Brak opcji zmiany pulpitu

[messiah]

Otoz wczoraj przez przypadek uruchomilem plik, po chwili antyvir zaczal znajdowac rozne podejrzane pliki. po czym na pulpicie zobaczylem okienko: "Warning, spyware was detected on your computer". W goglach znalazlem ze powinienem to potraktowac np. SDFix`em. Log z programu:

SDFix: Version 1.235
Run by Administrator on 2008-10-16 at 13:43

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\lphct0qj0e3b3.exe - Deleted
C:\WINDOWS\system32\urqQhIXp.dll - Deleted
C:\WINDOWS\system32\phct0qj0e3b3.bmp - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 14:00:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:79,c6,84,9f,6a,4f,ff,d6,31,cd,e9,3a,8c ,9d,c7,48,af,a7,d3,cc,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:27,6d,b2,92,de,28,e3,19,8a,d2,5d,42,4b ,15,66,87,0d,72,44,e4,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"a0"=hex:20,01,00,00,66,01,f4,e6,2e,96,76,53,9a,b9 ,25,2b,f6,3c,f1,61,08,..
"khjeh"=hex:20,7a,e2,c9,2e,4f,79,dc,6b,18,9d,c4,21 ,59,f7,33,d8,e0,a6,cd,39,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:74,18,47,7b,00,ff,fe,8f,a8,42,d1,58,dc ,e8,90,d6,3d,e9,fc,77,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf41]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf42]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf43]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:79,c6,84,9f,6a,4f,ff,d6,31,cd,e9,3a,8c ,9d,c7,48,af,a7,d3,cc,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:27,6d,b2,92,de,28,e3,19,8a,d2,5d,42,4b ,15,66,87,0d,72,44,e4,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,66,01,f4,e6,2e,96,76,53,9a,b9 ,25,2b,f6,3c,f1,61,08,..
"khjeh"=hex:20,7a,e2,c9,2e,4f,79,dc,6b,18,9d,c4,21 ,59,f7,33,d8,e0,a6,cd,39,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:74,18,47,7b,00,ff,fe,8f,a8,42,d1,58,dc ,e8,90,d6,3d,e9,fc,77,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf41]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf42]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf43]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\tzar\\Tzar.exe"="D:\\Program Files\\tzar\\Tzar.exe:*:Enabled:Tzar"
"D:\\kozaki\\dmcr.exe"="D:\\kozaki\\dmcr.exe:*:Ena bled:dmcr"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS \\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"D:\\Program Files\\Praetorians\\Praetorians.exe"="D:\\Program Files\\Praetorians\\Praetorians.exe:*:Enabled:Prae torians"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"D:\\Program Files\\Little Fighter 2.5 - v2.0\\lf2.5\\lf2.5.exe"="D:\\Program Files\\Little Fighter 2.5 - v2.0\\lf2.5\\lf2.5.exe:*:Enabled:lf2.5"
"D:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="D:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"D:\\Program Files\\Metin2_PL\\metin2.bin"="D:\\Program Files\\Metin2_PL\\metin2.bin:*:Enabled:metin2"
"D:\\Program Files\\Celtic Kings\\Celtic kings.exe"="D:\\Program Files\\Celtic Kings\\Celtic kings.exe:*:Enabled:Celtic kings"
"D:\\Program Files\\Anno 1602\\START.exe"="D:\\Program Files\\Anno 1602\\START.exe:*:Enabled:1602"
"D:\\Program Files\\Original War\\OwarFull.dll"="D:\\Program Files\\Original War\\OwarFull.dll:*:Enabled:OwarFull"
"D:\\Program Files\\Original War\\OwarLite.dll"="D:\\Program Files\\Original War\\OwarLite.dll:*:Enabled:OwarLite"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 25 Sep 2008 24 ..SH. --- "C:\WINDOWS\SCE40E959.tmp"
Tue 4 Jul 2006 4,789,792 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 15 Aug 2008 56 ..SHR --- "C:\WINDOWS\system32\98303EF539.sys"
Fri 15 Aug 2008 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Finished!

Mimo wszystko dalej mam zablokowane opcje zmiany pulpitui wygaszacza ekranu. Czy ktos moze mi powiedziec jak to zrobic i czy w ten sposob wyczyscilem komputer?

[4ndr1u]

hmmmmm................... najskuteczniejszy byłby format dysku ale powiedz jakiego antywira używasz jakiego firewall'a

[messiah]

Antyvir: avast a firewall systemowy

[4ndr1u]

Antyvir: avast a firewall systemowy

;/ avast to tak jakbyś zapraszał wirusy do komputera
zainstaluj sobie to i przeskanuj komputer: Eset smart security

[javaman]

Polecam kasperskiego. swoją drogą wiem co to, bo miałem to kiedyś kiedy jeszcze używałem wina. Straszny syf, pewnie propunuje Ci co jakiś czas byś ściągnął ich wypas super antywirus antyspyware(oczywiście płatna licencja)?
Przejedź kasperskim, ale z pod trybu awaryjnego. Z tego co pamietam, to tak wlasnie się tego dziadostwa pozbylem.

[4ndr1u]

a i jeszcze jeśli chodzi o bezpieczeństwo Windowsa to radze zajrzeć tutaj

i jeszcze skuteczny(według mnie) firewall: Comodo Firewall Pro