Dodaj do ulubionych

Dziwne rzeczy w autostarcie (msconfig)...

17.02.06, 22:58
tydzien.strefa.pl/zrzut.jpg
Na obrazku dokładnie widać o co mi chodzi...
Mam 4 sztuki programów (?), którym zabroniłam uruchamiać się przy starcie.
Nazwy elementu startowego i polecenia przy dwóch mają postać "krzaków", a
wszystkie cztery uciętą nazwę klucza w lokalizacji.
Jak się tego pozbyć i gdzie szukać?
W rejestrze nie mogę np znaleźć "winampa.exe" - ani w postaci nazwy pliku,
ani podając całą ścieżkę, myszy nie próbowałam, a krzaki w ogóle bezimienne
są.
CO schrzaniłam i jak się tego pozbyć z msconfiga?
Dodam, że FastDefrag "nie widzi" tych 4 sztuk w autostarcie, tak samo nie
widzi ich jv16PowerTools... Ki diabeł ?

Wszelkie skanery pokazują, że komputer jest czysty, w logu hijackowym nic nie
widzę, Silent Runners nie alarmuje, porty mam pozamykane za pomocą wwdc, nic
wielkiego się nie dzieje, tylko mnie ten śmietnik drzaźni...

System - Win XP Profesional, jakby się kto pytał.

ps
Mam jeszcze inny drobny problem, ale o tym potem może... najpierw bym to, co
wyżej chciała zgłębić przy Waszej pomocy...
Edytor zaawansowany
  • 17.02.06, 23:43
    Wlacz w msconfig to co wylaczylas, a nastepnie wklej log z hijackthis na forum.
  • 17.02.06, 23:48
    Dobra, mam nadzieję, że nie wybuchnie :-)
  • 18.02.06, 00:02
    Logfile of HijackThis v1.99.1
    Scan saved at 00:00:45, on 2006-02-18
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\PROGRAMY\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    D:\PROGRAMY\Miranda IM\miranda32.exe
    D:\PROGRAMY\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    forum.gazeta.pl/forum/71,1.html?f=297
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = localhost:4001
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    F2 - REG:system.ini: Shell=explorer.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    D:\PROGRAMY\Spybot - Search &

    Destroy\SDHelper.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
    C:\Program Files\Common

    Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton Internet

    Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
    A37C9A5676A7} - C:\Program Files\Common

    Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton Internet

    Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [StartupMonitor] C:\WINDOWS\StartupMonitor.exe
    O4 - HKLM\..\Run: [gcasServ] "D:\PROGRAMY\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [WinampAgent] "D:\PROGRAMY\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Add to &Teleport - E:\PROGRA~1\TELEPO~1
    \teleport.htm
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11

    \EXCEL.EXE/3000
    O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
    res://C:\PROGRA~1\MICROS~2

    \Office\1045\phdintl.dll/phdContext.htm
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: arcaonline.arcabit.com
    O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -

    arcaonline.arcabit.com/ArcaOnline.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122156215026
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129572208870
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

    www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

    download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4692/mcfscan.cab
    O18 - Filter hijack: text/xml - (no CLSID) - (no file)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
    \Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
    C:\Program Files\Common

    Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
    C:\Program Files\Common

    Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
    C:\Program Files\Common

    Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
    C:\Program Files\Common

    Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton
    Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
    Corporation - C:\Program Files\Norton

    Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware -
    D:\PROGRAMY\SiSoftware\SiSoftware Sandra

    Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware -
    D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite

    2005.SR3\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    Internet Security\Norton

    AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
    C:\PROGRA~1\COMMON~1

    \SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common

    Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
    Files\Common

    Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
    Software - C:\Program Files\Alcohol

    Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec

    Shared\CCPD-LC\symlcsvc.exe




    tydzien.strefa.pl/zrzut2.jpg
  • 18.02.06, 00:33
    Logfile of HijackThis v1.99.1
    Scan saved at 00:00:45, on 2006-02-18
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\PROGRAMY\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    D:\PROGRAMY\Miranda IM\miranda32.exe
    D:\PROGRAMY\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    forum.gazeta.pl/forum/71,1.html?f=297
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = localhost:4001
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    F2 - REG:system.ini: Shell=explorer.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
    A37C9A5676A7} - C:\Program Files\Common Files\Symantec
    Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [StartupMonitor] C:\WINDOWS\StartupMonitor.exe
    O4 - HKLM\..\Run: [gcasServ] "D:\PROGRAMY\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [WinampAgent] "D:\PROGRAMY\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Add to &Teleport - E:\PROGRA~1\TELEPO~1
    \teleport.htm
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
    res://C:\PROGRA~1\MICROS~2\Office\1045\phdintl.dll/phdContext.htm
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: arcaonline.arcabit.com
    O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
    arcaonline.arcabit.com/ArcaOnline.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122156215026
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129572208870
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
    www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4692/mcfscan.cab
    O18 - Filter hijack: text/xml - (no CLSID) - (no file)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
    \Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton
    Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
    Corporation - C:\Program Files\Norton Internet Security\Norton
    AntiVirus\navapsvc.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware -
    D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware -
    D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
    Software - C:\Program Files\Alcohol Soft\Alcohol 120
    \StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

  • 18.02.06, 00:58
    Winampagent wylacz w opcjach winampa lub w opcjach ikonki winamp agenta albo
    jak chcesz to usun wpis w hijackthis.
    mouse32a.exe wylacz w msonfig.

    Usun w hijackthis:
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
    O18 - Filter hijack: text/xml - (no CLSID) - (no file)

    Zobacz tez w msconfig gdzie dokladnie znajduja sie te wpisy z krzakami
    (rozciagnij pole "lokalizacja") nastepnie w regedit odszukaj te wpisy i napisz
    co tam masz.
  • 18.02.06, 01:07
    tydzien.strefa.pl/zrzut2.jpg
    na nim widać, jak wyglądają ścieżki do krzaków w polu lokalizacja :(

    zaraz zrobię co mówisz wyżej i zobaczymy
  • 18.02.06, 01:26
    Logfile of HijackThis v1.99.1
    Scan saved at 01:21:49, on 2006-02-18
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\PROGRAMY\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    D:\PROGRAMY\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    forum.gazeta.pl/forum/71,1.html?f=297
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = localhost:4001
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    F2 - REG:system.ini: Shell=explorer.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
    A37C9A5676A7} - C:\Program Files\Common Files\Symantec
    Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [StartupMonitor] C:\WINDOWS\StartupMonitor.exe
    O4 - HKLM\..\Run: [gcasServ] "D:\PROGRAMY\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Add to &Teleport - E:\PROGRA~1\TELEPO~1
    \teleport.htm
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
    res://C:\PROGRA~1\MICROS~2\Office\1045\phdintl.dll/phdContext.htm
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: arcaonline.arcabit.com
    O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
    arcaonline.arcabit.com/ArcaOnline.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122156215026
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129572208870
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
    www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4692/mcfscan.cab
    O18 - Filter hijack: text/xml - (no CLSID) - (no file)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
    \Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton
    Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
    Corporation - C:\Program Files\Norton Internet Security\Norton
    AntiVirus\navapsvc.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware -
    D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware -
    D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
    Software - C:\Program Files\Alcohol Soft\Alcohol 120
    \StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 18.02.06, 02:01
    Ten nowy screen niczym sie nie rozni od poprzedniego i nie widac na nim tego o
    co prosilem.

    W regedit przejdz do:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
    i usun tam: text/xml

    Wklej log z:
    www.silentrunners.org/Silent%20Runners.vbs
  • 18.02.06, 02:19
    ... zaraz będzie Silen runners.

    Na tym zrzucie JEST wszystko, o co prosiłeś - to dokładnie tak wygląda - przy
    krzakach jest na samym początku SOFTWARE... nie ma HKLM, czy innego klucza,
    takie to urwane właśnie jest.

    to co poprzednio nie chciało, juz wyleciało, wyleciał też ctfmon.exe z
    autostartu

    ============
    Logfile of HijackThis v1.99.1
    Scan saved at 02:13:59, on 2006-02-18
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\PROGRAMY\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
    D:\PROGRAMY\Hijack\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    forum.gazeta.pl/forum/71,1.html?f=297
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = localhost:4001
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    F2 - REG:system.ini: Shell=explorer.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
    A37C9A5676A7} - C:\Program Files\Common Files\Symantec
    Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [StartupMonitor] C:\WINDOWS\StartupMonitor.exe
    O4 - HKLM\..\Run: [gcasServ] "D:\PROGRAMY\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O8 - Extra context menu item: Add to &Teleport - E:\PROGRA~1\TELEPO~1
    \teleport.htm
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
    res://C:\PROGRA~1\MICROS~2\Office\1045\phdintl.dll/phdContext.htm
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: arcaonline.arcabit.com
    O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
    arcaonline.arcabit.com/ArcaOnline.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122156215026
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129572208870
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
    www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4692/mcfscan.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
    \Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton
    Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
    Corporation - C:\Program Files\Norton Internet Security\Norton
    AntiVirus\navapsvc.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware -
    D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware -
    D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
    Software - C:\Program Files\Alcohol Soft\Alcohol 120
    \StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


  • 18.02.06, 04:07
    Log z silent nie zmiescil sie w jednym poscie doklej reszte.

    > Na tym zrzucie JEST wszystko, o co prosiłeś - to dokładnie tak wygląda - przy
    > krzakach jest na samym początku SOFTWARE... nie ma HKLM, czy innego klucza,
    > takie to urwane właśnie jest.

    Kazdy wylaczony wpis tak wygalda dlatego pisalem w pierwszym poscie zebys
    wlaczyla w msconfig, nie zrobilas tego wiec masz...
    To samo tyczy sie kolumny lokalizacja ktora mialas rozciagnac zeby zobaczyc
    gdzie jest wpis, a nastepnie go usunac (oczywiscie po wlaczeniu) i nie wklejaj
    juz logow z hjt oraz screenow.
  • 18.02.06, 14:27
    Włączenie myszy i winampa dało to, co widać na zrzucie - są ptaszki i pełna
    ścieżka, przy krzaczkach nie ma - nie uruchomiły się, mimo że ptaszki im też
    dałam.

    Lokalizacja na zrzucie nie jest rozciągnięta, fakt, ale istotne wydawało mi się
    jak wygląda początek. Przy myszy, winampie jest pełna ścieżka i już je
    powyłączałam, przy krzaczkach nie ma z frontu nazwy klucza i "połowy" ścieżki,
    lokalizacja zaczyna się od SOFTWARE i nic na to nie poradzę:-) Po \Current
    Version\ jest tylko Windows - czyli końcówka, to ...\Current Version\Windows
    (nie wklejam następnego zrzuta, jak prosiłeś)

    Zeżarło mi kawałek loga z Silent Runnera - przepraszam... może złapie końcówkę
    teraz:
    ===============

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
    Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" [from
    CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
    Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
    Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
    Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
    Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    Explorer Bars

    Dormant Explorer Bars in "View, Explorer Bar" menu

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Badanie"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI
    Technologies Inc."]
    ISSvc, ISSVC, ""C:\Program Files\Norton Internet Security\ISSVC.exe""
    ["Symantec Corporation"]
    Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft
    Shared\VS7DEBUG\MDM.EXE"" [MS]
    Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton
    Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
    StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol
    120\StarWind\StarWindService.exe" ["Rocket Division Software"]
    Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec
    Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
    Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec
    Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
    Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common
    Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
    Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec
    Shared\ccProxy.exe"" ["Symantec Corporation"]
    Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec
    Shared\ccSetMgr.exe"" ["Symantec Corporation"]
    Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec
    Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    EPSON Stylus D68 Series 2KMonitor5E\Driver = "E_FLMAAE.DLL" ["SEIKO EPSON
    CORPORATION"]
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
    PDF995 Monitor\Driver = "pdf995mon.dll" [null data]


    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 127 seconds.
    + The search for all Registry CLSIDs containing dormant Explorer Bars
    took 74 seconds.
    ---------- (total run time: 336 seconds)
  • 18.02.06, 15:15
    No nic, napisze Ci jeszcze raz...
    Wylaczone wpisy nie maja na poczatku HKLM itp tylko wygladaja tak jak u Ciebie:
    tydzien.strefa.pl/zrzut.jpg ,a po wlaczeniu pojawia sie odpowiedni wpis:
    tydzien.strefa.pl/zrzut2.jpg Widac do doskonale na Twoich screenach.

    Wylaczone klucze powinny byc tutaj:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
    Poszukaj tam swojego z krzakami i usun o ile tam jest.
  • 18.02.06, 17:03
    ... już zrozumiałam, dzięki :-)

    Znalazłam krzaki w rejestrze...

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load
    i w prawym oknie są wtedy wpisy:
    - Nawa (Domyślna) Typ REG_SZ Dane (wartość nieustalona)
    - command - krzaki
    - hkey - HKCU
    - inimaping 1
    - item - krzaki
    - key - ściżka od SOFTWARE (jak na zrzucie)

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run
    - wpisy po prawej wyglądają w nim tak samo, jak te wyżej.

    Pytanie - wywalić cały klucz razem z wpisami (folderki Load i Run), czy tylko
    to co z prawej, pozostawiając pierwszy wpis (Domyślna... itd)
    Ścieżkę do HK_Current_User sprawdziłam - tam nie mam ani Load, ani Run, ani
    krzaków

    Przy okazji (jeśli można) znalazłam tam jeszcze jakieś nazwy kluczy (w lewym
    oknie), które mi się specjalnie nie podobają, ale może przesadzam :

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ap9h4qmo
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gqegsyc
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SharedTools\MSConfig\startupreg\Hot_Tarts_
    pl

    wygląda mi to na jakieś śmieci... coś wywalić, czy zostawić w spokoju?


  • 18.02.06, 02:28
    "Silent Runners.vbs", revision 43, www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec
    Corporation"]
    "StartupMonitor" = "C:\WINDOWS\StartupMonitor.exe" [null data]
    "gcasServ" = ""D:\PROGRAMY\Microsoft AntiSpyware\gcasServ.exe"" [MS]
    "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe""
    ["Symantec Corporation"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\Spybot - Search &
    Destroy\SDHelper.dll" ["Safer Networking Limited"]
    {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
    Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
    {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
    Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
    wyświetlania"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
    ["Hilgraeve, Inc."]
    "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1045
    \UNBIND.DLL" [MS]
    "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1
    \AXShlEx.dll" ["Alcohol Soft Development Team"]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft
    Office\OFFICE11\msohev.dll" [MS]
    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}" = "Trend Micro Anti-Spyware Shell
    Extension"
    -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\sshook.dll" ["Trend Micro
    Incorporated"]
    "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a˛ Context Menu Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\a-squared\a2contmenu.dll"
    [null data]
    "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\TROJAN~1.2\contmenu.dll"
    [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft
    AntiSpyware Service Hook"
    -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\Microsoft
    AntiSpyware\shellextension.dll" [MS]
    INFECTION WARNING! "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}" = "Trend Micro Anti-
    Spyware Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\sshook.dll" ["Trend Micro
    Incorporated"]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    "AppInit_DLLs" = (value not set)

    HKLM\Software\Classes\PROTOCOLS\Filter\
    INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common
    Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-
    CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
    Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
    -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\TROJAN~1.2\contmenu.dll"
    [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
    -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\TROJAN~1.2\contmenu.dll"
    [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
    -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\a-squared\a2contmenu.dll"
    [null data]
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-
    CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
    Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
    -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\TROJAN~1.2\contmenu.dll"
    [null data]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\BC2\Ustawienia lokalne\Dane
    aplikacji\Microsoft\Wallpaper1.bmp"


    Enabled Scheduled Tasks:
    ------------------------

    "Norton AntiVirus - Scan my computer - BC" -> launches: "C:\PROGRA~1\NORTON~1
    \NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Dane
    aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
    "Symantec NetDetect" -> launches: "C:\Program
    Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5
    \Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9
    \Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    C:\Program Files\NetLimiter\nl_lsp.dll [null data], 01 - 05, 17
    %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16
    %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
    Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" [from
    CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
    Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
    Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
    Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
    -> {CLSID}\In
  • 18.02.06, 07:14
    F2 - REG:system.ini: Shell=explorer.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

    A to nie do usuniecia?
    --
    "Jak wyspana to nieszczęśliwa,Jak szczęśliwa to niewyspana...
    To jest życie erotomanki,To jest życie erotomana..."
  • 18.02.06, 09:55
    > O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\

    To wydaje mi się dziwne.
    --
    Konfucjusz mówi: Obraz nie Windows, sam się nie zawiesi.
  • 18.02.06, 13:08
    Krzaczki dalej są w uruchamianiu - chyba nie brużdżą, bo nawet nie załapały,
    kiedy je odhaczyłam, zeby się uruchamiały, ale mnie denerwują, ze siedzą i nie
    wiem, co to za śmieć...

    Czy te rzeczy, o których mówicie wyżej, to sa do wywalenia, jak leci, czy
    poczekać jeszcze na jakiś zbiorczy werdykt?

    Dzięki za pomoc
  • Gość: mmx IP: *.neoplus.adsl.tpnet.pl 18.02.06, 14:13
    > Czy te rzeczy, o których mówicie wyżej, to sa do wywalenia, jak leci, czy
    > poczekać jeszcze na jakiś zbiorczy werdykt?

    Absolutnie ich nie wywalaj!
  • 18.02.06, 16:34
    ... mogę jeszcze raz :-)
  • 18.02.06, 16:47
    Zrob to co napisalem wczesniej, bo cos mi sie zdaje, ze Ci umknela moja
    odpowiedz ;-)
  • 18.02.06, 17:04
    Odpowiedziałam właśnie pracowicie i wyczerpująco, zerknij :-)
  • 18.02.06, 18:38
    Usun:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ap9h4qmo
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gqegsyc
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared
    Tools\MSConfig\startupreg\Hot_Tarts_
    pl

    Czyli cale run, load, apcostam itd :>
  • 18.02.06, 18:41
  • 18.02.06, 19:07
    Juz napisalem, ze cale run, load itd wiec o co pytasz? :>
    Klikasz na run i usun :>
  • 18.02.06, 19:14
    ... co bywa wkurzające ;-)

    Dziękuję, już po wszystkim
  • 18.02.06, 18:59
    Z tym innym drobiazgiem zgłoszę się kiedy indziej :-)

Popularne wątki

Nie pamiętasz hasła lub ?

Zapamiętaj mnie

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka
Agora S.A. - wydawca portalu Gazeta.pl nie ponosi odpowiedzialności za treść wypowiedzi zamieszczanych przez użytkowników Forum. Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin.