usunełem winhound ale ciągle mam problemy z trojanami

[Piaskun]

Zainstalowała mi się tapetka na pulpicie WinHound usunełem.

-Przeskanowalem komp avast! Antivirus 4.6 Home Edition (skanowanie podczasrozruchu kompa),
-użyłem też ewido micro i ewido anti-malware pousuwało mi to i owo, ale zawsze jak włanczam kompa i łącze się z netem avasta znów wykrywa Trojany ( cały czas te same) usuwam a one znów się pokazują i tak cały czas jak naciskam Ctrl+Alt+Delte wyskakuje mi komunikat że administrator zablokował a dzeń wcześniej wszystko było dobrze.

I wyskakuje mi jeszcze taki komunikat


Prosze niech ktoś mi pomoże.

Umieszcza logo z HijackThis i Silent Runners

HijackThis

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 14:55:32, on 2006-01-15
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\kernels64.exe
C:\WINDOWS\System32\kernels64.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\eMule\emule.exe
D:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\vxgamet2.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Piotrek.P-MFDDDMZW6IQBR\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe
O4 - HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: AdsGone.lnk = D:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = D:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D64AE8D8-CACF-4C19-B662-4ADCA04D1897}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\lvl6093se.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


Silent Runners

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
"WindowsUpdateNT" = "C:\WINDOWS\System\svwhost.exe" [file not found]
"xp_system" = "C:\WINDOWS\inet20001\services.exe" [file not found]
"eMuleAutoStart" = "D:\Program Files\eMule\emule.exe -AutoStart" ["http://www.emule-project.net"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"WinampAgent" = "d:\Program Files\Winamp\winampa.exe" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"awxDTools" = "rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s" [MS]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe"  -lang 1033" ["DAEMON'S HOME"]
"System" = "C:\WINDOWS\System32\kernels64.exe" [null data]
"WindowsUpdate" = (value not set)
"BatSrv" = "C:\WINDOWS\batserv2.exe" [null data]
"SystemLoader" = "C:\WINDOWS\sysldr32.exe" [null data]
"Microsoft Office" = "C:\WINDOWS\System32\msvcp.exe" [null data]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"WindowsUpdateNT" = "C:\WINDOWS\System\svwhost.exe /s" [file not found]
"xp_system" = "C:\WINDOWS\inet20001\services.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{5A85BB7C-9D42-481C-A854-67760EB382CA}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\djserver.dll" [file not found]
"{BD7FB3B0-2FA6-4CBA-A91B-6088F107EEA1}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mfident.dll" [file not found]
"{A1D7ED6E-9A37-47B8-A300-096E059597D2}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\uprdpa.dll" [file not found]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{CBF41ECF-FB47-4242-BEA7-690967635CB2}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\uthisapi.dll" [file not found]
"{4742072F-1062-4B07-A5D8-03C182479505}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\iJsads.dll" [file not found]
"{0707C341-EF58-4E45-B5C2-BF1988A3996E}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\bNtmeter.dll" [file not found]
"{4A89C98E-8AFE-407F-8D15-9F82E49D5706}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\kcduzb.dll" [file not found]
"{E8383131-8882-4008-A564-03C03E151826}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\npwrsel.dll" [file not found]
"{2320F262-51B0-48B9-BD22-8B5492077669}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ozuninst.dll" [file not found]
"{070D553C-7DC2-4F8B-9744-20C8ED23D453}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mhacm32.dll" [file not found]
"{F5D3259C-383E-4EF3-8AE8-5661A1A96735}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\djiman32.dll" [file not found]
"{90C9F923-851D-4DD1-AF2C-2C421AAED39A}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\iaaapi.dll" [file not found]
"{1BEFE3C2-F0C7-4530-8FF6-D9948FED01BB}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\jasd400.dll" [file not found]
"{74CC2742-EFBF-4F78-8F30-A6ABBD4CFD78}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\twkwks.dll" [file not found]
"{CFDFA88B-80A4-4AC8-A81E-EEE46F55A4F9}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hutplug.dll" [file not found]
"{960A79FE-DA2F-47EB-A4CA-31E26405B01D}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nishell.dll" [file not found]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
  -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B03F9742-BC5E-4FDE-96A3-9AEF54F91C65}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dm16gt.dLL" [file not found]
"{E0B4BA92-D78A-4DCF-A5E1-31E7B60E2B17}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\iusutil.dll" [file not found]
"{EE433ECD-E99D-4BE1-9ABA-2C8B6AAA20CF}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wbaueng.dll" [file not found]
"{44BB9A11-10D6-41D3-B794-170E00BBD206}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file not found]
"{4A94F6A1-244C-401C-9342-BA2A4AC193D9}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\kkdit142.dll" [file not found]
"{370982EB-D56D-41DA-AD0D-625923727BF1}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\selogcfg.dll" [file not found]
"{8CA58181-D3A1-4F0B-9593-401BFDDD4971}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dkound3d.dll" [file not found]
"{905344F6-AC33-43FF-8F28-E9B3D783769A}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cxmpstui.dll" [file not found]
"{4AD57962-6F6F-4DE8-982F-6D764EAC49EC}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\vuipxspx.dll" [file not found]
"{FF1151EA-21A8-46AE-8678-E798A345F7D1}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wbbhits.dll" [file not found]
"{D674CFF0-FB63-4535-B0F8-7A86E371DA91}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\pjrfnw.dll" [file not found]
"{C3A56BD4-C099-4634-A803-E3018018B3F7}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\oluninst.dll" [file not found]
"{A25BFDF7-6342-4E95-AF15-51415E50B114}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cBpesnpn.dll" [file not found]
"{C45B3D09-BDDA-48BF-8CE6-7551F1BEEEF1}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mkdtcprx.dll" [file not found]
"{8444BFD0-D0FE-4C10-B961-DE7A031366D6}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\obecnv32.dll" [file not found]
"{75D5748B-C1BE-4F47-B42D-CE4E1B5C60FE}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\simpsnap.dll" [file not found]
"{5E9463FB-BF57-4705-A687-3436C3B1F458}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cubjmon.dll" [file not found]
"{6DB9A2DB-D3FE-4C63-81FB-0BBF37FA5002}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nilsapi.dll" [file not found]
"{89F17A52-E9A0-4E8D-9CA3-56C8508FFE97}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\oxecli32.dll" [file not found]
"{ED06E06E-2474-41F3-B508-A8A8404A7C39}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\sklsrv32.dll" [file not found]
"{9D77C0B1-C5EB-4717-9594-C1D9E39C2771}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cRbview.dll" [file not found]
"{EE9F6441-B52C-4179-AA1A-569514289540}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cncdll.dll" [file not found]
"{42B6A858-443B-4E67-A3AD-BCAA2FAA4BFB}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\vts_ps.dll" [file not found]
"{A42DD6A6-08FF-4F29-8377-364B1CF0827A}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ctdial32.dll" [file not found]
"{415692B2-CB53-4CAB-B0E4-67CD23E24196}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wscltui.dll" [file not found]
"{1F7B88FC-F7D2-4032-89AD-0A095505BCEE}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\kfdtuf.dll" [file not found]
"{2E842522-08C5-4D37-AAE8-4F494BD81F0B}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\onethk32.dll" [file not found]
"{6F69483F-37F9-45DC-97A1-CD6C82318AFA}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\rUsmans.dll" [file not found]
"{08BD9FC1-A525-4B7C-B135-F08F9C5EB04B}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\sonceng.dll" [file not found]
"{E793B5F5-0954-44CA-B05E-F6718120A99D}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\epsadu.dll" [file not found]
"{1984B3E6-7C9A-4B02-9EF6-A85CF9F0DCE4}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\rUsdlg.dll" [file not found]
"{6438FB11-7D36-41D1-9D4A-349E473BCCCF}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\rQsdlg.dll" [file not found]
"{2AB0C559-09C7-4970-9FCE-402EB035FBB2}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\eypsrv.dll" [file not found]
"{2B54B7C5-8396-43FD-B9DD-7288D1772DF3}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mjorc32r.dll" [file not found]
"{762CA687-1F94-4C2A-8975-6D6651F166FA}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dPd8thk.dll" [file not found]
"{1722598E-414F-44FA-9350-CFE26D39B96F}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\sfndmail.dll" [file not found]
"{4538067E-27F4-475E-872D-66445146077B}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\agkctrs.dll" [file not found]
"{9AFC25A3-4AC2-4612-BDED-E7FA4DA367CB}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\sdrobj.dll" [file not found]
"{3B623996-E514-40A8-9314-50C879A6F83F}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\oyecli32.dll" [file not found]
"{E2D60FBA-A4EC-484F-AC11-6525F6AECDFD}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\IpagXR7.dll" [file not found]
"{BE98B59C-DBF3-4D6C-A92C-9D0A0DA57C22}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file not found]
"{23C1BFEA-FF7A-4953-A7A1-D1D59EAC05D0}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nptui2.dll" [file not found]
"{C773E9D2-6CDE-4818-9E5C-2E33430069B7}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mhcpx32r.dLL" [file not found]
"{F6017E5B-C162-40EF-825F-BC7B3CF064FD}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\delayx.dll" [file not found]
"{61E42078-C209-4B16-8CA5-E552CB00996A}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\IkagXR7.dll" [file not found]
"{AE654B80-E8EC-485C-9B4D-524BA6C382E7}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wvvdmoe.dll" [file not found]
"{F92D76F3-9D14-4FA6-927D-DC54F13A104E}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wvcdlg.dll" [file not found]
"{5F95DC54-6DF8-4DAB-B4D3-56B21141C112}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nwrsnl.dll" [file not found]
"{EEFE049A-2BFC-4713-8CEA-149F734C95A5}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\bgowsewm.dll" [file not found]
"{C85C7FA0-7300-4CD1-B371-4F66D8D50F43}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\MCVCP70.dll" [file not found]
"{1F018F2F-FF16-4AB3-B3D8-8D3E22D8D517}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\scdoclc.dll" [file not found]
"{70B28949-EC23-4D00-A411-AD8A1B3A8A5A}" = "awxDTools - ContextMenu ShellExtension"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll" ["arniWORX"]
"{7A5117B0-B594-4DA8-829D-D15BF11996F2}" = "awxDTools - ColumnHandler ShellExtension"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll" ["arniWORX"]
"{D7C3180D-83AA-464B-9154-6BD0B4E34FBD}" = "awxDTools - PropertySheetHandler ShellExtension"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll" ["arniWORX"]
"{AE81A572-5606-4CB6-9238-56591A47984A}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file not found]
"{F24A0405-7B36-45E2-9344-05649C3DB3BD}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cetdll.dll" [file not found]
"{5504D21D-29DE-4778-8E4C-64F29CD5A4F8}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\pdbase.dll" [file not found]
"{B491AAEC-5347-459C-A743-D53C04A78CF5}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nztlogon.dll" [file not found]
"{64DB76A9-C63B-4644-916B-6A173C86C66D}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\viipxspx.dll" [file not found]
"{4B5E290B-C66B-4A6E-90B8-B7F75819962E}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\uter32.dll" [file not found]
"{C022215F-D0E8-4594-A1D2-685FD0A7A64B}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ryched20.dll" [file not found]
"{46E3463E-05E1-4592-B3BE-C10CC12A285C}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\iTsads.dll" [file not found]
"{CB61D13A-4506-47AD-A46E-4595B8BE2B61}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hK2o0ef3eh2.dll" [file not found]
"{DD54A470-043D-4D4E-8A57-D38CA5DD78EE}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\heicons.dll" [file not found]
"{9D8B8C27-A04B-424C-BA98-8FD9F77B8208}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wnnsrv.dll" [file not found]
"{2644F566-E732-4418-BB8E-EC0EAA4EEB4C}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mugsvc.dll" [file not found]
"{6E32369D-DD78-4A8E-A32C-FE07452CB0D8}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ncrsja.dll" [file not found]
"{9C3FDD39-F60C-4C9F-9AFF-4ACE2C501269}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dtusic.dll" [file not found]
"{0A69F7A0-FABB-4F7C-9B6E-DE9CA4038FBA}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mnrd2x40.dll" [file not found]
"{B71245E2-4B94-486A-90A7-BB43476B6302}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dksenh.dll" [file not found]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FEA76C1C-46C4-469E-B18B-90B1D646632E}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\uberenv.dll" [file not found]
"{4757F77E-A183-494B-8317-0F4243A0B1EF}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file not found]
"{536F3B5E-FFE7-4F2F-91E9-35CBD897C52C}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\stxcoins.dll" [file not found]
"{C6176316-5F98-40D8-8AAC-615A1C4DD816}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\stmsg.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "run" = "C:\WINDOWS\inet20001\services.exe" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! BITS\DLLName = "C:\WINDOWS\system32\lvl6093se.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\AVASTSS.scr" ["ALWIL Software"]


Startup items in "Piotrek" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Piotrek.P-MFDDDMZW6IQBR\Menu Start\Programy\Autostart
"AdsGone" -> shortcut to: "D:\Program Files\AdsGone\adsgone.exe" ["A1Tech, Inc."]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"AdsGone 2004" -> shortcut to: "D:\Program Files\AdsGone\adsgone.exe" ["A1Tech, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\ = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\ = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\ = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{753BBC4B-CC73-4FB8-A5B5-CA09C804C1DD}\
"ButtonText" = "FlashCapture"
"Script" = "res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm" ["Dreamingsoft, Inc."]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
StarWind iSCSI Service, StarWindService, "D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 40 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 21 seconds.
---------- (total run time: 108 seconds)


[prog]

wylacz przywracania systemuy iu start w awaryjny

O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\lvl6093se.dll

To leci w hijacku, potem pogrubione pliki/foldery usuwasz recznie do kosza i z kosza.

[ Dodano: Dzisiaj o 15:23 ]
aha i sciagnij jeszcze to:
L2MFix

Uruchom plik l2mfix.bat po wczesniejsyzm wypakowaniu i daj loga z opcji pierwszej



Run Find Log

[Piaskun]

wylacz przywracania systemuy iu

Ok to zrobiłem

start w awaryjny

a tu mam problem wgrywa się wszystko( logowanie, potwierdzenie że wchodzę w awaryjny)i zawiesza(exploier) jak naciskam Ctrl+Alt+Del wyskakuje że admin zablokował <<--jak to mogę zmienić?
Bo gdybym to mienił to w trybie awarujnym nacisnoł bym Ctrl+Alt+Del i zrestartował (exploier) a tak nic nie mogę zrobić :|

[prog]

sprobuj w takim razie w normalnym i daj control loga ale kurcze wypadaloby w awaryjnym

[Piaskun]

O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe

Usuwam te dwa pierwsze wpisy w hijack robię to tak:

Zaznaczam je
Klikam Add checked to ignorelist (klikam tak)
Klikam Config
Ignorelist zaznaczam je jeszcze raz i dellte
Potem wchodze do Backups i usuwam je jeszcze raz

I za każdym razem gdy włącze HiackThis te wpisy pojawiają mi się ponownie

C:\WINDOWS\System\svwhost.exe

Tego pliku nie było był natomiast svwhost.exe.bak usunełem

C:\WINDOWS\inet20001\services.exe

Usunełem cały folder inet20001

C:\WINDOWS\System32\kernels64.exe

Tego nie mogę usunąć ponieważ system go używa

C:\WINDOWS\sysldr32.exe

Tego niema(prawdopodobnie avast mi go usunoł)

C:\WINDOWS\system32\lvl6093se.dll

Tego niema(prawdopodobnie avast mi go usunoł)

Daje tego loga o co chciałeś


[code]L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate]
"DllName"="msupdate32.dll"
"Startup"="WinlogonStartupEvent"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n6n6lg5s16.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{99ACB634-3CDA-CD41-4106-D87A17C1932A}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{5A85BB7C-9D42-481C-A854-67760EB382CA}"=""
"{BD7FB3B0-2FA6-4CBA-A91B-6088F107EEA1}"=""
"{A1D7ED6E-9A37-47B8-A300-096E059597D2}"=""
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{CBF41ECF-FB47-4242-BEA7-690967635CB2}"=""
"{4742072F-1062-4B07-A5D8-03C182479505}"=""
"{0707C341-EF58-4E45-B5C2-BF1988A3996E}"=""
"{4A89C98E-8AFE-407F-8D15-9F82E49D5706}"=""
"{E8383131-8882-4008-A564-03C03E151826}"=""
"{2320F262-51B0-48B9-BD22-8B5492077669}"=""
"{070D553C-7DC2-4F8B-9744-20C8ED23D453}"=""
"{F5D3259C-383E-4EF3-8AE8-5661A1A96735}"=""
"{90C9F923-851D-4DD1-AF2C-2C421AAED39A}"=""
"{1BEFE3C2-F0C7-4530-8FF6-D9948FED01BB}"=""
"{74CC2742-EFBF-4F78-8F30-A6ABBD4CFD78}"=""
"{CFDFA88B-80A4-4AC8-A81E-EEE46F55A4F9}"=""
"{960A79FE-DA2F-47EB-A4CA-31E26405B01D}"=""
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{B03F9742-BC5E-4FDE-96A3-9AEF54F91C65}"=""
"{E0B4BA92-D78A-4DCF-A5E1-31E7B60E2B17}"=""
"{EE433ECD-E99D-4BE1-9ABA-2C8B6AAA20CF}"=""
"{44BB9A11-10D6-41D3-B794-170E00BBD206}"=""
"{4A94F6A1-244C-401C-9342-BA2A4AC193D9}"=""
"{370982EB-D56D-41DA-AD0D-625923727BF1}"=""
"{8CA58181-D3A1-4F0B-9593-401BFDDD4971}"=""
"{905344F6-AC33-43FF-8F28-E9B3D783769A}"=""
"{4AD57962-6F6F-4DE8-982F-6D764EAC49EC}"=""
"{FF1151EA-21A8-46AE-8678-E798A345F7D1}"=""
"{D674CFF0-FB63-4535-B0F8-7A86E371DA91}"=""
"{C3A56BD4-C099-4634-A803-E3018018B3F7}"=""
"{A25BFDF7-6342-4E95-AF15-51415E50B114}"=""
"{C45B3D09-BDDA-48BF-8CE6-7551F1BEEEF1}"=""
"{8444BFD0-D0FE-4C10-B961-DE7A031366D6}"=""
"{75D5748B-C1BE-4F47-B42D-CE4E1B5C60FE}"=""
@="CorelDRAW Shell Extension Component"
"{5E9463FB-BF57-4705-A687-3436C3B1F458}"=""
"{6DB9A2DB-D3FE-4C63-81FB-0BBF37FA5002}"=""
"{89F17A52-E9A0-4E8D-9CA3-56C8508FFE97}"=""
"{ED06E06E-2474-41F3-B508-A8A8404A7C39}"=""
"{9D77C0B1-C5EB-4717-9594-C1D9E39C2771}"=""
"{EE9F6441-B52C-4179-AA1A-569514289540}"=""
"{42B6A858-443B-4E67-A3AD-BCAA2FAA4BFB}"=""
"{A42DD6A6-08FF-4F29-8377-364B1CF0827A}"=""
"{415692B2-CB53-4CAB-B0E4-67CD23E24196}"=""
"{1F7B88FC-F7D2-4032-89AD-0A095505BCEE}"=""
"{2E842522-08C5-4D37-AAE8-4F494BD81F0B}"=""
"{6F69483F-37F9-45DC-97A1-CD6C82318AFA}"=""
"{08BD9FC1-A525-4B7C-B135-F08F9C5EB04B}"=""
"{E793B5F5-0954-44CA-B05E-F6718120A99D}"=""
"{1984B3E6-7C9A-4B02-9EF6-A85CF9F0DCE4}"=""
"{6438FB11-7D36-41D1-9D4A-349E473BCCCF}"=""
"{2AB0C559-09C7-4970-9FCE-402EB035FBB2}"=""
"{2B54B7C5-8396-43FD-B9DD-7288D1772DF3}"=""
"{762CA687-1F94-4C2A-8975-6D6651F166FA}"=""
"{1722598E-414F-44FA-9350-CFE26D39B96F}"=""
"{4538067E-27F4-475E-872D-66445146077B}"=""
"{9AFC25A3-4AC2-4612-BDED-E7FA4DA367CB}"=""
"{3B623996-E514-40A8-9314-50C879A6F83F}"=""
"{E2D60FBA-A4EC-484F-AC11-6525F6AECDFD}"=""
"{BE98B59C-DBF3-4D6C-A92C-9D0A0DA57C22}"=""
"{23C1BFEA-FF7A-4953-A7A1-D1D59EAC05D0}"=""
"{C773E9D2-6CDE-4818-9E5C-2E33430069B7}"=""
"{F6017E5B-C162-40EF-825F-BC7B3CF064FD}"=""
"{61E42078-C209-4B16-8CA5-E552CB00996A}"=""
"{AE654B80-E8EC-485C-9B4D-524BA6C382E7}"=""
"{F92D76F3-9D14-4FA6-927D-DC54F13A104E}"=""
"{5F95DC54-6DF8-4DAB-B4D3-56B21141C112}"=""
"{EEFE049A-2BFC-4713-8CEA-149F734C95A5}"=""
"{C85C7FA0-7300-4CD1-B371-4F66D8D50F43}"=""
"{1F018F2F-FF16-4AB3-B3D8-8D3E22D8D517}"=""
"{70B28949-EC23-4D00-A411-AD8A1B3A8A5A}"="awxDTools - ContextMenu ShellExtension"
"{7A5117B0-B594-4DA8-829D-D15BF11996F2}"="awxDTools - ColumnHandler ShellExtension"
"{D7C3180D-83AA-464B-9154-6BD0B4E34FBD}"="awxDTools - PropertySheetHandler ShellExtension"
"{AE81A572-5606-4CB6-9238-56591A47984A}"=""
"{F24A0405-7B36-45E2-9344-05649C3DB3BD}"=""
"{5504D21D-29DE-4778-8E4C-64F29CD5A4F8}"=""
"{B491AAEC-5347-459C-A743-D53C04A78CF5}"=""
"{64DB76A9-C63B-4644-916B-6A173C86C66D}"=""
"{4B5E290B-C66B-4A6E-90B8-B7F75819962E}"=""
"{C022215F-D0E8-4594-A1D2-685FD0A7A64B}"=""
"{46E3463E-05E1-4592-B3BE-C10CC12A285C}"=""
"{CB61D13A-4506-47AD-A46E-4595B8BE2B61}"=""
"{DD54A470-043D-4D4E-8A57-D38CA5DD78EE}"=""
"{9D8B8C27-A04B-424C-BA98-8FD9F77B8208}"=""
"{2644F566-E732-4418-BB8E-EC0EAA4EEB4C}"=""
"{6E32369D-DD78-4A8E-A32C-FE07452CB0D8}"=""
"{9C3FDD39-F60C-4C9F-9AFF-4ACE2C501269}"=""
"{0A69F7A0-FABB-4F7C-9B6E-DE9CA4038FBA}"=""
"{B71245E2-4B94-486A-90A7-BB43476B6302}"=""
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{FEA76C1C-46C4-469E-B18B-90B1D646632E}"=""
"{4757F77E-A183-494B-8317-0F4243A0B1EF}"=""
"{536F3B5E-FFE7-4F2F-91E9-35CBD897C52C}"=""
"{C6176316-5F98-40D8-8AAC-615A1C4DD816}"=""
"{78B7C2BC-A2C1-42D1-9F94-ABF7133DDA3D}"=""
"{09544E64-FC59-4D2B-AEBF-9D2296420E7E}"=""
"{8F3A911A-B88A-4DF7-891D-C331E1527468}"=""
"{4ECCF26B-EF44-4CB5-8BAC-C15981A3C5D2}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5A85BB7C-9D42-481C-A854-67760EB382CA}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{5A85BB7C-9D42-481C-A854-67760EB382CA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A85BB7C-9D42-481C-A854-67760EB382CA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A85BB7C-9D42-481C-A854-67760EB382CA}\InprocServer32]
@="C:\\WINDOWS\\system32\\djserver.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BD7FB3B0-2FA6-4CBA-A91B-6088F107EEA1}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{BD7FB3B0-2FA6-4CBA-A91B-6088F107EEA1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BD7FB3B0-2FA6-4CBA-A91B-6088F107EEA1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BD7FB3B0-2FA6-4CBA-A91B-6088F107EEA1}\InprocServer32]
@="C:\\WINDOWS\\system32\\mfident.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A1D7ED6E-9A37-47B8-A300-096E059597D2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A1D7ED6E-9A37-47B8-A300-096E059597D2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A1D7ED6E-9A37-47B8-A300-096E059597D2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A1D7ED6E-9A37-47B8-A300-096E059597D2}\InprocServer32]
@="C:\\WINDOWS\\system32\\uprdpa.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CBF41ECF-FB47-4242-BEA7-690967635CB2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBF41ECF-FB47-4242-BEA7-690967635CB2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBF41ECF-FB47-4242-BEA7-690967635CB2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBF41ECF-FB47-4242-BEA7-690967635CB2}\InprocServer32]
@="C:\\WINDOWS\\system32\\uthisapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4742072F-1062-4B07-A5D8-03C182479505}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4742072F-1062-4B07-A5D8-03C182479505}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4742072F-1062-4B07-A5D8-03C182479505}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4742072F-1062-4B07-A5D8-03C182479505}\InprocServer32]
@="C:\\WINDOWS\\system32\\iJsads.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0707C341-EF58-4E45-B5C2-BF1988A3996E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0707C341-EF58-4E45-B5C2-BF1988A3996E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0707C341-EF58-4E45-B5C2-BF1988A3996E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0707C341-EF58-4E45-B5C2-BF1988A3996E}\InprocServer32]
@="C:\\WINDOWS\\system32\\bNtmeter.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4A89C98E-8AFE-407F-8D15-9F82E49D5706}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A89C98E-8AFE-407F-8D15-9F82E49D5706}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A89C98E-8AFE-407F-8D15-9F82E49D5706}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A89C98E-8AFE-407F-8D15-9F82E49D5706}\InprocServer32]
@="C:\\WINDOWS\\system32\\kcduzb.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E8383131-8882-4008-A564-03C03E151826}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8383131-8882-4008-A564-03C03E151826}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8383131-8882-4008-A564-03C03E151826}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8383131-8882-4008-A564-03C03E151826}\InprocServer32]
@="C:\\WINDOWS\\system32\\npwrsel.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2320F262-51B0-48B9-BD22-8B5492077669}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2320F262-51B0-48B9-BD22-8B5492077669}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2320F262-51B0-48B9-BD22-8B5492077669}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2320F262-51B0-48B9-BD22-8B5492077669}\InprocServer32]
@="C:\\WINDOWS\\system32\\ozuninst.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{070D553C-7DC2-4F8B-9744-20C8ED23D453}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{070D553C-7DC2-4F8B-9744-20C8ED23D453}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{070D553C-7DC2-4F8B-9744-20C8ED23D453}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{070D553C-7DC2-4F8B-9744-20C8ED23D453}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhacm32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F5D3259C-383E-4EF3-8AE8-5661A1A96735}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F5D3259C-383E-4EF3-8AE8-5661A1A96735}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F5D3259C-383E-4EF3-8AE8-5661A1A96735}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F5D3259C-383E-4EF3-8AE8-5661A1A96735}\InprocServer32]
@="C:\\WINDOWS\\system32\\djiman32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{90C9F923-851D-4DD1-AF2C-2C421AAED39A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90C9F923-851D-4DD1-AF2C-2C421AAED39A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90C9F923-851D-4DD1-AF2C-2C421AAED39A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90C9F923-851D-4DD1-AF2C-2C421AAED39A}\InprocServer32]
@="C:\\WINDOWS\\system32\\iaaapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1BEFE3C2-F0C7-4530-8FF6-D9948FED01BB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1BEFE3C2-F0C7-4530-8FF6-D9948FED01BB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1BEFE3C2-F0C7-4530-8FF6-D9948FED01BB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1BEFE3C2-F0C7-4530-8FF6-D9948FED01BB}\InprocServer32]
@="C:\\WINDOWS\\system32\\jasd400.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{74CC2742-EFBF-4F78-8F30-A6ABBD4CFD78}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{74CC2742-EFBF-4F78-8F30-A6ABBD4CFD78}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{74CC2742-EFBF-4F78-8F30-A6ABBD4CFD78}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{74CC2742-EFBF-4F78-8F30-A6ABBD4CFD78}\InprocServer32]
@="C:\\WINDOWS\\system32\\twkwks.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CFDFA88B-80A4-4AC8-A81E-EEE46F55A4F9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFDFA88B-80A4-4AC8-A81E-EEE46F55A4F9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFDFA88B-80A4-4AC8-A81E-EEE46F55A4F9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFDFA88B-80A4-4AC8-A81E-EEE46F55A4F9}\InprocServer32]
@="C:\\WINDOWS\\system32\\hutplug.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{960A79FE-DA2F-47EB-A4CA-31E26405B01D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{960A79FE-DA2F-47EB-A4CA-31E26405B01D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{960A79FE-DA2F-47EB-A4CA-31E26405B01D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{960A79FE-DA2F-47EB-A4CA-31E26405B01D}\InprocServer32]
@="C:\\WINDOWS\\system32\\nishell.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B03F9742-BC5E-4FDE-96A3-9AEF54F91C65}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B03F9742-BC5E-4FDE-96A3-9AEF54F91C65}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B03F9742-BC5E-4FDE-96A3-9AEF54F91C65}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B03F9742-BC5E-4FDE-96A3-9AEF54F91C65}\InprocServer32]
@="C:\\WINDOWS\\system32\\dm16gt.dLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E0B4BA92-D78A-4DCF-A5E1-31E7B60E2B17}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0B4BA92-D78A-4DCF-A5E1-31E7B60E2B17}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0B4BA92-D78A-4DCF-A5E1-31E7B60E2B17}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0B4BA92-D78A-4DCF-A5E1-31E7B60E2B17}\InprocServer32]
@="C:\\WINDOWS\\system32\\iusutil.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EE433ECD-E99D-4BE1-9ABA-2C8B6AAA20CF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE433ECD-E99D-4BE1-9ABA-2C8B6AAA20CF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE433ECD-E99D-4BE1-9ABA-2C8B6AAA20CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE433ECD-E99D-4BE1-9ABA-2C8B6AAA20CF}\InprocServer32]
@="C:\\WINDOWS\\system32\\wbaueng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{44BB9A11-10D6-41D3-B794-170E00BBD206}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44BB9A11-10D6-41D3-B794-170E00BBD206}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44BB9A11-10D6-41D3-B794-170E00BBD206}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44BB9A11-10D6-41D3-B794-170E00BBD206}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4A94F6A1-244C-401C-9342-BA2A4AC193D9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A94F6A1-244C-401C-9342-BA2A4AC193D9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A94F6A1-244C-401C-9342-BA2A4AC193D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A94F6A1-244C-401C-9342-BA2A4AC193D9}\InprocServer32]
@="C:\\WINDOWS\\system32\\kkdit142.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{370982EB-D56D-41DA-AD0D-625923727BF1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{370982EB-D56D-41DA-AD0D-625923727BF1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{370982EB-D56D-41DA-AD0D-625923727BF1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{370982EB-D56D-41DA-AD0D-625923727BF1}\InprocServer32]
@="C:\\WINDOWS\\system32\\selogcfg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8CA58181-D3A1-4F0B-9593-401BFDDD4971}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8CA58181-D3A1-4F0B-9593-401BFDDD4971}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8CA58181-D3A1-4F0B-9593-401BFDDD4971}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8CA58181-D3A1-4F0B-9593-401BFDDD4971}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkound3d.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{905344F6-AC33-43FF-8F28-E9B3D783769A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{905344F6-AC33-43FF-8F28-E9B3D783769A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{905344F6-AC33-43FF-8F28-E9B3D783769A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{905344F6-AC33-43FF-8F28-E9B3D783769A}\InprocServer32]
@="C:\\WINDOWS\\system32\\cxmpstui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4AD57962-6F6F-4DE8-982F-6D764EAC49EC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4AD57962-6F6F-4DE8-982F-6D764EAC49EC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4AD57962-6F6F-4DE8-982F-6D764EAC49EC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4AD57962-6F6F-4DE8-982F-6D764EAC49EC}\InprocServer32]
@="C:\\WINDOWS\\system32\\vuipxspx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FF1151EA-21A8-46AE-8678-E798A345F7D1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FF1151EA-21A8-46AE-8678-E798A345F7D1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FF1151EA-21A8-46AE-8678-E798A345F7D1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FF1151EA-21A8-46AE-8678-E798A345F7D1}\InprocServer32]
@="C:\\WINDOWS\\system32\\wbbhits.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D674CFF0-FB63-4535-B0F8-7A86E371DA91}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D674CFF0-FB63-4535-B0F8-7A86E371DA91}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D674CFF0-FB63-4535-B0F8-7A86E371DA91}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D674CFF0-FB63-4535-B0F8-7A86E371DA91}\InprocServer32]
@="C:\\WINDOWS\\system32\\pjrfnw.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C3A56BD4-C099-4634-A803-E3018018B3F7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C3A56BD4-C099-4634-A803-E3018018B3F7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C3A56BD4-C099-4634-A803-E3018018B3F7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C3A56BD4-C099-4634-A803-E3018018B3F7}\InprocServer32]
@="C:\\WINDOWS\\system32\\oluninst.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A25BFDF7-6342-4E95-AF15-51415E50B114}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A25BFDF7-6342-4E95-AF15-51415E50B114}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A25BFDF7-6342-4E95-AF15-51415E50B114}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A25BFDF7-6342-4E95-AF15-51415E50B114}\InprocServer32]
@="C:\\WINDOWS\\system32\\cBpesnpn.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C45B3D09-BDDA-48BF-8CE6-7551F1BEEEF1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C45B3D09-BDDA-48BF-8CE6-7551F1BEEEF1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C45B3D09-BDDA-48BF-8CE6-7551F1BEEEF1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C45B3D09-BDDA-48BF-8CE6-7551F1BEEEF1}\InprocServer32]
@="C:\\WINDOWS\\system32\\mkdtcprx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8444BFD0-D0FE-4C10-B961-DE7A031366D6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8444BFD0-D0FE-4C10-B961-DE7A031366D6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8444BFD0-D0FE-4C10-B961-DE7A031366D6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8444BFD0-D0FE-4C10-B961-DE7A031366D6}\InprocServer32]
@="C:\\WINDOWS\\system32\\obecnv32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{75D5748B-C1BE-4F47-B42D-CE4E1B5C60FE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75D5748B-C1BE-4F47-B42D-CE4E1B5C60FE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75D5748B-C1BE-4F47-B42D-CE4E1B5C60FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75D5748B-C1BE-4F47-B42D-CE4E1B5C60FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\simpsnap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5E9463FB-BF57-4705-A687-3436C3B1F458}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E9463FB-BF57-4705-A687-3436C3B1F458}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E9463FB-BF57-4705-A687-3436C3B1F458}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E9463FB-BF57-4705-A687-3436C3B1F458}\InprocServer32]
@="C:\\WINDOWS\\system32\\cubjmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6DB9A2DB-D3FE-4C63-81FB-0BBF37FA5002}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DB9A2DB-D3FE-4C63-81FB-0BBF37FA5002}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DB9A2DB-D3FE-4C63-81FB-0BBF37FA5002}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DB9A2DB-D3FE-4C63-81FB-0BBF37FA5002}\InprocServer32]
@="C:\\WINDOWS\\system32\\nilsapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{89F17A52-E9A0-4E8D-9CA3-56C8508FFE97}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{89F17A52-E9A0-4E8D-9CA3-56C8508FFE97}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{89F17A52-E9A0-4E8D-9CA3-56C8508FFE97}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{89F17A52-E9A0-4E8D-9CA3-56C8508FFE97}\InprocServer32]
@="C:\\WINDOWS\\system32\\oxecli32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ED06E06E-2474-41F3-B508-A8A8404A7C39}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED06E06E-2474-41F3-B508-A8A8404A7C39}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED06E06E-2474-41F3-B508-A8A8404A7C39}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED06E06E-2474-41F3-B508-A8A8404A7C39}\InprocServer32]
@="C:\\WINDOWS\\system32\\sklsrv32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9D77C0B1-C5EB-4717-9594-C1D9E39C2771}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9D77C0B1-C5EB-4717-9594-C1D9E39C2771}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9D77C0B1-C5EB-4717-9594-C1D9E39C2771}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9D77C0B1-C5EB-4717-9594-C1D9E39C2771}\InprocServer32]
@="C:\\WINDOWS\\system32\\cRbview.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EE9F6441-B52C-4179-AA1A-569514289540}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE9F6441-B52C-4179-AA1A-569514289540}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE9F6441-B52C-4179-AA1A-569514289540}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE9F6441-B52C-4179-AA1A-569514289540}\InprocServer32]
@="C:\\WINDOWS\\system32\\cncdll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{42B6A858-443B-4E67-A3AD-BCAA2FAA4BFB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42B6A858-443B-4E67-A3AD-BCAA2FAA4BFB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42B6A858-443B-4E67-A3AD-BCAA2FAA4BFB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42B6A858-443B-4E67-A3AD-BCAA2FAA4BFB}\InprocServer32]
@="C:\\WINDOWS\\system32\\vts_ps.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A42DD6A6-08FF-4F29-8377-364B1CF0827A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A42DD6A6-08FF-4F29-8377-364B1CF0827A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A42DD6A6-08FF-4F29-8377-364B1CF0827A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A42DD6A6-08FF-4F29-8377-364B1CF0827A}\InprocServer32]
@="C:\\WINDOWS\\system32\\ctdial32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{415692B2-CB53-4CAB-B0E4-67CD23E24196}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{415692B2-CB53-4CAB-B0E4-67CD23E24196}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{415692B2-CB53-4CAB-B0E4-67CD23E24196}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{415692B2-CB53-4CAB-B0E4-67CD23E24196}\InprocServer32]
@="C:\\WINDOWS\\system32\\wscltui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1F7B88FC-F7D2-4032-89AD-0A095505BCEE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1F7B88FC-F7D2-4032-89AD-0A095505BCEE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1F7B88FC-F7D2-4032-89AD-0A095505BCEE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1F7B88FC-F7D2-4032-89AD-0A095505BCEE}\InprocServer32]
@="C:\\WINDOWS\\system32\\kfdtuf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2E842522-08C5-4D37-AAE8-4F494BD81F0B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E842522-08C5-4D37-AAE8-4F494BD81F0B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E842522-08C5-4D37-AAE8-4F494BD81F0B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E842522-08C5-4D37-AAE8-4F494BD81F0B}\InprocServer32]
@="C:\\WINDOWS\\system32\\onethk32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6F69483F-37F9-45DC-97A1-CD6C82318AFA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F69483F-37F9-45DC-97A1-CD6C82318AFA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F69483F-37F9-45DC-97A1-CD6C82318AFA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F69483F-37F9-45DC-97A1-CD6C82318AFA}\InprocServer32]
@="C:\\WINDOWS\\system32\\rUsmans.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{08BD9FC1-A525-4B7C-B135-F08F9C5EB04B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08BD9FC1-A525-4B7C-B135-F08F9C5EB04B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08BD9FC1-A525-4B7C-B135-F08F9C5EB04B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08BD9FC1-A525-4B7C-B135-F08F9C5EB04B}\InprocServer32]
@="C:\\WINDOWS\\system32\\sonceng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E793B5F5-0954-44CA-B05E-F6718120A99D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E793B5F5-0954-44CA-B05E-F6718120A99D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E793B5F5-0954-44CA-B05E-F6718120A99D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E793B5F5-0954-44CA-B05E-F6718120A99D}\InprocServer32]
@="C:\\WINDOWS\\system32\\epsadu.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1984B3E6-7C9A-4B02-9EF6-A85CF9F0DCE4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1984B3E6-7C9A-4B02-9EF6-A85CF9F0DCE4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1984B3E6-7C9A-4B02-9EF6-A85CF9F0DCE4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1984B3E6-7C9A-4B02-9EF6-A85CF9F0DCE4}\InprocServer32]
@="C:\\WINDOWS\\system32\\rUsdlg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6438FB11-7D36-41D1-9D4A-349E473BCCCF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6438FB11-7D36-41D1-9D4A-349E473BCCCF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6438FB11-7D36-41D1-9D4A-349E473BCCCF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6438FB11-7D36-41D1-9D4A-349E473BCCCF}\InprocServer32]
@="C:\\WINDOWS\\system32\\rQsdlg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2AB0C559-09C7-4970-9FCE-402EB035FBB2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2AB0C559-09C7-4970-9FCE-402EB035FBB2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2AB0C559-09C7-4970-9FCE-402EB035FBB2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2AB0C559-09C7-4970-9FCE-402EB035FBB2}\InprocServer32]
@="C:\\WINDOWS\\system32\\eypsrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2B54B7C5-8396-43FD-B9DD-7288D1772DF3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B54B7C5-8396-43FD-B9DD-7288D1772DF3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B54B7C5-8396-43FD-B9DD-7288D1772DF3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B54B7C5-8396-43FD-B9DD-7288D1772DF3}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjorc32r.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{762CA687-1F94-4C2A-8975-6D6651F166FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{762CA687-1F94-4C2A-8975-6D6651F166FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{762CA687-1F94-4C2A-8975-6D6651F166FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{762CA687-1F94-4C2A-8975-6D6651F166FA}\Inp

[Tom@szek]

O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe

Usuwam te dwa pierwsze wpisy w hijack robię to tak:

Zaznaczam je
Klikam Add checked to ignorelist (klikam tak)
Klikam Config
Ignorelist zaznaczam je jeszcze raz i dellte
Potem wchodze do Backups i usuwam je jeszcze raz

Zaznaczasz te wpisy i robisz Fix Checked

[prog]

Jest zle - bardzo zle

Nic nie rob w hijacku tylko daj kontrolnie loga

Co do L2MFix - uruchom go z opcja druga a nastyepnie ponownie z opcja pierwsza (wklejasz z niej log)

PZDR

[Piaskun]

Ten post wyżej coś się stał? Umieściłem loga w code wziełem podglą był w code zielony a gdy go wysłałem(sami widzicie nie jest w code). Kliknołem potem zmień(edit) znów go w code na podglądzie jest w code a gdy wyśle już nie jest?

Ok a teraz pokloei

Pierwszy log z hijackthis
Drugi L2MFix z z opcją pierwszą

Pierwszy log z hijackthis

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 16:30:25, on 2006-01-16
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\kernels64.exe
C:\WINDOWS\System32\kernels64.exe
C:\WINDOWS\batserv2.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\eMule\emule.exe
D:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\qvxgamet4.exe
C:\WINDOWS\System32\qvxgamet4.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\qvxgamet4.exe
C:\WINDOWS\System32\qvxgamet4.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\sysc.exe
C:\WINDOWS\System32\sysc.exe
C:\Documents and Settings\Piotrek.P-MFDDDMZW6IQBR\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe
O4 - HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - Startup: AdsGone.lnk = D:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = D:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D64AE8D8-CACF-4C19-B662-4ADCA04D1897}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\n6n6lg5s16.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



Drugi

Kod: Zaznacz wszystko

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate]
"DllName"="msupdate32.dll"
"Startup"="WinlogonStartupEvent"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n6n6lg5s16.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
@="CorelDRAW Shell Extension Component"
"{70B28949-EC23-4D00-A411-AD8A1B3A8A5A}"="awxDTools - ContextMenu ShellExtension"
"{7A5117B0-B594-4DA8-829D-D15BF11996F2}"="awxDTools - ColumnHandler ShellExtension"
"{D7C3180D-83AA-464B-9154-6BD0B4E34FBD}"="awxDTools - PropertySheetHandler ShellExtension"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
   nvhwvid.dll    Fri  2005-11-11  13:47:00   A....        573 440   560,00 K
   nvapi.dll      Fri  2005-11-11  13:47:00   A....         86 016    84,00 K
   nvoglnt.dll    Fri  2005-11-11  13:47:00   A....      5 394 432     5,14 M
   nvmctray.dll   Fri  2005-11-11  13:47:00   A....         86 016    84,00 K
   nvcpl.dll      Fri  2005-11-11  13:47:00   .....      7 311 360     6,97 M
   nvwddi.dll     Fri  2005-11-11  13:47:00   A....         81 920    80,00 K
   nvnt4cpl.dll   Fri  2005-11-11  13:47:00   A....        286 720   280,00 K
   nvmccs.dll     Fri  2005-11-11  13:47:00   A....        229 376   224,00 K
   nvcodins.dll   Fri  2005-11-11  13:47:00   A....         35 328    34,50 K
   nvcod.dll      Fri  2005-11-11  13:47:00   .....         35 328    34,50 K
   nview.dll      Fri  2005-11-11  13:47:00   A....      1 466 368     1,40 M
   nvshell.dll    Fri  2005-11-11  13:47:00   A....        466 944   456,00 K
   nvwdmcpl.dll   Fri  2005-11-11  13:47:00   A....      1 662 976     1,59 M
   nvwimg.dll     Fri  2005-11-11  13:47:00   A....      1 019 904   996,00 K
   nvmccsrs.dll   Fri  2005-11-11  13:47:00   A....         45 056    44,00 K
   nvrsar.dll     Fri  2005-11-11  13:47:00   A....        319 488   312,00 K
   nvwrsar.dll    Fri  2005-11-11  13:47:00   A....        282 624   276,00 K
   nvrscs.dll     Fri  2005-11-11  13:47:00   A....        241 664   236,00 K
   nvwrscs.dll    Fri  2005-11-11  13:47:00   A....        286 720   280,00 K
   nvrsda.dll     Fri  2005-11-11  13:47:00   A....        245 760   240,00 K
   nvwrsda.dll    Fri  2005-11-11  13:47:00   A....        294 912   288,00 K
   nvrsde.dll     Fri  2005-11-11  13:47:00   A....        270 336   264,00 K
   nvwrsde.dll    Fri  2005-11-11  13:47:00   A....        311 296   304,00 K
   nvrsel.dll     Fri  2005-11-11  13:47:00   A....        274 432   268,00 K
   nvwrsel.dll    Fri  2005-11-11  13:47:00   A....        335 872   328,00 K
   nvrseng.dll    Fri  2005-11-11  13:47:00   A....        241 664   236,00 K
   nvwrseng.dll   Fri  2005-11-11  13:47:00   A....        286 720   280,00 K
   nvrses.dll     Fri  2005-11-11  13:47:00   A....        274 432   268,00 K
   nvwrses.dll    Fri  2005-11-11  13:47:00   A....        335 872   328,00 K
   nvrsesm.dll    Fri  2005-11-11  13:47:00   A....        266 240   260,00 K
   nvwrsesm.dll   Fri  2005-11-11  13:47:00   A....        327 680   320,00 K
   nvrsfi.dll     Fri  2005-11-11  13:47:00   A....        241 664   236,00 K
   nvwrsfi.dll    Fri  2005-11-11  13:47:00   A....        303 104   296,00 K
   nvrsfr.dll     Fri  2005-11-11  13:47:00   A....        278 528   272,00 K
   nvwrsfr.dll    Fri  2005-11-11  13:47:00   A....        327 680   320,00 K
   nvrshe.dll     Fri  2005-11-11  13:47:00   A....        319 488   312,00 K
   nvwrshe.dll    Fri  2005-11-11  13:47:00   A....        278 528   272,00 K
   nvrshu.dll     Fri  2005-11-11  13:47:00   A....        253 952   248,00 K
   nvwrshu.dll    Fri  2005-11-11  13:47:00   A....        315 392   308,00 K
   nvrsit.dll     Fri  2005-11-11  13:47:00   A....        274 432   268,00 K
   nvwrsit.dll    Fri  2005-11-11  13:47:00   A....        323 584   316,00 K
   nvrsja.dll     Fri  2005-11-11  13:47:00   A....        258 048   252,00 K
   nvwrsja.dll    Fri  2005-11-11  13:47:00   A....        212 992   208,00 K
   nvrsko.dll     Fri  2005-11-11  13:47:00   A....        253 952   248,00 K
   nvwrsko.dll    Fri  2005-11-11  13:47:00   A....        196 608   192,00 K
   nvrsnl.dll     Fri  2005-11-11  13:47:00   A....        266 240   260,00 K
   nvwrsnl.dll    Fri  2005-11-11  13:47:00   A....        319 488   312,00 K
   nvrsno.dll     Fri  2005-11-11  13:47:00   A....        249 856   244,00 K
   nvwrsno.dll    Fri  2005-11-11  13:47:00   A....        299 008   292,00 K
   nvrspl.dll     Fri  2005-11-11  13:47:00   A....        249 856   244,00 K
   nvwrspl.dll    Fri  2005-11-11  13:47:00   A....        294 912   288,00 K
   nvrspt.dll     Fri  2005-11-11  13:47:00   A....        266 240   260,00 K
   nvwrspt.dll    Fri  2005-11-11  13:47:00   A....        323 584   316,00 K
   nvrsptb.dll    Fri  2005-11-11  13:47:00   A....        262 144   256,00 K
   nvwrsptb.dll   Fri  2005-11-11  13:47:00   A....        319 488   312,00 K
   nvrsru.dll     Fri  2005-11-11  13:47:00   A....        262 144   256,00 K
   nvwrsru.dll    Fri  2005-11-11  13:47:00   A....        315 392   308,00 K
   nvrssk.dll     Fri  2005-11-11  13:47:00   A....        249 856   244,00 K
   nvwrssk.dll    Fri  2005-11-11  13:47:00   A....        299 008   292,00 K
   nvrssl.dll     Fri  2005-11-11  13:47:00   A....        249 856   244,00 K
   nvwrssl.dll    Fri  2005-11-11  13:47:00   A....        303 104   296,00 K
   nvrssv.dll     Fri  2005-11-11  13:47:00   A....        245 760   240,00 K
   nvwrssv.dll    Fri  2005-11-11  13:47:00   A....        294 912   288,00 K
   nvrstr.dll     Fri  2005-11-11  13:47:00   A....        249 856   244,00 K
   nvwrstr.dll    Fri  2005-11-11  13:47:00   A....        303 104   296,00 K
   nvrszhc.dll    Fri  2005-11-11  13:47:00   A....        217 088   212,00 K
   nvwrszhc.dll   Fri  2005-11-11  13:47:00   A....        163 840   160,00 K
   nvrszht.dll    Fri  2005-11-11  13:47:00   A....        118 784   116,00 K
   nvwrszht.dll   Fri  2005-11-11  13:47:00   A....        167 936   164,00 K
   nv4_disp.dll   Fri  2005-11-11  13:47:00   A....      3 924 992     3,74 M
   msnscps.dll    Mon  2006-01-16  14:00:04   A....         26 328    25,71 K
   zlbw.dll       Sun  2006-01-15   0:48:24   A....         46 592    45,50 K

72 items found:  72 files, 0 directories.
   Total of file sizes:  37 504 216 bytes     35,77 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: 9CFA-93BA

Katalog: C:\WINDOWS\System32

2006-01-15  10:24            10˙022 KGyGaAvL.sys
2006-01-15  10:24                56 817C0CBA77.sys
2005-12-27  20:09    <DIR>          dllcache
               2 plik(˘w)          10˙078 bajt˘w
               1 katalog(˘w)   2˙194˙440˙192 bajt˘w wolnych


[prog]

Ok jadziemy:

>>>>>USUWANIE

Wstęp: Rób WSZYSTKO krok po kroku i CHRONOLIGCZNIE

1. Otworz notatnik i wklej w nim to:

Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability]

Plik>>>Zapisz jako>>>Zmień rozszerzenie na wszystkie pliki>>>Zapisz pod nazwą FIX.REG Plik umieść np. na pulpicie.

2. Start do trybu awaryjnego bez przywracania systemu
3. Usuwasz te wpisy w hijacku:

O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe
O4 - HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)

Jak je usunac?
Przy kazdym podanym przezemnie wpisie masz taki kwadracik. Zaznaczasz go przy wpisach ktore podalem. Nastepnie zjezdzasz na dol i dajesz przycisk Fix Checked
5. Pliki ktore pogrubilem usuwasz recznie ; do kosza i z kosza
6. Odpalasz wczesniej zapisany plik FIX.REG
7. Nowe logi do kontroli

Autor postu otrzymał pochwałę

[Piaskun]

Chyba wszystko ok wcześniej jak tylko połączyłem się z netem to Awasta potrafiła mi wygenerować ok 15 jak nie więcej ostrzeżeń Uwaga znaleziono wirusa uwaga znaleziona wirusa teraz mam neta uruchomionego 10 min i jak na razie nic Dzięki za pomoc Daje jeszcze loga z hjicaktkis i z L2MFix opcja 1

A mam jeszcze putanie nie dało by rady odblokować(pewnie w rejestrze) Alt+Ctr+Del ponieważ jak to naciskam wyskakuje mi że administrator zablokował!
I nie mogłem wejść w tryb awaryjny(bo mi się wieszałe) musiałem tryb awaryjny z obsługą sieci

Pierwszy log hjicaktkis

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 17:38:09, on 2006-01-16
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\eMule\emule.exe
D:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Piotrek.P-MFDDDMZW6IQBR\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: AdsGone.lnk = D:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = D:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D64AE8D8-CACF-4C19-B662-4ADCA04D1897}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



Drugi log z L2MFix opcja 1

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
@="CorelDRAW Shell Extension Component"
"{70B28949-EC23-4D00-A411-AD8A1B3A8A5A}"="awxDTools - ContextMenu ShellExtension"
"{7A5117B0-B594-4DA8-829D-D15BF11996F2}"="awxDTools - ColumnHandler ShellExtension"
"{D7C3180D-83AA-464B-9154-6BD0B4E34FBD}"="awxDTools - PropertySheetHandler ShellExtension"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
nvhwvid.dll Fri 2005-11-11 13:47:00 A.... 573 440 560,00 K
nvapi.dll Fri 2005-11-11 13:47:00 A.... 86 016 84,00 K
nvoglnt.dll Fri 2005-11-11 13:47:00 A.... 5 394 432 5,14 M
nvmctray.dll Fri 2005-11-11 13:47:00 A.... 86 016 84,00 K
nvcpl.dll Fri 2005-11-11 13:47:00 ..... 7 311 360 6,97 M
nvwddi.dll Fri 2005-11-11 13:47:00 A.... 81 920 80,00 K
nvnt4cpl.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K
nvmccs.dll Fri 2005-11-11 13:47:00 A.... 229 376 224,00 K
nvcodins.dll Fri 2005-11-11 13:47:00 A.... 35 328 34,50 K
nvcod.dll Fri 2005-11-11 13:47:00 ..... 35 328 34,50 K
nview.dll Fri 2005-11-11 13:47:00 A.... 1 466 368 1,40 M
nvshell.dll Fri 2005-11-11 13:47:00 A.... 466 944 456,00 K
nvwdmcpl.dll Fri 2005-11-11 13:47:00 A.... 1 662 976 1,59 M
nvwimg.dll Fri 2005-11-11 13:47:00 A.... 1 019 904 996,00 K
nvmccsrs.dll Fri 2005-11-11 13:47:00 A.... 45 056 44,00 K
nvrsar.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K
nvwrsar.dll Fri 2005-11-11 13:47:00 A.... 282 624 276,00 K
nvrscs.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K
nvwrscs.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K
nvrsda.dll Fri 2005-11-11 13:47:00 A.... 245 760 240,00 K
nvwrsda.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K
nvrsde.dll Fri 2005-11-11 13:47:00 A.... 270 336 264,00 K
nvwrsde.dll Fri 2005-11-11 13:47:00 A.... 311 296 304,00 K
nvrsel.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K
nvwrsel.dll Fri 2005-11-11 13:47:00 A.... 335 872 328,00 K
nvrseng.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K
nvwrseng.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K
nvrses.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K
nvwrses.dll Fri 2005-11-11 13:47:00 A.... 335 872 328,00 K
nvrsesm.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K
nvwrsesm.dll Fri 2005-11-11 13:47:00 A.... 327 680 320,00 K
nvrsfi.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K
nvwrsfi.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K
nvrsfr.dll Fri 2005-11-11 13:47:00 A.... 278 528 272,00 K
nvwrsfr.dll Fri 2005-11-11 13:47:00 A.... 327 680 320,00 K
nvrshe.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K
nvwrshe.dll Fri 2005-11-11 13:47:00 A.... 278 528 272,00 K
nvrshu.dll Fri 2005-11-11 13:47:00 A.... 253 952 248,00 K
nvwrshu.dll Fri 2005-11-11 13:47:00 A.... 315 392 308,00 K
nvrsit.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K
nvwrsit.dll Fri 2005-11-11 13:47:00 A.... 323 584 316,00 K
nvrsja.dll Fri 2005-11-11 13:47:00 A.... 258 048 252,00 K
nvwrsja.dll Fri 2005-11-11 13:47:00 A.... 212 992 208,00 K
nvrsko.dll Fri 2005-11-11 13:47:00 A.... 253 952 248,00 K
nvwrsko.dll Fri 2005-11-11 13:47:00 A.... 196 608 192,00 K
nvrsnl.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K
nvwrsnl.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K
nvrsno.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K
nvwrsno.dll Fri 2005-11-11 13:47:00 A.... 299 008 292,00 K
nvrspl.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K
nvwrspl.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K
nvrspt.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K
nvwrspt.dll Fri 2005-11-11 13:47:00 A.... 323 584 316,00 K
nvrsptb.dll Fri 2005-11-11 13:47:00 A.... 262 144 256,00 K
nvwrsptb.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K
nvrsru.dll Fri 2005-11-11 13:47:00 A.... 262 144 256,00 K
nvwrsru.dll Fri 2005-11-11 13:47:00 A.... 315 392 308,00 K
nvrssk.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K
nvwrssk.dll Fri 2005-11-11 13:47:00 A.... 299 008 292,00 K
nvrssl.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K
nvwrssl.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K
nvrssv.dll Fri 2005-11-11 13:47:00 A.... 245 760 240,00 K
nvwrssv.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K
nvrstr.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K
nvwrstr.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K
nvrszhc.dll Fri 2005-11-11 13:47:00 A.... 217 088 212,00 K
nvwrszhc.dll Fri 2005-11-11 13:47:00 A.... 163 840 160,00 K
nvrszht.dll Fri 2005-11-11 13:47:00 A.... 118 784 116,00 K
nvwrszht.dll Fri 2005-11-11 13:47:00 A.... 167 936 164,00 K
nv4_disp.dll Fri 2005-11-11 13:47:00 A.... 3 924 992 3,74 M
msnscps.dll Mon 2006-01-16 14:00:04 A.... 26 328 25,71 K
zlbw.dll Sun 2006-01-15 0:48:24 A.... 46 592 45,50 K

72 items found: 72 files, 0 directories.
Total of file sizes: 37 504 216 bytes 35,77 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: 9CFA-93BA

Katalog: C:\WINDOWS\System32

2006-01-15 10:24 10˙022 KGyGaAvL.sys
2006-01-15 10:24 56 817C0CBA77.sys
2005-12-27 20:09 <DIR> dllcache
2 plik(˘w) 10˙078 bajt˘w
1 katalog(˘w) 2˙193˙952˙768 bajt˘w wolnych

Jeszcze raz wielkie dzięki

[Red]

do usuniecia są jeszcze :

msnscps.dll
zlbw.dll

oraz w hijacku:

O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe

Autor postu otrzymał pochwałę

[Piaskun]

do usuniecia są jeszcze :

msnscps.dll
zlbw.dll

oraz w hijacku:

Cytat:
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe

Usunełem dzięki!
Ale co z tym?
Nie dało by rady odblokować(pewnie w rejestrze) Alt+Ctr+Del ponieważ jak to naciskam wyskakuje mi że administrator zablokował!

I dam jeszcze loga HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 18:56:54, on 2006-01-16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\eMule\emule.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Piotrek.P-MFDDDMZW6IQBR\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: AdsGone.lnk = D:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = D:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D64AE8D8-CACF-4C19-B662-4ADCA04D1897}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[prog]

Nie dało by rady odblokować(pewnie w rejestrze) Alt+Ctr+Del ponieważ jak to naciskam wyskakuje mi że administrator zablokował!

Daj loga z SilentRunners
http://www.silentrunners.org/Silent%20Runners.vbs

Prawo klik >>> zapisz jako

Odpalasz i w nowym okienku dajesz "Nie"
czekasz cierpliwie na wygenerowanie loga

PZDR

[Piaskun]

Ok log z SilentRunners

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"eMuleAutoStart" = "D:\Program Files\eMule\emule.exe -AutoStart" ["http://www.emule-project.net"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"awxDTools" = "rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s" [MS]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"WindowsUpdate" = (value not set)
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"WindowsUpdateNT" = "C:\WINDOWS\System\svwhost.exe /s" [file not found]
"xp_system" = "C:\WINDOWS\inet20001\services.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{70B28949-EC23-4D00-A411-AD8A1B3A8A5A}" = "awxDTools - ContextMenu ShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll" ["arniWORX"]
"{7A5117B0-B594-4DA8-829D-D15BF11996F2}" = "awxDTools - ColumnHandler ShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll" ["arniWORX"]
"{D7C3180D-83AA-464B-9154-6BD0B4E34FBD}" = "awxDTools - PropertySheetHandler ShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll" ["arniWORX"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\AVASTSS.scr" ["ALWIL Software"]


Startup items in "Piotrek" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Piotrek.P-MFDDDMZW6IQBR\Menu Start\Programy\Autostart
"AdsGone" -> shortcut to: "D:\Program Files\AdsGone\adsgone.exe" ["A1Tech, Inc."]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"AdsGone 2004" -> shortcut to: "D:\Program Files\AdsGone\adsgone.exe" ["A1Tech, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\ = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\ = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\ = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{753BBC4B-CC73-4FB8-A5B5-CA09C804C1DD}\
"ButtonText" = "FlashCapture"
"Script" = "res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm" ["Dreamingsoft, Inc."]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
StarWind iSCSI Service, StarWindService, "D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 18 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 17 seconds.
---------- (total run time: 66 seconds)

[Red]

otworz:
http://securityresponse.symantec.com/avcenter/UnHookExec.inf
plik zapisz jako ....na pulpicie>>prawoklik na pliku i nacisnij instaluj

Nastepnie:



otworz notatnik windowsa i wklej do niego ponizszy wpis:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsUpdateNT"=-
"xp_system"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableTaskMgr"=-

nastepnie w notatniku >>Plik - Zapisz jako..., zapisz jako typ: wszystkie pliki, nazwa koniecznie z rozszerzeniem REG np. Fix.reg


Kliknij dwa razy na powstały plik i dodaj go do rejestru ,sprawdz ...

Autor postu otrzymał pochwałę

[Piaskun]

Ok wielkie dzięki mam już Menadżer Zadań Windows

Mam menadżer zadań
Niemam (chyba ) wirusów

Wielkie dzięki za pomoc