Dodaj do ulubionych

Dziwne rzeczy w autostarcie (msconfig)...

17.02.06, 22:58
tydzien.strefa.pl/zrzut.jpg
Na obrazku dokładnie widać o co mi chodzi...
Mam 4 sztuki programów (?), którym zabroniłam uruchamiać się przy starcie.
Nazwy elementu startowego i polecenia przy dwóch mają postać "krzaków", a
wszystkie cztery uciętą nazwę klucza w lokalizacji.
Jak się tego pozbyć i gdzie szukać?
W rejestrze nie mogę np znaleźć "winampa.exe" - ani w postaci nazwy pliku,
ani podając całą ścieżkę, myszy nie próbowałam, a krzaki w ogóle bezimienne
są.
CO schrzaniłam i jak się tego pozbyć z msconfiga?
Dodam, że FastDefrag "nie widzi" tych 4 sztuk w autostarcie, tak samo nie
widzi ich jv16PowerTools... Ki diabeł ?

Wszelkie skanery pokazują, że komputer jest czysty, w logu hijackowym nic nie
widzę, Silent Runners nie alarmuje, porty mam pozamykane za pomocą wwdc, nic
wielkiego się nie dzieje, tylko mnie ten śmietnik drzaźni...

System - Win XP Profesional, jakby się kto pytał.

ps
Mam jeszcze inny drobny problem, ale o tym potem może... najpierw bym to, co
wyżej chciała zgłębić przy Waszej pomocy...
Obserwuj wątek
    • beata_ Log i nowy zrzut... 18.02.06, 00:02
      Logfile of HijackThis v1.99.1
      Scan saved at 00:00:45, on 2006-02-18
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton Internet Security\ISSVC.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\StartupMonitor.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Browser MOUSE\mouse32a.exe
      C:\WINDOWS\system32\ctfmon.exe
      D:\PROGRAMY\Microsoft AntiSpyware\gcasDtServ.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
      D:\PROGRAMY\Miranda IM\miranda32.exe
      D:\PROGRAMY\Hijack\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      forum.gazeta.pl/forum/71,1.html?f=297
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
      Settings,ProxyServer = localhost:4001
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F2 - REG:system.ini: Shell=explorer.exe
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
      D:\PROGRAMY\Spybot - Search &

      Destroy\SDHelper.dll
      O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
      C:\Program Files\Common

      Files\Symantec Shared\AdBlocking\NISShExt.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
      Files\Norton Internet

      Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
      A37C9A5676A7} - C:\Program Files\Common

      Files\Symantec Shared\AdBlocking\NISShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
      C:\Program Files\Norton Internet

      Security\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
      O4 - HKLM\..\Run: [StartupMonitor] C:\WINDOWS\StartupMonitor.exe
      O4 - HKLM\..\Run: [gcasServ] "D:\PROGRAMY\Microsoft AntiSpyware\gcasServ.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
      Shared\ccApp.exe"
      O4 - HKLM\..\Run: [WinampAgent] "D:\PROGRAMY\Winamp\Winampa.exe"
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O8 - Extra context menu item: Add to &Teleport - E:\PROGRA~1\TELEPO~1
      \teleport.htm
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\OFFICE11

      \EXCEL.EXE/3000
      O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
      res://C:\PROGRA~1\MICROS~2

      \Office\1045\phdintl.dll/phdContext.htm
      O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
      O15 - Trusted Zone: arcaonline.arcabit.com
      O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -

      arcaonline.arcabit.com/ArcaOnline.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

      update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122156215026
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

      update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129572208870
      O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

      www3.ca.com/securityadvisor/virusinfo/webscan.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

      download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4692/mcfscan.cab
      O18 - Filter hijack: text/xml - (no CLSID) - (no file)
      O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
      \Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
      C:\Program Files\Common

      Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
      C:\Program Files\Common

      Files\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
      C:\Program Files\Common

      Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
      C:\Program Files\Common

      Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton
      Internet Security\ISSVC.exe
      O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
      Corporation - C:\Program Files\Norton

      Internet Security\Norton AntiVirus\navapsvc.exe
      O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware -
      D:\PROGRAMY\SiSoftware\SiSoftware Sandra

      Lite 2005.SR3\RpcDataSrv.exe
      O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware -
      D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite

      2005.SR3\RpcSandraSrv.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
      Internet Security\Norton

      AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
      C:\PROGRA~1\COMMON~1

      \SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
      Corporation - C:\Program Files\Common

      Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
      Files\Common

      Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
      Software - C:\Program Files\Alcohol

      Soft\Alcohol 120\StarWind\StarWindService.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
      Files\Common Files\Symantec

      Shared\CCPD-LC\symlcsvc.exe




      tydzien.strefa.pl/zrzut2.jpg
    • beata_ Porządny log... ten wyżej uciapało coś 18.02.06, 00:33
      Logfile of HijackThis v1.99.1
      Scan saved at 00:00:45, on 2006-02-18
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton Internet Security\ISSVC.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\StartupMonitor.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Browser MOUSE\mouse32a.exe
      C:\WINDOWS\system32\ctfmon.exe
      D:\PROGRAMY\Microsoft AntiSpyware\gcasDtServ.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
      D:\PROGRAMY\Miranda IM\miranda32.exe
      D:\PROGRAMY\Hijack\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      forum.gazeta.pl/forum/71,1.html?f=297
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
      Settings,ProxyServer = localhost:4001
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F2 - REG:system.ini: Shell=explorer.exe
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
      D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
      C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
      Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
      A37C9A5676A7} - C:\Program Files\Common Files\Symantec
      Shared\AdBlocking\NISShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
      C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
      O4 - HKLM\..\Run: [StartupMonitor] C:\WINDOWS\StartupMonitor.exe
      O4 - HKLM\..\Run: [gcasServ] "D:\PROGRAMY\Microsoft AntiSpyware\gcasServ.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
      Shared\ccApp.exe"
      O4 - HKLM\..\Run: [WinampAgent] "D:\PROGRAMY\Winamp\Winampa.exe"
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O8 - Extra context menu item: Add to &Teleport - E:\PROGRA~1\TELEPO~1
      \teleport.htm
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
      res://C:\PROGRA~1\MICROS~2\Office\1045\phdintl.dll/phdContext.htm
      O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
      O15 - Trusted Zone: arcaonline.arcabit.com
      O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
      arcaonline.arcabit.com/ArcaOnline.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
      update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122156215026
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
      update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129572208870
      O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
      www3.ca.com/securityadvisor/virusinfo/webscan.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
      download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4692/mcfscan.cab
      O18 - Filter hijack: text/xml - (no CLSID) - (no file)
      O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
      \Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
      C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
      C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton
      Internet Security\ISSVC.exe
      O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
      Corporation - C:\Program Files\Norton Internet Security\Norton
      AntiVirus\navapsvc.exe
      O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware -
      D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
      O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware -
      D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
      Internet Security\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
      C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
      Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
      Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
      Software - C:\Program Files\Alcohol Soft\Alcohol 120
      \StarWind\StarWindService.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
      Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

      • kolobos Re: Porządny log... ten wyżej uciapało coś 18.02.06, 00:58
        Winampagent wylacz w opcjach winampa lub w opcjach ikonki winamp agenta albo
        jak chcesz to usun wpis w hijackthis.
        mouse32a.exe wylacz w msonfig.

        Usun w hijackthis:
        O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
        O18 - Filter hijack: text/xml - (no CLSID) - (no file)

        Zobacz tez w msconfig gdzie dokladnie znajduja sie te wpisy z krzakami
        (rozciagnij pole "lokalizacja") nastepnie w regedit odszukaj te wpisy i napisz
        co tam masz.
        • beata_ Zrzut... 18.02.06, 01:07
          tydzien.strefa.pl/zrzut2.jpg
          na nim widać, jak wyglądają ścieżki do krzaków w polu lokalizacja :(

          zaraz zrobię co mówisz wyżej i zobaczymy
        • beata_ Nowy log - O18 - Filter hijack.. został mimo "fix" 18.02.06, 01:26
          Logfile of HijackThis v1.99.1
          Scan saved at 01:21:49, on 2006-02-18
          Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\SYSTEM32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\Program Files\Norton Internet Security\ISSVC.exe
          C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
          C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          C:\WINDOWS\StartupMonitor.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\WINDOWS\system32\ctfmon.exe
          D:\PROGRAMY\Microsoft AntiSpyware\gcasDtServ.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
          D:\PROGRAMY\Hijack\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          forum.gazeta.pl/forum/71,1.html?f=297
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
          Settings,ProxyServer = localhost:4001
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          F2 - REG:system.ini: Shell=explorer.exe
          F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
          D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
          C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
          Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
          A37C9A5676A7} - C:\Program Files\Common Files\Symantec
          Shared\AdBlocking\NISShExt.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
          C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
          O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
          O4 - HKLM\..\Run: [StartupMonitor] C:\WINDOWS\StartupMonitor.exe
          O4 - HKLM\..\Run: [gcasServ] "D:\PROGRAMY\Microsoft AntiSpyware\gcasServ.exe"
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
          Shared\ccApp.exe"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O8 - Extra context menu item: Add to &Teleport - E:\PROGRA~1\TELEPO~1
          \teleport.htm
          O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
          res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
          res://C:\PROGRA~1\MICROS~2\Office\1045\phdintl.dll/phdContext.htm
          O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
          O15 - Trusted Zone: arcaonline.arcabit.com
          O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
          arcaonline.arcabit.com/ArcaOnline.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
          update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122156215026
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
          update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129572208870
          O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
          www3.ca.com/securityadvisor/virusinfo/webscan.cab
          O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
          download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4692/mcfscan.cab
          O18 - Filter hijack: text/xml - (no CLSID) - (no file)
          O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
          \Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
          C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
          O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
          C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton
          Internet Security\ISSVC.exe
          O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
          Corporation - C:\Program Files\Norton Internet Security\Norton
          AntiVirus\navapsvc.exe
          O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware -
          D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
          O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware -
          D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
          O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
          Internet Security\Norton AntiVirus\SAVScan.exe
          O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
          C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
          Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
          O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
          Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
          Software - C:\Program Files\Alcohol Soft\Alcohol 120
          \StarWind\StarWindService.exe
          O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
          Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            • beata_ Jeszcze nowszy log... 18.02.06, 02:19
              ... zaraz będzie Silen runners.

              Na tym zrzucie JEST wszystko, o co prosiłeś - to dokładnie tak wygląda - przy
              krzakach jest na samym początku SOFTWARE... nie ma HKLM, czy innego klucza,
              takie to urwane właśnie jest.

              to co poprzednio nie chciało, juz wyleciało, wyleciał też ctfmon.exe z
              autostartu

              ============
              Logfile of HijackThis v1.99.1
              Scan saved at 02:13:59, on 2006-02-18
              Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\SYSTEM32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              C:\Program Files\Norton Internet Security\ISSVC.exe
              C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              C:\WINDOWS\explorer.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
              C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
              C:\WINDOWS\StartupMonitor.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              D:\PROGRAMY\Microsoft AntiSpyware\gcasDtServ.exe
              C:\Program Files\Outlook Express\msimn.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
              C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
              D:\PROGRAMY\Hijack\HijackThis.exe
              C:\Program Files\Internet Explorer\iexplore.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              forum.gazeta.pl/forum/71,1.html?f=297
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
              Settings,ProxyServer = localhost:4001
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              F2 - REG:system.ini: Shell=explorer.exe
              F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
              D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
              O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
              C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
              O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
              Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
              O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
              A37C9A5676A7} - C:\Program Files\Common Files\Symantec
              Shared\AdBlocking\NISShExt.dll
              O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
              C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
              O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
              O4 - HKLM\..\Run: [StartupMonitor] C:\WINDOWS\StartupMonitor.exe
              O4 - HKLM\..\Run: [gcasServ] "D:\PROGRAMY\Microsoft AntiSpyware\gcasServ.exe"
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
              Shared\ccApp.exe"
              O8 - Extra context menu item: Add to &Teleport - E:\PROGRA~1\TELEPO~1
              \teleport.htm
              O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
              res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
              res://C:\PROGRA~1\MICROS~2\Office\1045\phdintl.dll/phdContext.htm
              O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
              O15 - Trusted Zone: arcaonline.arcabit.com
              O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
              arcaonline.arcabit.com/ArcaOnline.cab
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
              update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122156215026
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
              update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129572208870
              O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
              www3.ca.com/securityadvisor/virusinfo/webscan.cab
              O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
              download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4692/mcfscan.cab
              O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
              \Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
              C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
              O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
              C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton
              Internet Security\ISSVC.exe
              O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
              Corporation - C:\Program Files\Norton Internet Security\Norton
              AntiVirus\navapsvc.exe
              O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware -
              D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
              O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware -
              D:\PROGRAMY\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
              O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
              Internet Security\Norton AntiVirus\SAVScan.exe
              O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
              C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
              O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
              Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
              Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
              O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
              Software - C:\Program Files\Alcohol Soft\Alcohol 120
              \StarWind\StarWindService.exe
              O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
              Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


              • kolobos Re: Jeszcze nowszy log... 18.02.06, 04:07
                Log z silent nie zmiescil sie w jednym poscie doklej reszte.

                > Na tym zrzucie JEST wszystko, o co prosiłeś - to dokładnie tak wygląda - przy
                > krzakach jest na samym początku SOFTWARE... nie ma HKLM, czy innego klucza,
                > takie to urwane właśnie jest.

                Kazdy wylaczony wpis tak wygalda dlatego pisalem w pierwszym poscie zebys
                wlaczyla w msconfig, nie zrobilas tego wiec masz...
                To samo tyczy sie kolumny lokalizacja ktora mialas rozciagnac zeby zobaczyc
                gdzie jest wpis, a nastepnie go usunac (oczywiscie po wlaczeniu) i nie wklejaj
                juz logow z hjt oraz screenow.
                • beata_ Zrobiłam niedokładnie może, sorry... 18.02.06, 14:27
                  Włączenie myszy i winampa dało to, co widać na zrzucie - są ptaszki i pełna
                  ścieżka, przy krzaczkach nie ma - nie uruchomiły się, mimo że ptaszki im też
                  dałam.

                  Lokalizacja na zrzucie nie jest rozciągnięta, fakt, ale istotne wydawało mi się
                  jak wygląda początek. Przy myszy, winampie jest pełna ścieżka i już je
                  powyłączałam, przy krzaczkach nie ma z frontu nazwy klucza i "połowy" ścieżki,
                  lokalizacja zaczyna się od SOFTWARE i nic na to nie poradzę:-) Po \Current
                  Version\ jest tylko Windows - czyli końcówka, to ...\Current Version\Windows
                  (nie wklejam następnego zrzuta, jak prosiłeś)

                  Zeżarło mi kawałek loga z Silent Runnera - przepraszam... może złapie końcówkę
                  teraz:
                  ===============

                  Toolbars, Explorer Bars, Extensions:
                  ------------------------------------

                  Toolbars

                  HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
                  "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
                  Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

                  HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
                  "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" [from
                  CLSID]
                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
                  Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

                  "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
                  Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

                  HKLM\Software\Microsoft\Internet Explorer\Toolbar\
                  "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
                  Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

                  "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
                  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
                  Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

                  Explorer Bars

                  Dormant Explorer Bars in "View, Explorer Bar" menu

                  HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Badanie"
                  Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
                  InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]


                  Running Services (Display Name, Service Name, Path {Service DLL}):
                  ------------------------------------------------------------------

                  Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI
                  Technologies Inc."]
                  ISSvc, ISSVC, ""C:\Program Files\Norton Internet Security\ISSVC.exe""
                  ["Symantec Corporation"]
                  Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft
                  Shared\VS7DEBUG\MDM.EXE"" [MS]
                  Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton
                  Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
                  StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol
                  120\StarWind\StarWindService.exe" ["Rocket Division Software"]
                  Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec
                  Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
                  Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec
                  Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
                  Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common
                  Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
                  Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec
                  Shared\ccProxy.exe"" ["Symantec Corporation"]
                  Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec
                  Shared\ccSetMgr.exe"" ["Symantec Corporation"]
                  Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec
                  Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]


                  Print Monitors:
                  ---------------

                  HKLM\System\CurrentControlSet\Control\Print\Monitors\
                  EPSON Stylus D68 Series 2KMonitor5E\Driver = "E_FLMAAE.DLL" ["SEIKO EPSON
                  CORPORATION"]
                  Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
                  PDF995 Monitor\Driver = "pdf995mon.dll" [null data]


                  ----------
                  + This report excludes default entries except where indicated.
                  + To see *everywhere* the script checks and *everything* it finds,
                  launch it from a command prompt or a shortcut with the -all parameter.
                  + The search for DESKTOP.INI DLL launch points on all local fixed drives
                  took 127 seconds.
                  + The search for all Registry CLSIDs containing dormant Explorer Bars
                  took 74 seconds.
                  --------
                  • kolobos Re: Zrobiłam niedokładnie może, sorry... 18.02.06, 15:15
                    No nic, napisze Ci jeszcze raz...
                    Wylaczone wpisy nie maja na poczatku HKLM itp tylko wygladaja tak jak u Ciebie:
                    tydzien.strefa.pl/zrzut.jpg ,a po wlaczeniu pojawia sie odpowiedni wpis:
                    tydzien.strefa.pl/zrzut2.jpg Widac do doskonale na Twoich screenach.

                    Wylaczone klucze powinny byc tutaj:
                    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
                    Poszukaj tam swojego z krzakami i usun o ile tam jest.
                    • beata_ Z "urwanym" początkiem ścieżki... 18.02.06, 17:03
                      ... już zrozumiałam, dzięki :-)

                      Znalazłam krzaki w rejestrze...

                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load
                      i w prawym oknie są wtedy wpisy:
                      - Nawa (Domyślna) Typ REG_SZ Dane (wartość nieustalona)
                      - command - krzaki
                      - hkey - HKCU
                      - inimaping 1
                      - item - krzaki
                      - key - ściżka od SOFTWARE (jak na zrzucie)

                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run
                      - wpisy po prawej wyglądają w nim tak samo, jak te wyżej.

                      Pytanie - wywalić cały klucz razem z wpisami (folderki Load i Run), czy tylko
                      to co z prawej, pozostawiając pierwszy wpis (Domyślna... itd)
                      Ścieżkę do HK_Current_User sprawdziłam - tam nie mam ani Load, ani Run, ani
                      krzaków

                      Przy okazji (jeśli można) znalazłam tam jeszcze jakieś nazwy kluczy (w lewym
                      oknie), które mi się specjalnie nie podobają, ale może przesadzam :

                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ap9h4qmo
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gqegsyc
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SharedTools\MSConfig\startupreg\Hot_Tarts_
                      pl

                      wygląda mi to na jakieś śmieci... coś wywalić, czy zostawić w spokoju?


            • beata_ Log z Silent Runners 18.02.06, 02:28
              "Silent Runners.vbs", revision 43, www.silentrunners.org/
              Operating System: Windows XP SP2
              Output limited to non-default values, except where indicated by "{++}"


              Startup items buried in registry:
              ---------------------------------

              HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
              "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec
              Corporation"]
              "StartupMonitor" = "C:\WINDOWS\StartupMonitor.exe" [null data]
              "gcasServ" = ""D:\PROGRAMY\Microsoft AntiSpyware\gcasServ.exe"" [MS]
              "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe""
              ["Symantec Corporation"]

              HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
              {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
              -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\Spybot - Search &
              Destroy\SDHelper.dll" ["Safer Networking Limited"]
              {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
              Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
              {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
              Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

              HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
              "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
              wyświetlania"
              -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
              "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
              -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
              ["Hilgraeve, Inc."]
              "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
              -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1045
              \UNBIND.DLL" [MS]
              "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
              -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1
              \AXShlEx.dll" ["Alcohol Soft Development Team"]
              "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft
              Office\OFFICE11\msohev.dll" [MS]
              "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
              -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
              "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}" = "Trend Micro Anti-Spyware Shell
              Extension"
              -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\sshook.dll" ["Trend Micro
              Incorporated"]
              "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a˛ Context Menu Shell Extension"
              -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\a-squared\a2contmenu.dll"
              [null data]
              "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
              -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\TROJAN~1.2\contmenu.dll"
              [null data]

              HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
              INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft
              AntiSpyware Service Hook"
              -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\Microsoft
              AntiSpyware\shellextension.dll" [MS]
              INFECTION WARNING! "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}" = "Trend Micro Anti-
              Spyware Shell Extension"
              -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\sshook.dll" ["Trend Micro
              Incorporated"]

              HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
              "AppInit_DLLs" = (value not set)

              HKLM\Software\Classes\PROTOCOLS\Filter\
              INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common
              Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

              HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
              Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-
              CE1D4F6C35B2}"
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
              Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
              TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
              -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\TROJAN~1.2\contmenu.dll"
              [null data]

              HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
              TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
              -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\TROJAN~1.2\contmenu.dll"
              [null data]

              HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
              a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
              -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\a-squared\a2contmenu.dll"
              [null data]
              Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-
              CE1D4F6C35B2}"
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
              Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
              TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
              -> {CLSID}\InProcServer32\(Default) = "D:\PROGRAMY\TROJAN~1.2\contmenu.dll"
              [null data]


              Active Desktop and Wallpaper:
              -----------------------------

              Active Desktop is disabled at this entry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

              HKCU\Control Panel\Desktop\
              "Wallpaper" = "C:\Documents and Settings\BC2\Ustawienia lokalne\Dane
              aplikacji\Microsoft\Wallpaper1.bmp"


              Enabled Scheduled Tasks:
              ------------------------

              "Norton AntiVirus - Scan my computer - BC" -> launches: "C:\PROGRA~1\NORTON~1
              \NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Dane
              aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
              "Symantec NetDetect" -> launches: "C:\Program
              Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


              Winsock2 Service Provider DLLs:
              -------------------------------

              Namespace Service Providers

              HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5
              \Catalog_Entries\ {++}
              000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
              000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
              000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

              Transport Service Providers

              HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9
              \Catalog_Entries\ {++}
              0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
              C:\Program Files\NetLimiter\nl_lsp.dll [null data], 01 - 05, 17
              %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16
              %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


              Toolbars, Explorer Bars, Extensions:
              ------------------------------------

              Toolbars

              HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
              "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
              Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

              HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
              "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" [from
              CLSID]
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
              Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

              "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet
              Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

              HKLM\Software\Microsoft\Internet Explorer\Toolbar\
              "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
              Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

              "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
              -> {CLSID}\In

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka