Otwarty folder moje dokumenty przy starcie WINXP

Oprogramowanie komputerowe Windows (ogólnie)
#1

Witajcie,

Przy każdym uruchomieniu WINXP otwiera mi się automatycznie okno exploratora z folderem Moje dokumenty tzn. system startuje z włączonym folderem Moje dokumenty? Czy jest jakiś sposób na wyłączenie tego? Nie mam pojęcia jak to się włączyło, ale wydaje mi się że w czasie restartowania komputera po pracy jakiegoś instalatora (był wtedy włączony ten folder). Jeśli ktoś wie i może napisać kilka zdań na ten temat to będę bardzo wdzięczny.

Pozdrowienia świąteczne

g84

#2

Najpierw zerknij czy po prostu skrót przez przypadek nie dodał się do autostartu

start- wszystkie programy- autostart

#3

Pobierz Combofix przeskanuj nim system daj log na forum

:slight_smile:

#4

Oto log:

Problem z otwierającym się folderem po skanowaniu ustąpił !!

Dziękuję !!

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.438 [GMT 1:00]

Running from: E:\Moje dokumenty\Download\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\hosts

.

((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))

.

2007-12-22 22:25 . 2007-12-22 22:25

2007-12-22 22:02 . 2007-12-22 22:02

2007-12-22 22:02 . 2007-12-22 22:18

2007-12-22 22:02 . 2006-11-01 15:26 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2007-12-22 21:59 . 2007-12-22 22:18

2007-12-22 19:45 . 2007-12-22 19:45

2007-12-22 19:45 . 2007-12-22 19:53

2007-12-22 17:39 . 2007-12-22 17:39

2007-12-22 17:05 . 2007-12-22 17:05

2007-12-22 17:05 . 2007-12-22 22:02

2007-12-19 23:00 . 2007-12-19 23:00

2007-12-17 21:25 . 2007-12-17 21:25

2007-12-17 21:25 . 2007-12-17 21:25

2007-12-17 21:23 . 2007-12-17 21:25

2007-12-17 21:22 . 2007-12-17 21:22

2007-12-17 21:22 . 2007-12-17 21:22

2007-12-17 21:22 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

2007-12-17 16:03 . 2007-12-23 11:22 32 --a------ C:\WINDOWS\system32\driver.dat

2007-12-16 15:34 . 2007-12-16 15:34

2007-12-16 15:31 . 2007-12-16 15:38

2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

2007-12-07 23:14 . 2007-12-07 23:18

2007-12-07 20:30 . 2002-11-26 16:48 2,679,296 --a------ C:\WINDOWS\ca_letto.scr

2007-12-06 22:03 . 2007-12-06 22:03

2007-12-06 22:03 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-12-06 22:03 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-12-06 22:03 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-06 22:03 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-06 22:03 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-06 22:03 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-06 22:03 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-05 17:25 . 2007-12-06 19:16 32,732 -r-hs---- C:\WINDOWS\system32\avpo0.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-23 11:33 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Azureus

2007-12-23 10:59 --------- d-----w C:\Program Files\Azureus

2007-12-23 10:37 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\ZoomBrowser EX

2007-12-23 10:22 --------- d-----w C:\Program Files\foobar2000

2007-12-20 16:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser

2007-12-17 20:25 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Apple Computer

2007-12-17 20:24 --------- d-----w C:\Program Files\QuickTime

2007-12-16 14:45 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Autodesk

2007-12-16 14:34 --------- d-----w C:\Program Files\Common Files\Autodesk Shared

2007-12-16 14:01 --------- d-----w C:\Program Files\GetRight

2007-12-08 20:13 --------- d-----w C:\Program Files\NVIDIA

2007-12-08 16:30 9,394 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-12-07 22:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk

2007-12-07 19:28 --------- d–h--w C:\Program Files\InstallShield Installation Information

2007-12-04 22:37 99,050 --sh–r C:\WINDOWS\system32\avpo.exe

2007-12-04 22:37 99,050 --sh–r C:\ntde1ect.com

2007-12-04 22:37 32,732 --sh–r C:\WINDOWS\system32\avpo1.dll

2007-12-04 18:34 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Corel

2007-11-25 21:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2007-11-08 20:10 --------- d-----w C:\Program Files\XVideoConverter

2007-11-07 23:07 3,082 ----a-w C:\WINDOWS\system32\affv9553p4now.sys

2007-11-07 21:45 --------- d-----w C:\Program Files\Easy Video Converter

2007-11-06 21:30 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Netscape

2007-11-06 21:29 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Photodex

2007-11-04 20:20 --------- d-----w C:\Program Files\Google

2007-10-25 16:27 --------- d-----w C:\Program Files\KONAMI

2007-10-10 16:14 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll

2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll

2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll

2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll

2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll

2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll

2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll

2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll

2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll

2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll

2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll

2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll

2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll

2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll

2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll

2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll

2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll

2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll

2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll

2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll

2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll

2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll

2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll

2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll

2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll

2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll

2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll

2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll

2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll

2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll

2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll

2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll

2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll

2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll

2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll

2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll

2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll

2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll

2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll

2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll

2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll

2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll

2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll

2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll

2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll

2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll

2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll

2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll

2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll

2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll

2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll

2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll

2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll

2007-10-04 16:14 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll

2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2006-11-05 22:48 88 --sh–r C:\WINDOWS\system32\316885261A.sys

2006-12-23 09:28 88 --sh–r C:\WINDOWS\system32\90E633313B.sys

2007-06-11 20:04 23 --sha-w C:\WINDOWS\system32\dcdbcb4_r.dll

1997-07-21 18:30 1,045,776 --sha-w C:\WINDOWS\system32\Msjet35.dll

1997-06-23 02:00 123,664 --sha-w C:\WINDOWS\system32\Msjint35.dll

1997-06-23 11:06 24,848 --sha-w C:\WINDOWS\system32\Msjter35.dll

1997-06-23 11:06 252,176 --sha-w C:\WINDOWS\system32\Msrd2x35.dll

1997-06-23 11:06 287,504 --sha-w C:\WINDOWS\system32\Msxbse35.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutoCAD Digital Signatures Icon Overlay Handler]

@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Uchwyt nakładania ikony podpisu cyfrowego]

@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}

[HKEY_CLASSES_ROOT\CLSID{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]

2007-02-12 15:12 44648 --a------ C:\WINDOWS\system32\AcSignIcon.dll

[HKEY_CLASSES_ROOT\CLSID{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]

2007-02-12 15:12 44648 --a------ C:\WINDOWS\system32\AcSignIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

“UpdateCheck”= {41C566D9-C684-40FA-880E-970064A7976D} - C:\WINDOWS\system32\mstmdm.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^AutoCAD Startup Accelerator.lnk]

backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Color Calibration.lnk]

backup=C:\WINDOWS\pss\Color Calibration.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DesktopEarth AutoStart.lnk]

backup=C:\WINDOWS\pss\DesktopEarth AutoStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GammaTray.lnk]

backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GetRight - Tray Icon.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GetRight - Tray Icon.lnk

backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Hyperappel du Petit Larousse 2007.lnk]

backup=C:\WINDOWS\pss\Hyperappel du Petit Larousse 2007.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^MagicTune 3.6.lnk]

backup=C:\WINDOWS\pss\MagicTune 3.6.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^NaturalColorLoad.lnk]

backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]

backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bartek^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Amazing3DAquariumWallpaper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

2007-12-04 14:00 79224 --a------ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avpa]

2007-12-04 23:37 99050 -r-hs---- C:\WINDOWS\system32\avpo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-01-15 15:14 147456 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\catsrv]

2007-04-09 23:26 626176 --a------ C:\Documents and Settings\Bartek\Policies\catsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 00:44 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Program Files\DAEMON Tools\daemon.exe -lang 1045

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

2006-10-04 11:38 163840 --a------ C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EleFunAnimatedWallpaper]

C:\Program Files\EleFun Multimedia\Alpine Lake Wallpaper\Alpine Lake.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]

EXPLORER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update Assistant]

C:\WINDOWS\system32\HPAware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-12-11 12:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

2001-11-29 01:00 28672 --a------ C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation]

2005-11-21 21:58 1089536 --a------ C:\Program Files\MagicTune\MagicRotation\MagicPvt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 14:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dyspozytor v3]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe /source=HKLM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2007-09-28 02:17 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2006-05-20 11:13 188416 --a------ C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV]

C:\WINDOWS\AdobeR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 15:07 49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

C:\Program Files\VVSN\VVSN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wsctf.exe]

wsctf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“NVSvc”=2 (0x2)

“ose”=3 (0x3)

“IDriverT”=3 (0x3)

“bgsvcgen”=2 (0x2)

“MDM”=2 (0x2)

“odserv”=3 (0x3)

“Adobe LM Service”=3 (0x3)

“NMIndexingService”=3 (0x3)

“NBService”=3 (0x3)

“gusvc”=3 (0x3)

“MagicTuneEngine”=2 (0x2)

“Diskeeper”=2 (0x2)

“FLEXnet Licensing Service”=3 (0x3)

“Bonjour Service”=2 (0x2)

“ScsiAccess”=2 (0x2)

“avast! Web Scanner”=3 (0x3)

“avast! Mail Scanner”=3 (0x3)

“avast! Antivirus”=2 (0x2)

“aswUpdSv”=2 (0x2)

“aawservice”=2 (0x2)

R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 12:53]

R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 11:56]

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]

R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys [2005-11-14 02:26]

R2 ArcGIS License Manager;ArcGIS License Manager;C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe [1999-12-01 11:38]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 14:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5fc0c6d1-5587-11dc-a62a-0011ae0d105f}]

\Shell\AutoRun\command - H:\

\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7b77552a-a668-11dc-a6d4-0011ae0d105f}]

\Shell\AutoRun\command - H:\

\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bc5f6457-e5d9-11db-a507-0011ae0d105f}]

\Shell\AutoRun\command - H:\

\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the ‘Scheduled Tasks’ folder

“2007-12-17 20:22:52 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-23 12:34:22

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-23 12:34:53

#5

Otwórz notatnik i wklej

File::

C:\WINDOWS\system32\avpo0.dll

C:\WINDOWS\system32\avpo.exe

C:\ntde1ect.com

C:\WINDOWS\system32\avpo1.dll

C:\WINDOWS\system32\316885261A.sys

C:\WINDOWS\system32\90E633313B.sys

C:\Windows\system32\EXPLORER.EXE

C:\Windows\system32\wsctf.exe


Registry:: 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avpa]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wsctf.exe]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

zapisz jako CFScript (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe ) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

na pytanie “1 or 2” - to wpisz 1 i naciśnij ENTER

Powinno rozpocząć się usuwanie

Potem daj nowy log Combofix oraz log HijackThis

:slight_smile: