Samoczynie otwierający się folder "Moje Dokumenty"
Witam. Po odpaleniu sprzetu, i załadowaniu się XP Prof., otwiera mi się ciągle samoczynnie folder Moje dokumenty. Niby to błahostka ale strasznie mnie to wkurza. Proszę tez o pomoc we wskazaniu "syfów" z zrzutu HiJackThis:
–––––––––––––––––––––––
Logfile of HijackThis v1.99.0
Scan saved at 08:37:19, on 15–09–2005
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Webroot\Accelerate\accelerate.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\START\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.1:8080;http=192.168.0.1:8080;https=192.168.0.1:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Cram Toolbar – {20929603–21DB–477C–BA6F–0B8E70B3C8A0} – blank (file missing)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {5BBF694C–BD48–1148–ED13–607865E97B65} – C:\DOCUME~1\START\DANEAP~1\AceHope\hold setup.exe
O2 – BHO: (no name) – {8C292414–6C89–D4F1–76BF–64023C3BCC4F} – blank (file missing)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 – BHO: XBTB00429 – {D9996763–7A30–4191–ABD6–B7632FE74B99} – blank (file missing)
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Cram Toolbar – {20929603–21DB–477C–BA6F–0B8E70B3C8A0} – blank (file missing)
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 – HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 – HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: RtlWake.lnk = ?
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{3B04EC18–75EB–48F5–A3A5–4DBF2D3649A1}: NameServer = 10.10.0.1
O17 – HKLM\System\CCS\Services\Tcpip\..\{F2151B3D–4C96–4ADC–9A0F–CEFC39FEECC3}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{3B04EC18–75EB–48F5–A3A5–4DBF2D3649A1}: NameServer = 10.10.0.1
O23 – Service: Norton AntiVirus Auto Protect Service – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 – Service: SoundMAX Agent Service – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
–––––––––––––––––––––––––––––––––––––––––––––––––
–––––––––––––––––––––––
Logfile of HijackThis v1.99.0
Scan saved at 08:37:19, on 15–09–2005
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Webroot\Accelerate\accelerate.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\START\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.1:8080;http=192.168.0.1:8080;https=192.168.0.1:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Cram Toolbar – {20929603–21DB–477C–BA6F–0B8E70B3C8A0} – blank (file missing)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {5BBF694C–BD48–1148–ED13–607865E97B65} – C:\DOCUME~1\START\DANEAP~1\AceHope\hold setup.exe
O2 – BHO: (no name) – {8C292414–6C89–D4F1–76BF–64023C3BCC4F} – blank (file missing)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 – BHO: XBTB00429 – {D9996763–7A30–4191–ABD6–B7632FE74B99} – blank (file missing)
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Cram Toolbar – {20929603–21DB–477C–BA6F–0B8E70B3C8A0} – blank (file missing)
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 – HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 – HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: RtlWake.lnk = ?
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{3B04EC18–75EB–48F5–A3A5–4DBF2D3649A1}: NameServer = 10.10.0.1
O17 – HKLM\System\CCS\Services\Tcpip\..\{F2151B3D–4C96–4ADC–9A0F–CEFC39FEECC3}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{3B04EC18–75EB–48F5–A3A5–4DBF2D3649A1}: NameServer = 10.10.0.1
O23 – Service: Norton AntiVirus Auto Protect Service – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 – Service: SoundMAX Agent Service – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
–––––––––––––––––––––––––––––––––––––––––––––––––
Odpowiedzi: 2
Było i to tyle razy , ze gadać szkoda.
Do tego co zostało juznapisne moźna didać jeszcze jedno.
Dodaj wartosć dword "DesktopProcess" równą 0 w kluczu:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
oraz "SeparateProcess" w kluczu:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
BTW, gregx zmniejsz avatara.
Do tego co zostało juznapisne moźna didać jeszcze jedno.
Dodaj wartosć dword "DesktopProcess" równą 0 w kluczu:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
oraz "SeparateProcess" w kluczu:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
BTW, gregx zmniejsz avatara.
Start programy i autostart tam szukaj skrót do folderu i go usuń :D
Strona 1 / 1