juz chyba nie trzeba nic robic bo to badziewie juz nie wyskakuje :D:D:D dzieki bobi :D:D:D

Otwierasz notatnik i wklejasz do niego:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5F824966–689A–DEEB–0E40–35A1F4238863}"=–

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{5E2121EE–0300–11D4–8D3B–444553540000}"=–
"{1FABC9A7–B578–4BC8–9FB3–40A077070E24}"=–
"{AF620A0A–833E–457D–B4BA–E76F9F8A7FBE}"=–
"{AB00C789–BEB9–478F–9222–3EA427133645}"=–

[–HKEY_CLASSES_ROOT\CLSID\{1FABC9A7–B578–4BC8–9FB3–40A077070E24}]
[–HKEY_CLASSES_ROOT\CLSID\{AF620A0A–833E–457D–B4BA–E76F9F8A7FBE}]
[–HKEY_CLASSES_ROOT\CLSID\{AB00C789–BEB9–478F–9222–3EA427133645}]
[–HKEY_CLASSES_ROOT\CLSID\{5E2121EE–0300–11D4–8D3B–444553540000}]

Zapisujesz jako fix.reg

Te wszystkie pliki wyglądają na takie co to do usunięcia sa,

C:\WINDOWS\SYSTEM32\
ajtiveds.dll Sat 2005–11–05 13:32:02 ..S.R 236 871 231,32 K
aza2l1~1.dll Sat 2005–11–05 20:18:22 ..S.R 234 181 228,69 K
(...)
2005–10–29 11:40 Microsoft
2001–10–26 18:29 162782 nlsmon.exe
2001–10–26 18:29 69716 winsecurity.exe

Wg schematu napisz sobie skrypcik, ktorego wykonasz w konsoli odzyskiwania.
Tego rega dodasz zaraz po tym w normalnym trybie.

oto log z tego programu :



L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"



"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 – Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999–2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY ––C––––––– BUILTIN\Administratorzy
(NI) ALLOW Full access ZARZDZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–NI) ALLOW Read BUILTIN\Uytkownicy
(ID–IO) ALLOW Read BUILTIN\Uytkownicy
(ID–NI) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–IO) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–NI) ALLOW Full access BUILTIN\Administratorzy
(ID–IO) ALLOW Full access BUILTIN\Administratorzy
(ID–NI) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access TWRCA–WACICIEL


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5F824966–689A–DEEB–0E40–35A1F4238863}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613–0000–0000–C000–000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego"
"{176d6597–26d3–11d1–b350–080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40–9550–11CE–99D2–00AA006E086C}"="Strona zabezpiecze NTFS"
"{3EA48300–8CF6–101B–84FB–666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile"
"{40dd6e20–7c17–11ce–a804–00aa003ca9f6}"="Rozszerzenia powˆoki dla udostpniania zasobw"
"{41E300E0–78B6–11ce–849B–444553540000}"="PlusPack CPL Extension"
"{42071712–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania"
"{42071714–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania"
"{4E40F770–369C–11d0–8922–00A024AB2DBB}"="Strona zabezpiecze usˆugi DS"
"{513D916F–2A8E–4F51–AEAB–0CBC76FB1AF8}"="Strona zgodno˜ci"
"{56117100–C0CD–101B–81E2–00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki"
"{59099400–57FF–11CE–BD94–0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990–f85c–11ce–aff7–00aa003ca9f6}"="Rozszerzenia powˆoki dla obiektw Microsoft Windows Network"
"{5DB2625A–54DF–11D0–B6C4–0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E–4C4D–11D0–B6C1–0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1–F219–11ce–972D–00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plikw"
"{77597368–7b15–11d0–a0c2–080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web"
"{7988B573–EC89–11cf–9C00–00AA00A14F56}"="Disk Quota UI"
"{853FE2B1–B769–11d0–9C4E–00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920–42A0–1069–A2E4–08002B30309D}"="Aktwka"
"{88895560–9AA2–1069–930E–00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380–8CA2–1069–AB1D–08000948F534}"="Fonts"
"{DBCE2480–C732–101B–BE72–BA78E9AD5B27}"="Profil ICC"
"{F37C5810–4D3F–11d0–B4BF–00AA00BBB723}"="Strona zabezpiecze drukarek"
"{f81e9010–6ea4–11ce–a7ff–00aa003ca9f6}"="Rozszerzenia powˆoki dla udostpniania zasobw"
"{f92e8c40–3d33–11d2–b1aa–080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717–39BF–11D1–8CD9–00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719–39BF–11D1–8CD9–00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7–3202–11D1–AAD2–00805FC1270E}"="PoˆĄczenia sieciowe"
"{992CFFA0–F557–101A–88EC–00DD010CCC48}"="PoˆĄczenia sieciowe"
"{E211B736–43FD–11D1–9EFB–0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A–6C50–11D1–9F1D–0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa–acd6–11d2–8080–00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603–1008–4f6e–A73A–04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3–b28a–4919–a5aa–73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790–D56E–4445–850E–4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514–6C5E–4d60–8F16–D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5–953B–11CF–8C96–00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skryptw systemu Windows"
"{2206CDB2–19C1–11D1–89E0–00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0–9EEF–11cf–8D8E–00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90–9EDD–11cf–8D8E–00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990–4C6A–11CF–8D87–00AA0060F5BF}"="Zaplanowane zadania"
"{0DF44EAA–FF21–4412–828E–260A8728E7F1}"="Pasek zada i menu Start"
"{2559a1f0–21d7–11d4–bdaf–00c04f60b9f0}"="Wyszukaj"
"{2559a1f1–21d7–11d4–bdaf–00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f2–21d7–11d4–bdaf–00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f3–21d7–11d4–bdaf–00c04f60b9f0}"="Uruchom..."
"{2559a1f4–21d7–11d4–bdaf–00c04f60b9f0}"="Internet"
"{2559a1f5–21d7–11d4–bdaf–00c04f60b9f0}"="E–mail"
"{D20EA4E1–3957–11d2–A40B–0C5020524152}"="Czcionki"
"{D20EA4E1–3957–11d2–A40B–0C5020524153}"="Narzdzia administracyjne"
"{875CB1A1–0F29–45de–A1AE–CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757–D6E4–4b49–BB41–0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D–D390–480b–92FD–7DDB47101D71}"="Wav Properties Handler"
"{87D62D94–71B3–4b9a–9489–5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45–6E44–43f9–8644–08598F5A74D9}"="Midi Properties Handler"
"{c5a40261–cd64–4ccf–84cb–c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780–7743–11CF–A12B–00AA004AE837}"="Pasek narzdzi programu Microsoft Internet"
"{22BF0C20–6DA7–11D0–B373–00A0C9034938}"="Stan pobierania"
"{91EA3F8B–C99B–11d0–9815–00C04FD91972}"="Folder powˆoki zwikszonej"
"{6413BA2C–B461–11d1–A18A–080036B11A03}"="Folder powˆoki zwikszonej 2"
"{F61FFEC1–754F–11d0–80CA–00AA005B4383}"="BandProxy"
"{7BA4C742–9E81–11CF–99D3–00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401–6A81–11d0–8274–00C04FD5AE38}"="Pasek wyszukiwania"
"{32683183–48a0–441b–a342–7c2a440a9478}"="Pasek multimediw"
"{169A0691–8DF9–11d1–A1C4–00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131–AF23–11d1–9111–00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510–F982–11d0–8595–00AA004CD6D8}"="Narzdzie opcji drzewa rejestru"
"{01E04581–4EEE–11d0–BFE9–00AA005B4383}"="&Adres"
"{A08C11D2–A228–11d0–825B–00AA005B4383}"="Pole edycji adresu"
"{00BB2763–6A77–11D0–A535–00C04FD7D062}"="Autouzupeˆnianie Microsoft"
"{7376D660–C583–11d0–A3A5–00C04FD706EC}"="Wyodrbnianie obrazw Trident"
"{6756A641–DE71–11d0–831B–00AA005B4383}"="Lista autouzupeˆniania MRU"
"{6935DB93–21E8–4ccc–BEB9–9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU"
"{7e653215–fa25–46bd–a339–34a2790f3cb7}"="Dostpny"
"{acf35015–526e–4230–9596–becbe19f0ac9}"="Pasek podrczny ˜ledzenia"
"{E0E11A09–5CB8–4B6C–8332–E00720A168F2}"="Analizator paska adresu"
"{00BB2764–6A77–11D0–A535–00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft"
"{03C036F1–A186–11D0–824A–00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft"
"{00BB2765–6A77–11D0–A535–00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft"
"{ECD4FC4E–521C–11D0–B792–00A0C90312E1}"="Menu witryny paska powˆoki"
"{3CCF8A41–5C85–11d0–9796–00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C–521C–11D0–B792–00A0C90312E1}"="Pasek pulpitu powˆoki"
"{ECD4FC4D–521C–11D0–B792–00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04–FEFF–11d1–8ECD–0000F87A470C}"="Pomoc dla uytkownika"
"{EF8AD2D1–AE36–11D1–B2D2–006097DF8C11}"="Globalne ustawienia folderw"
"{EFA24E61–B078–11d0–89E4–00C04FC9E26E}"="Favorites Band"
"{0A89A860–D7B1–11CE–8350–444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40–E76A–11CE–A9BB–00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A–8849–11D1–9D8C–00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40–E3F0–101B–8488–00AA003E56F8}"="InternetShortcut"
"{3C374A40–BAE4–11CF–BF7D–00AA006946EE}"="Microsoft Url History Service"
"{FF393560–C2A7–11CF–BFF4–444553540000}"="Historia"
"{7BD29E00–76C1–11CF–9DD0–00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01–76C1–11CF–9DD0–00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00–17A6–11D0–99CB–00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40–CC59–11d0–A3A5–00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0–CCEF–11d0–8024–00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951–7F78–11D0–A979–00C04FD705A2}"="ISFBand OC"
"{3DC7A020–0ACD–11CF–A9BB–00AA004AE837}"="Internet"
"{871C5380–42A0–1069–A2EA–08002B30309D}"="Internet Name Space"
"{EFA24E64–B078–11d0–89E4–00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60–C50F–11CF–9A2C–00A0C90A90CE}"="Sendmail service"
"{9E56BE61–C50F–11CF–9A2C–00A0C90A90CE}"="Sendmail service"
"{88C6C381–2E85–11D0–94DE–444553540000}"="Folder pamici podrcznej ActiveX"
"{E6FB5E20–DE35–11CF–9C87–00AA005127ED}"="WebCheck"
"{ABBE31D0–6DAE–11D0–BECA–00C04FD940BE}"="Subscription Mgr"
"{F5175861–2688–11d0–9C5E–00AA00A45957}"="Folder subskrypcji"
"{08165EA0–E946–11CF–9C87–00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6–ABCE–11d0–BC4B–00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0–6B4E–11d0–92DB–00A0C90C2BD7}"="TrayAgent"
"{7D559C10–9FE9–11d0–93F7–00AA0059CE02}"="Code Download Agent"
"{E6CC6978–6B6E–11D0–BECA–00C04FD940BE}"="ConnectionAgent"
"{D8BD2030–6FC9–11D0–864F–00AA006809D9}"="PostAgent"
"{7FC0B86E–5FA7–11d1–BC7C–00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7–8B9A–11D1–B8AE–006008059382}"="Meneder aplikacji powˆoki"
"{0B124F8F–91F0–11D1–B8B5–006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0–A282–11D1–9082–006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c–1d6a–45f6–b725–cb260c236066}"="Shell Image Verbs"
"{66e4e4fb–f385–4dd0–8d74–a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968–480A–4C6C–862D–EFC0897BB84B}"="GDI+program wyodrbniajĄcy miniatury plikw"
"{9DBD2C50–62AD–11d0–B806–00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)"
"{EAB841A0–9550–11cf–8C16–00805F1408F3}"="Wyodrbnianie miniatur HTML"
"{eb9b1153–3b57–4e68–959a–a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB–43F6–46c5–9619–51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8–751a–4579–a266–d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c–76a5–4b6c–bf21–45de9cd503a1}"="Obiekt powˆoki kreatora publikacji"
"{58f1f272–9240–4f51–b6d4–fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport"
"{7A9D77BD–5403–11d2–8785–2E0420524153}"="Konta uytkownikw"
"{BD472F60–27FA–11cf–B8B4–444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60–FC0A–11CF–8F0F–00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0–9cc8–11d0–a599–00c04fd64433}"="Plik kanaˆu"
"{f3aa0dc0–9cc8–11d0–a599–00c04fd64434}"="Skrt kanaˆu"
"{f3ba0dc0–9cc8–11d0–a599–00c04fd64435}"="Obiekt obsˆugi kanaˆu"
"{f3da0dc0–9cc8–11d0–a599–00c04fd64437}"="Channel Menu"
"{f3ea0dc0–9cc8–11d0–a599–00c04fd64438}"="Channel Properties"
"{63da6ec0–2e98–11cf–8d82–444553540000}"="FTP Folders Webview"
"{883373C3–BF89–11D1–BE35–080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE–901A–4739–A481–E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210–FD1F–4B19–91DA–67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC–4362–4A12–850B–86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57–2567–4A2C–B881–F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC–BBB3–4D9B–B177–82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E–31C2–11d0–891C–00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0–6E0F–11d2–9601–00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20–2ABC–11d0–88F0–00A024AB2DBB}"="Directory Object Find"
"{F020E586–5264–11d1–A532–0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530–764B–11d0–A1CA–00AA00C16E65}"="Directory Property UI"
"{62AE1F9A–126A–11D0–A14B–0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33–103D–11d2–854D–006008059367}"="MyDocs Copy Hook"
"{ECF03A32–103D–11d2–854D–006008059367}"="MyDocs Drop Target"
"{4a7ded0a–ad25–11d0–98a8–0800361b1103}"="MyDocs Properties"
"{750fdf0e–2a26–11d1–a3ea–080036587f03}"="Offline Files Menu"
"{10CFC467–4392–11d2–8DB4–00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70–2A4C–11d2–9039–00C04F8EEB3E}"="Folder plikw trybu offline"
"{143A62C8–C33B–11D1–84FE–00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543–45CC–11CE–B9BF–0080C87CDBA6}"="DfsShell"
"{60fd46de–f830–4894–a628–6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8–8005–11D2–BCF8–00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0–9F37–11CE–AE65–08002B2E1262}"=".CAB file viewer"
"{32714800–2E5F–11d0–8B85–00AA0044F941}"="&Do osb..."
"{8DD448E6–C188–4aed–AF92–44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1–02AE–4a5f–A6E9–D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F–E9DC–4e68–9D7E–42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949–8F65–4355–8456–263E7C208A5D}"="Eksplorator pulpitw"
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}"="Desktop Explorer Menu"
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}"="WinRAR shell extension"
"{5E2121EE–0300–11D4–8D3B–444553540000}"="st"
"{1FABC9A7–B578–4BC8–9FB3–40A077070E24}"=""
"{AF620A0A–833E–457D–B4BA–E76F9F8A7FBE}"=""
"{AB00C789–BEB9–478F–9222–3EA427133645}"=""
"{F0CB00CD–5A07–4D91–97F5–A8C92CDA93E4}"="Shell Extensions for RealOne Player"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1FABC9A7–B578–4BC8–9FB3–40A077070E24}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{1FABC9A7–B578–4BC8–9FB3–40A077070E24}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FABC9A7–B578–4BC8–9FB3–40A077070E24}\Implemented Categories\{00021492–0000–0000–C000–000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FABC9A7–B578–4BC8–9FB3–40A077070E24}\InprocServer32]
@="C:\\WINDOWS\\system32\\MJCUIA32.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AF620A0A–833E–457D–B4BA–E76F9F8A7FBE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF620A0A–833E–457D–B4BA–E76F9F8A7FBE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF620A0A–833E–457D–B4BA–E76F9F8A7FBE}\Implemented Categories\{00021492–0000–0000–C000–000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF620A0A–833E–457D–B4BA–E76F9F8A7FBE}\InprocServer32]
@="C:\\WINDOWS\\system32\\bRtmeter.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AB00C789–BEB9–478F–9222–3EA427133645}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AB00C789–BEB9–478F–9222–3EA427133645}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AB00C789–BEB9–478F–9222–3EA427133645}\Implemented Categories\{00021492–0000–0000–C000–000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AB00C789–BEB9–478F–9222–3EA427133645}\InprocServer32]
@="C:\\WINDOWS\\system32\\vhoy.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
ajtiveds.dll Sat 2005–11–05 13:32:02 ..S.R 236 871 231,32 K
aza2l1~1.dll Sat 2005–11–05 20:18:22 ..S.R 234 181 228,69 K
brtmeter.dll Sun 2005–11–06 13:44:04 ..S.R 235 859 230,33 K
duquery.dll Sat 2005–11–05 22:01:16 ..S.R 234 181 228,69 K
dytaclen.dll Sun 2005–11–06 8:03:10 ..S.R 234 181 228,69 K
dzsetup.dll Fri 2005–11–04 18:08:22 ..S.R 235 883 230,35 K
e4jm0e~1.dll Sat 2005–11–05 13:13:38 ..S.R 233 797 228,32 K
en42l1~1.dll Sat 2005–11–05 13:32:02 ..S.R 233 868 228,39 K
eysvc.dll Fri 2005–11–11 20:36:54 ..S.R 235 029 229,52 K
gp20l3~1.dll Sat 2005–11–05 13:55:22 ..S.R 236 871 231,32 K
hrl005~1.dll Fri 2005–11–04 15:09:08 ..S.R 236 250 230,71 K
hrpu05~1.dll Sun 2005–11–06 8:25:02 ..... 235 156 229,64 K
i4lo0e~1.dll Sat 2005–11–05 15:39:32 ..S.R 236 871 231,32 K
icagx7.dll Sat 2005–11–05 12:31:56 ..S.R 235 883 230,35 K
iptteh~1.dll Mon 2005–10–31 8:47:40 A.... 6 656 6,50 K
irrml5~1.dll Sun 2005–11–06 13:44:08 ..S.R 236 457 230,91 K
iyetcfg.dll Sat 2005–11–05 8:55:00 ..S.R 235 883 230,35 K
iysrecst.dll Tue 2005–11–08 18:13:02 ..S.R 235 029 229,52 K
jtl007~1.dll Sat 2005–11–05 12:32:00 ..S.R 236 856 231,30 K
k0jsla~1.dll Sat 2005–11–05 21:45:08 ..S.R 234 732 229,23 K
kgdsp.dll Sat 2005–11–05 13:34:22 ..S.R 236 871 231,32 K
kmdusx.dll Sat 2005–11–05 10:22:30 ..S.R 235 883 230,35 K
lncmgr10.dll Sat 2005–11–12 10:01:56 ..S.R 235 029 229,52 K
mexbde40.dll Sun 2005–11–06 12:50:26 ..S.R 234 181 228,69 K
mqmtapi.dll Thu 2005–11–10 12:28:50 ..S.R 235 029 229,52 K
mv8ml9~1.dll Sat 2005–11–05 13:32:12 ..S.R 234 170 228,68 K
mwc42loc.dll Mon 2005–11–07 11:21:26 ..S.R 235 029 229,52 K
neinstnt.dll Fri 2005–11–04 22:56:08 ..S.R 237 136 231,58 K
njrsar.dll Mon 2005–11–07 13:18:30 ..S.R 235 029 229,52 K
nlrszhc.dll Tue 2005–11–08 17:23:58 ..S.R 235 029 229,52 K
nptshell.dll Tue 2005–11–08 21:02:30 ..S.R 235 029 229,52 K
nttapi32.dll Sun 2005–11–06 8:25:02 ..S.R 234 181 228,69 K
nzmctray.dll Thu 2005–11–10 16:59:58 ..S.R 235 029 229,52 K
ozbccr32.dll Fri 2005–11–04 15:55:14 ..S.R 235 883 230,35 K
p6p6lg~1.dll Sat 2005–11–05 17:02:10 ..S.R 235 952 230,42 K
plh.dll Sat 2005–11–05 13:30:08 ..S.R 236 871 231,32 K
ps.dll Mon 2005–11–07 7:51:06 ..S.R 235 029 229,52 K
px.dll Wed 2005–09–14 20:17:44 ..... 462 848 452,00 K
pxdrv.dll Wed 2005–09–14 20:17:44 ..... 319 488 312,00 K
pxmas.dll Wed 2005–09–14 20:17:44 ..... 143 360 140,00 K
pxwave.dll Wed 2005–09–14 20:17:44 ..... 286 720 280,00 K
qfartz.dll Fri 2005–11–11 19:04:16 ..S.R 235 029 229,52 K
s2rs0c~1.dll Fri 2005–11–04 23:13:08 ..S.R 237 136 231,58 K
sclunirl.dll Wed 2005–11–09 14:13:26 ..S.R 235 029 229,52 K
sfc_os.dll Thu 2005–11–03 8:17:32 A.... 133 120 130,00 K
szgtab.dll Sun 2005–11–06 11:20:32 ..S.R 235 770 230,24 K
tlpmib.dll Mon 2005–11–07 15:15:52 ..S.R 235 029 229,52 K
vhoy.dll Sun 2005–11–06 15:14:42 ..S.R 235 029 229,52 K
vxblock.dll Wed 2005–09–14 20:17:44 ..... 28 672 28,00 K
vzs_ps.dll Sat 2005–11–05 21:53:16 ..S.R 234 181 228,69 K
wtecedit.dll Sun 2005–11–06 9:08:54 ..S.R 235 156 229,64 K
wttdecod.dll Sun 2005–11–06 11:08:50 ..S.R 234 181 228,69 K
wzpshell.dll Sat 2005–11–05 13:13:36 ..S.R 236 871 231,32 K

53 items found: 53 files (45 H/S), 0 directories.
Total of file sizes: 12 209 473 bytes 11,64 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Sun 2005–11–06 21:35:14 ..S.R 235 029 229,52 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 235 029 bytes 229,52 K
**********************************************************************************
Directory Listing of system files:
Wolumin w stacji C to WINDOWS
Numer seryjny woluminu: A4A7–CB01

Katalog: C:\WINDOWS\System32

2005–11–12 10:01 235029 lncmgr10.dll
2005–11–11 20:36 235029 eysvc.dll
2005–11–11 19:04 235029 qfartz.dll
2005–11–10 16:59 235029 nzmctray.dll
2005–11–10 12:28 235029 mqmtapi.dll
2005–11–09 14:13 235029 sclunirl.dll
2005–11–08 21:02 235029 nptshell.dll
2005–11–08 18:13 235029 iYsrecst.dll
2005–11–08 17:23 235029 nlrszhc.dll
2005–11–07 15:15 235029 tlpmib.dll
2005–11–07 13:18 235029 njrsar.dll
2005–11–07 11:21 235029 mwc42loc.dll
2005–11–07 07:51 235029 ps.dll
2005–11–06 21:35 235029 guard.tmp
2005–11–06 15:14 235029 vhoy.dll
2005–11–06 13:44 236457 irrml5911.dll
2005–11–06 13:44 235859 bRtmeter.dll
2005–11–06 12:50 234181 mexbde40.dll
2005–11–06 11:20 235770 szgtab.dll
2005–11–06 11:08 234181 wttdecod.dll
2005–11–06 09:08 235156 wtecedit.dll
2005–11–06 08:25 234181 nttapi32.dll
2005–11–06 08:03 234181 dYtaclen.dll
2005–11–05 22:01 234181 duquery.dll
2005–11–05 21:53 234181 vzs_ps.dll
2005–11–05 21:45 234732 k0jsla171d.dll
2005–11–05 20:18 234181 aza2l1ho1.dll
2005–11–05 17:02 235952 p6p6lg7s16.dll
2005–11–05 15:39 236871 i4lo0e33eh.dll
2005–11–05 13:55 236871 gp20l3fm1.dll
2005–11–05 13:34 236871 kgdsp.dll
2005–11–05 13:32 234170 mv8ml9l11.dll
2005–11–05 13:32 236871 ajtiveds.dll
2005–11–05 13:32 233868 en42l1ho1.dll
2005–11–05 13:30 236871 plh.dll
2005–11–05 13:13 233797 e4jm0e11eh.dll
2005–11–05 13:13 236871 wzpshell.dll
2005–11–05 12:31 236856 jtl0073me.dll
2005–11–05 12:31 235883 IcagX7.dll
2005–11–05 10:22 235883 kmdusx.dll
2005–11–05 08:54 235883 iyetcfg.dll
2005–11–04 23:13 237136 s2rs0c97ef.dll
2005–11–04 22:56 237136 neinstnt.dll
2005–11–04 18:08 235883 dzsetup.dll
2005–11–04 15:55 235883 ozbccr32.dll
2005–11–04 15:52 dllcache
2005–11–04 15:09 236250 hrl0053me.dll
2005–10–29 11:40 Microsoft
2001–10–26 18:29 162782 nlsmon.exe
2001–10–26 18:29 69716 winsecurity.exe
48 plik(w) 11060980 bajtw
2 katalog(w) 3899609088 bajtw wolnych

Badziew nadal sobie siedzi:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"1" = "C:\WINDOWS\System32\service\explorer.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{1FABC9A7–B578–4BC8–9FB3–40A077070E24}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\MJCUIA32.DLL" [file not found]
"{AF620A0A–833E–457D–B4BA–E76F9F8A7FBE}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\bRtmeter.dll" [null data]
"{AB00C789–BEB9–478F–9222–3EA427133645}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\vhoy.dll" [null data]

Sciągnij sobie L2MFix w moźliwie najnowszej wersji i zapodaj log z opcji 1.
Wyłacz przywracanie systemu.

strony dalej wyskakuja :D co dalej poczac ?

oto log z silenta po usunieciu piodanych przez ciebie kluczy:


"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"


Startup items buried in registry:
–––––––––––––––––––––––––––––––––

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"1" = "C:\WINDOWS\System32\service\explorer.exe" [null data]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "D:\Programy\Spybot – Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"Gadu–Gadu" = ""D:\Programy\Gadu–Gadu\gg.exe" /tray" ["Gadu–Gadu Sp. z oo"]
"Winamp Control" = "D:\Program Files\control winamp\WCtrl.exe" ["Krzysztof Mortka / kRk Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"Disc Detector" = "C:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
"zBrowser Launcher" = "D:\Programy\Logitech\iTouch\iTouch.exe" ["Logitech Inc. "]
"EM_EXEC" = "D:\Programy\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "]
"SunJavaUpdateSched" = "D:\Programy\Java\bin\jusched.exe" ["Sun Microsystems, Inc."]
"NetPanel" = ""D:\Programy\NetPanel\Starter.exe" /path="D:\Programy\NetPanel"" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QuickTime Task" = ""C:\WINDOWS\system32\qttask.exe" –atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Eksplorator pulpitów"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]
"{1FABC9A7–B578–4BC8–9FB3–40A077070E24}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\MJCUIA32.DLL" [file not found]
"{AF620A0A–833E–457D–B4BA–E76F9F8A7FBE}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\bRtmeter.dll" [null data]
"{AB00C789–BEB9–478F–9222–3EA427133645}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\vhoy.dll" [null data]
"{F0CB00CD–5A07–4D91–97F5–A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
–> {CLSID}\InProcServer32\(Default) = "F:\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]


Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Enabled Screen Saver:
–––––––––––––––––––––

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "GAZORMISTRZ" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"22M WLAN Adapter" –> shortcut to: "D:\Programy\wlan\WLANMON.exe" [empty string]


Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05


Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB–F487–11D5–8D29–0050BA6940E3}" = "FlashGet Bar"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\FlashGet\fgiebar.dll" ["Amaze Soft"]

"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0005–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\Java\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]

{D6E814A0–E0C5–11D4–8D29–0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "D:\Programy\FlashGet\flashget.exe" ["Amaze Soft"]


Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.exe" ["Creative Technology Ltd"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]


Keyboard Driver Filters:
––––––––––––––––––––––––

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B–E325–11CE–BFC1–08002BE10318}\
"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech"]


––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 34 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 20 seconds.
–––––––––– (total run time: 93 seconds)

W tym temacie: http://forum.centrumxp.pl/viewtopic.php?p=250485 napisałem Ci juz co naleźy usnąc.
Sciągnij sbie Pocket Killbox, powklejaj ścieźki do tych plików z zaznaczonym "delete on reboot".
Restart wykonaj dopiero po wklejeniu i potwierdzeniu usunięcia wszystkich plików.
Nie wykluczone, źe od tamtego czasu pliki mogły się rozmnozyć i pozamieniać nazwy.

te wpisy nie maja nic wspolengo z wyskakiwaniem stron yyy cos tam i popup cos tam sam je instalowalem control winamp to pasek w trayu do kontroli winampem a net panel to monitor sieci od gemiusa :D

ktore wpisy beda odpowiadac za te strony i co zrobic zeby sie nie wlaczaly:D a wlaczaja sie takie :
http://www.jamster.com/s/jiw/html/affiliate/om/us/buy_this_real_tone/index.htm?tduid=fc6df9c0ada002bc9dee35d763
http://www.spotresults.com/cgi–bin/search.cgi?keywords=small+home+based+business+opportunity#250580&ID={5F824966–689A–DEEB–0E40–35A1F4238863}
http://www.shop–savings.com/normal/yyy102.html
http://www.free–savings.com/normal/yyy102.html
http://www.starware.com/2.0.0.0/landing/weather/weather_01.php?banner=w0001&aff_id=weatherazoogle
http://a.as–us.falkag.net/dat/dlv/aslframe.html?dat=121913&kid=0&xl=0&yl=0&mod=111
http://www214.paypopup.com/links.php?data=rSe_2%2F%FE%2B%2B%277%7C%2F.%2B%24S%5C77sX%5CfZUKj_%FEq_ZcY%3B%7B%2B1–0%F3lcY%3B%FE%29–%260%23%2B1%294&serverfile=popdirect&id=BundleWare&subid=23782&tid=1131293746&clater=&m=50&o=1&c=1&a=32767&q=6&s=%3C%3D&ah=10&al=0&l=english&campaign=&rurl=&defurl=
http://www.accoona.com/?utm_id=300060&utm_source=tkc&utm_medium=redir&utm_campaign=tkc0905
http://www.deal–nation.com/normal/yyy102.html
http://www211.paypopup.com/links.php?data=rSe_2%2F%FE%2B%2B%277%7D%2A–%27%24S%5C77sX%5CfZUKj_%FEq_ZcY%3B%7B%2B1–0%F3lcY%3B%FE%29–%260%23%2C%2C%280&serverfile=popdirect&id=BundleWare&subid=23782&tid=1131294232&clater=&m=50&o=1&c=1&a=32767&q=6&s=%3C%3D&ah=10&al=0&l=english&campaign=&rurl=&defurl=

co zrobic ??

Ja bym zwrócił uwage na te wpisy:

D:\Programy\NetPanel\NetPanel.exe

O4 – HKLM\..\Run: [NetPanel] "D:\Programy\NetPanel\Starter.exe" /path="D:\Programy\NetPanel"

O4 – HKCU\..\Run: [Winamp Control] D:\Program Files\control winamp\WCtrl.exe