Problemy z otwieraniem np. rejestru

IP: *.man.bydgoszcz.pl 19.10.04, 12:43
Problem polega na tym, że nie mogę otworzyć np. rejestru, ustawień we
łaściwościach ekranu itp.
Wygłąda to następująco: po próbie otwarcia na chwilkę się otwiera i zaraz
zamyka.
Sprawdzałem system Ad-awarem ale nic to nie dało,
Do autostartu teżnic sie nie podczepiuo co można znaleść.
Prosze o jakieś wskazówki i pomoc.
Z góry dziękuję!!!
Pozdrawiam!!!
    • netsec Re: Problemy z otwieraniem np. rejestru 19.10.04, 13:06
      Wklej log z HiJackThis
      • Gość: Dobromir... Re: Problemy z otwieraniem np. rejestru IP: *.man.bydgoszcz.pl 19.10.04, 19:08
        StartupList report, 2004-10-19, 18:20:28
        StartupList version: 1.52
        Started from : C:\Documents and Settings\All Users\Dokumenty\StartupList.EXE
        Detected: Windows XP (WinNT 5.01.2600)
        Detected: Internet Explorer v6.00 (6.00.2600.0000)
        * Using default options
        ==================================================

        Running processes:

        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\sysstat32.exe
        C:\WINDOWS\system32\GStartUp.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\vssvc.exe
        C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Documents and Settings\All Users\Dokumenty\StartupList.exe

        --------------------------------------------------
        • Gość: kalinowski11 cały :) IP: *.chello.pl 19.10.04, 19:09
          • Gość: Dobromir... Re: cały :) IP: *.man.bydgoszcz.pl 19.10.04, 19:30
            StartupList report, 2004-10-19, 18:20:28
            StartupList version: 1.52
            Started from : C:\Documents and Settings\All Users\Dokumenty\StartupList.EXE
            Detected: Windows XP (WinNT 5.01.2600)
            Detected: Internet Explorer v6.00 (6.00.2600.0000)
            * Using default options
            ==================================================

            Running processes:

            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\sysstat32.exe
            C:\WINDOWS\system32\GStartUp.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\WINDOWS\System32\vssvc.exe
            C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
            C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\WINDOWS\System32\ctfmon.exe
            C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Documents and Settings\All Users\Dokumenty\StartupList.exe

            --------------------------------------------------

            Listing of startup folders:

            Shell folders Common Startup:
            [C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
            Reset.lnk = C:\WINDOWS\repair\reset.bat

            --------------------------------------------------

            Checking Windows NT UserInit:

            [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
            UserInit = C:\WINDOWS\system32\userinit.exe,

            --------------------------------------------------

            Autorun entries from Registry:
            HKLM\Software\Microsoft\Windows\CurrentVersion\Run

            ashMaiSv = C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
            avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            Ad-aware = "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
            Hidder = "C:\program files\g data software\sekretnik 2004\Hidder.exe" /start
            I/O Controllers = svcnet.exe
            SystemScan = sysstat32.exe -services
            TV Media = C:\Program Files\TV Media\Tvm.exe

            --------------------------------------------------

            Autorun entries from Registry:
            HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

            SystemScan = sysstat32.exe -services

            --------------------------------------------------

            Autorun entries from Registry:
            HKCU\Software\Microsoft\Windows\CurrentVersion\Run

            CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
            PopUpStopperFreeEdition = "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
            SystemScan = sysstat32.exe -drivers
            Gadu-Gadu = "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            I/O Controllers = svcnet.exe
            TV Media = C:\Program Files\TV Media\Tvm.exe

            --------------------------------------------------

            Load/Run keys from C:\WINDOWS\WIN.INI:

            load=*INI section not found*
            run=*INI section not found*

            Load/Run keys from Registry:

            HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
            HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
            HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
            HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
            HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
            HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
            HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
            HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
            HKCU\..\Windows NT\CurrentVersion\Windows: load=
            HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
            HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
            HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
            HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=NVDESK32.DLL

            --------------------------------------------------

            Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

            Shell=*INI section not found*
            SCRNSAVE.EXE=*INI section not found*
            drivers=*INI section not found*

            Shell & screensaver key from Registry:

            Shell=Explorer.exe,sysstat32.exe -shell
            SCRNSAVE.EXE=C:\WINDOWS\System32\ssstars.scr
            drivers=*Registry value not found*

            Policies Shell key:

            HKCU\..\Policies: Shell=*Registry value not found*
            HKLM\..\Policies: Shell=*Registry value not found*

            --------------------------------------------------


            Enumerating Browser Helper Objects:

            (no name) - C:\WINDOWS\Helper100.dll - {017C20C1-F86F-11D8-9B25-000ACD002AE3}
            myBar BHO - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) -
            {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
            (no name) - C:\Program Files\Adobe\Acrobat 5.0
            CE\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
            (no name) - C:\WINDOWS\System32\bjqlb.dll - {8BD0E177-D4F1-4160-A903-
            56E802C3C889}
            Hotbar - C:\Program Files\Hotbar\bin\4.4.6.0\HbHostIE.dll - {B195B3B3-8A05-11D3-
            97A4-0004ACA6948E}
            (no name) - (no file) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13}

            --------------------------------------------------

            Enumerating Download Program Files:

            [{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}]
            CODEBASE = dload.ipbill.com/del/loader.cab

            [Shockwave Flash Object]
            InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
            CODEBASE = download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

            --------------------------------------------------

            Enumerating Windows NT logon/logoff scripts:
            *No scripts set to run*

            Windows NT checkdisk command:
            BootExecute = autocheck autochk *

            Windows NT 'Wininit.ini':
            PendingFileRenameOperations: C:\DOCUME~1\Marian\USTAWI~1\Temp\INU1.tmp =>
            C:\WINDOWS\system32\config\security||p

            --------------------------------------------------

            Enumerating ShellServiceObjectDelayLoad items:

            PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
            CDBurn: C:\WINDOWS\system32\SHELL32.dll
            WebCheck: C:\WINDOWS\System32\webcheck.dll
            SysTray: C:\WINDOWS\System32\stobject.dll

            --------------------------------------------------
            End of report, 6 834 bytes
            Report generated in 0,271 seconds

            Command line options:
            /verbose - to add additional info on each section
            /complete - to include empty sections and unsuspicious data
            /full - to include several rarely-important sections
            /force9x - to include Win9x-only startups even if running on WinNT
            /forcent - to include WinNT-only startups even if running on Win9x
            /forceall - to include all Win9x and WinNT startups, regardless of platform
            /history - to list version history only
            • netsec Re: cały :) 19.10.04, 20:11
              Doskonale, startuplist przyda się, ale chodziło o log z HiJackThis.
              Łatwiej będzie wytłumaczyć ;)
              • Gość: Dominik... Re: cały :) IP: *.man.bydgoszcz.pl 20.10.04, 10:42
                NIestety nie mogę tego zrobić gdyżzaraz po otwarciu okno zamyka się i nie jest
                możliwe zaobserwowanie czegokolwiek.
                • netsec Re: cały :) 20.10.04, 11:19
                  a w trybie awaryjnym?
                  • Gość: Dobromir... Re: cały :) IP: *.man.bydgoszcz.pl 20.10.04, 13:31
                    Również w trybie awaryjnym nic nie można zrobić.

                    Nie można sie dostać do wiekrzości narzędzi administratora i np. do menadżera
                    urządzeń itp.
                    • netsec Re: cały :) 20.10.04, 14:46
                      Znajdź plik reset.bat i zmień nazwę na reset.old
                      Zanjdź pliki svcnet.exe i sysstat32.exe i zmień nazwy.
Pełna wersja