                   \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" ->  launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" ->  launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
                   \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" ->  launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
                   \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask-Roam" ->  launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
                   \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" ->  launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"OptinNotification" ->  launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ScheduledDefrag" ->  launches: "%windir%\system32\defrag.exe -c -i" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
"Microsoft-Windows-DiskDiagnosticDataCollector" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ehDRMInit" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"mcupdate" ->  launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]
"OCURActivate" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]
"UpdateRecordPath" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" ->  launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
  -> {HKLM...CLSID} = "HotStart User Agent"
                   \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
"TMM" ->  launches: "{35EF4182-F900-4632-B072-8639E4478A61}"
  -> {HKLM...CLSID} = "Transient Multi-Monitor Manager"
                   \InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" ->  launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" ->  launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
  -> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
                   \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
"NAPStatus UI" ->  launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"
  -> {HKLM...CLSID} = "Nap ITask Handler Implementation"
                   \InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
"ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
"CrawlStartPages" ->  launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"
  -> {HKLM...CLSID} = "CrawlStartPages Task Handler"
                   \InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" ->  launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
  -> {HKLM...CLSID} = "GadgetsManager Class"
                   \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" ->  launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" ->  launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" ->  launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
  -> {HKLM...CLSID} = "MsCtfMonitor task handler"
                   \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" ->  launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
  -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
                   \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" ->  launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired
"GatherWiredInfo" ->  launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
"GatherWirelessInfo" ->  launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

a-squared Free Service, a2free, ""C:\Program Files (x86)\a-squared Free\a2service.exe"" ["Emsi Software GmbH"]
COMODO Internet Security Helper Service, cmdAgent, ""C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"" ["COMODO"]
PDAgent, PDAgent, ""C:\Program Files (x86)\Raxco\PerfectDisk\PDAgent.exe"" ["Raxco Software, Inc."]
PDEngine, PDEngine, ""C:\Program Files (x86)\Raxco\PerfectDisk\PDEngine.exe"" ["Raxco Software, Inc."]
StarWind AE Service, StarWindServiceAE, "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]
Usługa Protokół SSTP, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}
Windows Driver Foundation ? User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}


---------- (launch time: 2009-03-04 20:30:47)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 103 seconds.
---------- (total run time: 139 seconds)




Gdy próbuje odpalić combofix'a wyskakuje monit:

Dostępne tylko dla zarejestrowanych użytkowników

Proszę o pomoc. ;)
Ostatnio zmieniony 04 mar 2009, 21:47 przez rokko, łącznie zmieniany 3 razy.
Powód: drobna korekta tytułu

Awatar użytkownika
cosik_ktosik

Administrator
Posty: 21330
Rejestracja: 13 lis 2008, 01:17
Lokalizacja: Szczecin
Kontaktowanie:

Podejrzenie wirusa,nie widzi panelu sterowania

Post04 mar 2009, 20:44

silentrunners totalnie nie znam, więc poczekaj na djartę lub filutke.

Co do Combofixa, to zapewne Masz system 64 bitowy, a tutaj on nie chodzi.
Hotfix
Pozdrawiam, cosik_ktosik :)

filutka78

Użytkownik
Posty: 1485
Rejestracja: 28 sty 2009, 17:40

Re: Brak apletów w panelu sterowania

Post04 mar 2009, 23:52

Sillent Runner: czysto, żadnej infekcji.

Co do Panelu Sterowania:
Spróbuj to (choć nie wiem, czy to coś da) :
Do Notatnika wklej:

Kod: Zaznacz cały

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoControlPanel"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoControlPanel"=dword:00000000


Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).
Zrestartuj komputer.

F.

Awatar użytkownika
rokko

Administrator
Posty: 4082
Rejestracja: 23 lis 2008, 22:14
Lokalizacja: Myszków
Kontaktowanie:

Brak apletów w panelu sterowania

Post05 mar 2009, 00:09

Poradniki informatyczne »» Dostępne tylko dla zarejestrowanych użytkowników
Na stronie znajdziesz porady komputerowe a także informacje dotyczące technik promowania serwisów WWW, ciekawe narzędzia dla marketingowców. Zapraszam!

Promocja sklepów, Optymalizacja stron, Pozycjonowanie w Google »» kontakt<małpa>techformator.pl
W sprawach IT nie pomagam na PW



  • Reklama

Wróć do „Bezpieczeństwo”



Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 3 gości