Użytkownik "Piotr Palusiński" <perfekt_xl@invalid.wp.pl> napisał w
wiadomości news:dirpq9$s7f$1@nemesis.news.tpi.pl...
> Wybitnie uzdolniony(a) maranta1 <maranta1@o2.pl> napisał(a) w wiadomości
> news:dirgd7$4oq$1@nemesis.news.tpi.pl..., że:
> [...]
>>>> Np. pokazujące się na starcie Windowsa tajemnicze okno bez zawartości,
>>>> gdzie muszę kliknąć ok.
>>>
>>> Usnun z rejestru zapis:
>>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon
>>> "LegalNoticeCaption"= xxxxxxxxxxxxx <-- usun to
>>> "LegalNoticeText"= xxxxxxxxxxxxxx <-- usun to
>>
>> Nie mam w rejestrze w Windows\CurrentVersion czegoś takiego jak Winlogon,
>> jest to w WindowsNT, ale z kolei nie ma tu tych wpisów:
>> "LegalNoticeCaption" i "LegalNoticeText"
>> Zrobiłam fotki (jakość tragiczna) tego okienka-
>> http://maranta.livenet.pl/zrzuty.htm
>
> No fakt, moj blad, Winlogon jest w WindowsNT.
> Szukaj w takim razie w innych miejscach, az intruza wyprosisz z dysku.
>
> HKCU\Software\Microsoft\Command Processor\AutoRun
> HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
> HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
> HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
> HKCU\Software\Policies\Microsoft\Windows\System\Scripts
> HKLM\Software\Classes\batfile\shell\open\command\
> HKLM\Software\Classes\comfile\shell\open\command\
> HKLM\Software\Classes\exefile\shell\open\command\
> HKLM\Software\Classes\htafile\shell\open\command\
> HKLM\Software\Classes\piffile\shell\open\command\
> HKLM\Software\Microsoft\Active Setup\Installed Components\
> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser
> Helper Objects\
> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskSchedu
> ler\
> HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
> HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
> HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\
> HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\l
> HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLo
> ad\
> HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
> HKLM\Software\Policies\Microsoft\Windows\System\Scripts\
> %WINDIR%\Tasks
> HKLM\System\Services
> HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
> HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\load=
> HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\run=
> HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load=
> HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run=
> %Systemroot%\System.ini, wpisy SCRNSAVE.EXE= i drivers=
> jw, ale w kluczu HKLM\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\IniFileMapping\system.ini\boot
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\shell=
> HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\shell=
> %Systemdrive%\autoexec.bat
> Zaplanowane zadania.
> To by bylo tyle ? ;-)
No superrrr, próbowałam toto przeglądać po kolei, ale już tak dalece
masochistycznych skłonności nie mam :P
Skorzystałam z tego co proponujesz poniżej...
>
> Lub Uruchom malenki programik StartUpList
> http://www.lurkhere.com/~nicefiles/ , a zobaczysz co sie przyczepilo.
Uruchomiłam, jest kilka rzeczy, które budzą moje podejrzenie, ale pewności
nie mam.
Wkleję tu to wszystko, jeśli w wolniejszej chwili mógłbyś rzucić okiem
znawcy, to będę szczęśliwa :)
Z góry dzięki za pomoc.
-------------------------------------
-------------------------------------
StartupList report, 2005-10-16, 14:32:56
StartupList version: 1.52
Started from : H:\Documents and Settings\***\Pulpit\StartupList.EXE
Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
H:\WINDOWS\system32\spoolsv.exe
K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
K:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\crypserv.exe
K:\Program Files\Executive Software\Diskeeper\DkService.exe
H:\WINDOWS\system32\sesinetd.exe
H:\WINDOWS\system32\hserver.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
K:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\common files\Ulead Systems\DVD\ULCDRSvr.exe
K:\Program Files\UPSMON\UPSMON_Service.Exe
H:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
K:\Program Files\WebDrive\wdservice.exe
H:\WINDOWS\system32\Ati2evxx.exe
K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\WINDOWS\Explorer.EXE
K:\Program Files\Alwil Software\Avast4\ashWebSv.exe
K:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
K:\Program Files\DU Meter\DUMeter.exe
K:\Program Files\Creative\Shared Files\CamTray.exe
K:\Program Files\WinFast\WFTVFM\WFWIZ.exe
H:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
K:\Program Files\Analog Devices\SoundMAX\Smax4.exe
K:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
K:\Program Files\Restore Desktop\RestoreDesktop.exe
H:\WINDOWS\system32\ctfmon.exe
K:\Program Files\MSN Messenger\msnmsgr.exe
K:\Program Files\Komunikatory\Tlen\Tlen.exe
K:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
K:\Program Files\GetRight\getright.exe
K:\Program Files\PopTray\PopTray.exe
K:\Program Files\Wirtualna Polska\System syntezy mowy\rozmowy.exe
K:\Program Files\Wirtualna Polska\System syntezy mowy\synteza_DDE_klient.exe
K:\Program Files\DTemp\DTemp.exe
K:\Program Files\A4Tech\Mouse\Amoumain.exe
K:\Program Files\Alwil Software\Avast4\ashDisp.exe
K:\Program Files\cFos\cfosdnt.exe
H:\Program Files\Gadu-Gadu\gg.exe
K:\Program Files\Komunikatory\Skype\Skype.exe
K:\Program Files\Outlook Express\msimn.exe
K:\Program Files\Maxthon\Maxthon.exe
H:\Documents and Settings\***\Pulpit\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[H:\Documents and Settings\***\Menu Start\Programy\Autostart]
PopTray.lnk = K:\Program Files\PopTray\PopTray.exe
Rozmowa.lnk = H:\Program Files\Wirtualna Polska\System syntezy
mowy\rozmowy.exe
cFos Connect! to Neostrada Plus.lnk =
F:\Instalacje\Downloads\cFos\cFosConnect.exe
DTemp.exe.lnk = K:\Program Files\DTemp\DTemp.exe
Amoumain.lnk = K:\Program Files\A4Tech\Mouse\Amoumain.exe
ashDisp.lnk = K:\Program Files\Alwil Software\Avast4\ashDisp.exe
PowerGG.lnk = H:\Program Files\Gadu-Gadu\PowerGG.exe
cfosdnt.lnk = K:\Program Files\cFos\cfosdnt.exe
Shell folders Common Startup:
[H:\Documents and Settings\All Users\Menu
Start\Programy\Autostart]
DSLMON.lnk = K:\Program Files\SAGEM\SAGEM F@st
800-840\DSLMON.exe
GetRight - Tray Icon.lnk = K:\Program
Files\GetRight\getright.exe
Adobe Acrobat Speed Launcher.lnk = ?
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = H:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AWMON = "K:\Program Files\Lavasoft\Ad-Aware SE
Professional\Ad-Watch.exe"
DU Meter = K:\Program Files\DU Meter\DUMeter.exe
Creative WebCam Tray = K:\Program Files\Creative\Shared
Files\CamTray.exe
WinFast Schedule = K:\Program Files\WinFast\WFTVFM\WFWIZ.exe
MMTray = H:\Program Files\Musicmatch\Musicmatch
Jukebox\mm_tray.exe
SoundMax = "K:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
/tray
SoundMAXPnP = K:\Program Files\Analog
Devices\SoundMAX\SMax4PNP.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
RestoreDesktop = K:\Program Files\Restore
Desktop\RestoreDesktop.exe
ctfmon.exe = H:\WINDOWS\system32\ctfmon.exe
msnmsgr = "K:\Program Files\MSN Messenger\msnmsgr.exe"
/background
Komunikator = K:\Program Files\Komunikatory\Tlen\Tlen.exe
wpkontakt = K:\Program Files\Komunikatory\Kontakt\wpkontakt.exe
-autostart
--------------------------------------------------
Load/Run keys from H:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry
value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value
not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not
found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not
found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry
value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value
not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not
found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not
found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value
not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value
not found*
HKLM\..\Windows NT\CurrentVersion\Windows:
AppInit_DLLs=MsgPlusLoader.dll
--------------------------------------------------
Shell & screensaver key from H:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - K:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll -
{00C6482D-C502-44C8-8409-FCE54AD9C208}
(no name) - H:\Program
Files\Yahoo!\Companion\Installs\cpn1\yt.dll -
{02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - K:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - K:\Program Files\GetRight\xx2gr.dll -
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}
(no name) - K:\Program Files\E-Book Systems\FlipAlbum 6
Pro\FpLaunch.dll - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}
(no name) - K:\PROGRA~1\SPYBOT~1\SDHelper.dll -
{53707962-6F74-2D53-2644-206D7942484F}
(no name) - H:\Program Files\Yahoo!\Common\yiesrvc.dll -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - H:\Program Files\Yahoo!\Common\YIeTagBm.dll -
{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
(no name) - K:\Program Files\FlashCapture\fcbho.dll -
{8B3868B4-EBA8-48FA-A19B-E1DFB99066FA}
(no name) - K:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll -
{AE7CD045-E861-484f-8273-0445EE161910}
(no name) - K:\PROGRA~1\FlashFXP\IEFlash.dll -
{E5A1691B-D188-4419-AD02-90002030B8EE}
--------------------------------------------------
Enumerating Task Scheduler jobs:
A44C67099180185D.job
--------------------------------------------------
Enumerating Download Program Files:
[Symantec AntiVirus scanner]
InProcServer32 = H:\WINDOWS\Downloaded Program
Files\avsniff.dll
CODEBASE =
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff
.cab
[YInstStarter Class]
InProcServer32 = H:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = H:\Program Files\Yahoo!\Common\yinsthelper.dll
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE =
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20
-9F5F-94901338C922/wmv9VCM.CAB
[Office Update Installation Engine]
InProcServer32 = H:\WINDOWS\opuc.dll
CODEBASE =
http://office.microsoft.com/officeupdate/content/opuc2.cab
[WUWebControl Class]
InProcServer32 = H:\WINDOWS\system32\wuweb.dll
CODEBASE =
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/
client/wuweb_site.cab?1119729844709
[AvxScanOnline Control]
InProcServer32 = H:\WINDOWS\AvxOScan\BITDEF~1.OCX
CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab
[ParallelGraphics Cortona Control]
InProcServer32 = H:\WINDOWS\Downloaded Program
Files\cortona_control.dll
CODEBASE = http://www.parallelgraphics.com/bin/cortvrml.cab
[Web Camera Server Control]
InProcServer32 = H:\WINDOWS\DOWNLO~1\webeye.ocx
CODEBASE = http://80.55.74.74/csi_netcam.cab
[YAddBook Class]
InProcServer32 = H:\PROGRA~1\Yahoo!\Common\yaddbook.dll
CODEBASE =
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yau
tocomplete.cab
[Shockwave Flash Object]
InProcServer32 = H:\WINDOWS\system32\Macromed\Flash\FLASH.OCX
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash
.cab
[{D27CDB6E-AE6D-11CF-96B8-444553545000}]
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash
.cab
[IPSUploader Control]
InProcServer32 = H:\WINDOWS\Downloaded Program
Files\IPSUploader.ocx
CODEBASE =
http://asp01.photoprintit.de/microsite/defaults/activex/IPSUplo
ader.cab
[PopCapLoader Object]
InProcServer32 = H:\WINDOWS\Downloaded Program
Files\popcaploader.dll
CODEBASE = http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
[MainControl Class]
InProcServer32 = H:\WINDOWS\system32\SkanerOnline.dll
CODEBASE = http://skaner.mks.com.pl/SkanerOnline.cab
--------------------------------------------------
End of report, 11 795 bytes
Report generated in 0,938 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running
on WinNT
/forcent - to include WinNT-only startups even if running
on Win9x
/forceall - to include all Win9x and WinNT startups,
regardless of platform
/history - to list version history only
-- Pozdrawiam, Ania http://maranta.livenet.pl/ http://www.maranta.neostrada.pl/ Dobry i tani hosting: http://livenet.pl/index.htmReceived on Sun Oct 16 15:10:13 2005
To archiwum zostało wygenerowane przez hypermail 2.1.8 : Sun 16 Oct 2005 - 15:42:03 MET DST