Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware Problem - please help[resolved]


  • This topic is locked This topic is locked

#1
Pistons

Pistons

    Member

  • Member
  • PipPip
  • 19 posts
Hello all!
Please help me to get rid of those annoying parasites and popups.
Can anyone take a look on this LOG and tell me what to do next?
Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 10:19:33, on 2005-02-28
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Lhc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\appsetup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yoursearch.ws/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yoursearch.ws/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yoursearch.ws/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yoursearch.ws/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Skrˇt do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKLM\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKLM\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKLM\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKLM\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKLM\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKLM\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKLM\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKLM\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKLM\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKLM\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKLM\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKLM\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKLM\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKLM\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKLM\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKLM\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKLM\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKLM\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKLM\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKLM\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKLM\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKLM\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKLM\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKLM\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKLM\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKLM\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKLM\..\Run: [Lpr] C:\WINDOWS\Gof.exe
O4 - HKLM\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKLM\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKLM\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKLM\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKLM\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKLM\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKLM\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKLM\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKLM\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKLM\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKLM\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKLM\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKLM\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKLM\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKLM\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKLM\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKLM\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKLM\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKLM\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKLM\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKLM\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKLM\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKLM\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKLM\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKLM\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKLM\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKLM\..\Run: [Jov] C:\WINDOWS\Ome.exe
O4 - HKLM\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKLM\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKLM\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKLM\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKLM\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKLM\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKLM\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKLM\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKLM\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKLM\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKLM\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKLM\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKLM\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKLM\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKLM\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKLM\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKLM\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKLM\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKLM\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKLM\..\Run: [Sim] C:\WINDOWS\System32\Eff.exe
O4 - HKLM\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKLM\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKLM\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKLM\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKLM\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKLM\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKLM\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKLM\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKLM\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKLM\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKLM\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKLM\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKLM\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKLM\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKLM\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKLM\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKLM\..\Run: [Tad] C:\WINDOWS\System32\Mhc.exe
O4 - HKLM\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKLM\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKLM\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKLM\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKLM\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKLM\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKLM\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKLM\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKLM\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKLM\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKLM\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKLM\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKLM\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKLM\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKLM\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKLM\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKLM\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKLM\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKLM\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKLM\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKLM\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKLM\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKLM\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKCU\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKCU\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKCU\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKCU\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKCU\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKCU\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKCU\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKCU\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKCU\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKCU\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKCU\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKCU\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKCU\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKCU\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKCU\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKCU\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKCU\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKCU\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKCU\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKCU\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKCU\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKCU\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKCU\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKCU\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKCU\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKCU\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKCU\..\Run: [Lpr] C:\WINDOWS\Gof.exe
O4 - HKCU\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKCU\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKCU\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKCU\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKCU\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKCU\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKCU\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKCU\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKCU\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKCU\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKCU\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKCU\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKCU\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKCU\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKCU\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKCU\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKCU\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKCU\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKCU\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKCU\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKCU\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKCU\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKCU\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKCU\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKCU\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKCU\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKCU\..\Run: [Jov] C:\WINDOWS\Ome.exe
O4 - HKCU\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKCU\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKCU\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKCU\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKCU\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKCU\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKCU\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKCU\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKCU\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKCU\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKCU\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKCU\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKCU\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKCU\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKCU\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKCU\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKCU\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKCU\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKCU\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKCU\..\Run: [Sim] C:\WINDOWS\System32\Eff.exe
O4 - HKCU\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKCU\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKCU\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKCU\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKCU\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKCU\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKCU\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKCU\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKCU\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKCU\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKCU\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKCU\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKCU\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKCU\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKCU\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKCU\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKCU\..\Run: [Tad] C:\WINDOWS\System32\Mhc.exe
O4 - HKCU\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKCU\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKCU\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKCU\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKCU\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKCU\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKCU\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKCU\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKCU\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKCU\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKCU\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKCU\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKCU\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKCU\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKCU\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKCU\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKCU\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKCU\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKCU\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKCU\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKCU\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKCU\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKCU\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - D:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\PROGRA~1\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103734827958
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\m0nq0a55ed.dll
O21 - SSODL: QgRar - {681EE585-C2B4-4F2F-1011-511A7DA57594} - C:\WINDOWS\System32\yn.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
Pistons

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
anyone can take a look?
please...
  • 0

#3
Pistons

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok, I did some cleaning on my own and recived this log now:
Logfile of HijackThis v1.99.1
Scan saved at 18:08:41, on 2005-02-28
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Lhc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yoursearch.ws/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yoursearch.ws/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Skrˇt do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKLM\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKLM\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKLM\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKLM\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKLM\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKLM\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKLM\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKLM\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKLM\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKLM\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKLM\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKLM\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKLM\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKLM\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKLM\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKLM\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKLM\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKLM\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKLM\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKLM\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKLM\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKLM\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKLM\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKLM\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKLM\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKLM\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKLM\..\Run: [Lpr] C:\WINDOWS\Gof.exe
O4 - HKLM\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKLM\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKLM\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKLM\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKLM\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKLM\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKLM\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKLM\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKLM\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKLM\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKLM\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKLM\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKLM\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKLM\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKLM\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKLM\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKLM\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKLM\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKLM\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKLM\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKLM\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKLM\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKLM\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKLM\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKLM\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKLM\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKLM\..\Run: [Jov] C:\WINDOWS\Ome.exe
O4 - HKLM\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKLM\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKLM\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKLM\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKLM\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKLM\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKLM\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKLM\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKLM\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKLM\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKLM\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKLM\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKLM\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKLM\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKLM\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKLM\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKLM\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKLM\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKLM\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKLM\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKLM\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKLM\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKLM\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKLM\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKLM\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKLM\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKLM\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKLM\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKLM\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKLM\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKLM\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKLM\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKLM\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKLM\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKLM\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKLM\..\Run: [Tad] C:\WINDOWS\System32\Mhc.exe
O4 - HKLM\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKLM\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKLM\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKLM\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKLM\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKLM\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKLM\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKLM\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKLM\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKLM\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKLM\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKLM\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKLM\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKLM\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKLM\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKLM\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKLM\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKLM\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKLM\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKLM\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKLM\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKLM\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKLM\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - HKLM\..\Run: [Lhb] C:\WINDOWS\Som.exe
O4 - HKLM\..\Run: [Ode] C:\WINDOWS\System32\Ple.exe
O4 - HKLM\..\Run: [Dcv] C:\WINDOWS\Huf.exe
O4 - HKLM\..\Run: [Hid] C:\WINDOWS\Jja.exe
O4 - HKLM\..\Run: [Fdh] C:\WINDOWS\System32\Djs.exe
O4 - HKLM\..\Run: [Ueo] C:\WINDOWS\Lkm.exe
O4 - HKLM\..\Run: [Hos] C:\WINDOWS\System32\Esq.exe
O4 - HKLM\..\Run: [Tnk] C:\WINDOWS\System32\Aov.exe
O4 - HKLM\..\Run: [Qei] C:\WINDOWS\System32\Cff.exe
O4 - HKLM\..\Run: [Egd] C:\WINDOWS\System32\Trs.exe
O4 - HKLM\..\Run: [Bub] C:\WINDOWS\System32\Udg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKCU\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKCU\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKCU\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKCU\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKCU\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKCU\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKCU\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKCU\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKCU\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKCU\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKCU\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKCU\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKCU\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKCU\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKCU\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKCU\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKCU\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKCU\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKCU\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKCU\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKCU\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKCU\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKCU\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKCU\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKCU\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKCU\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKCU\..\Run: [Lpr] C:\WINDOWS\Gof.exe
O4 - HKCU\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKCU\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKCU\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKCU\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKCU\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKCU\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKCU\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKCU\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKCU\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKCU\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKCU\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKCU\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKCU\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKCU\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKCU\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKCU\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKCU\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKCU\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKCU\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKCU\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKCU\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKCU\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKCU\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKCU\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKCU\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKCU\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKCU\..\Run: [Jov] C:\WINDOWS\Ome.exe
O4 - HKCU\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKCU\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKCU\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKCU\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKCU\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKCU\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKCU\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKCU\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKCU\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKCU\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKCU\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKCU\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKCU\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKCU\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKCU\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKCU\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKCU\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKCU\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKCU\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKCU\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKCU\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKCU\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKCU\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKCU\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKCU\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKCU\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKCU\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKCU\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKCU\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKCU\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKCU\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKCU\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKCU\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKCU\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKCU\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKCU\..\Run: [Tad] C:\WINDOWS\System32\Mhc.exe
O4 - HKCU\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKCU\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKCU\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKCU\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKCU\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKCU\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKCU\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKCU\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKCU\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKCU\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKCU\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKCU\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKCU\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKCU\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKCU\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKCU\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKCU\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKCU\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKCU\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKCU\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKCU\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKCU\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKCU\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - HKCU\..\Run: [Lhb] C:\WINDOWS\Som.exe
O4 - HKCU\..\Run: [Ode] C:\WINDOWS\System32\Ple.exe
O4 - HKCU\..\Run: [Dcv] C:\WINDOWS\Huf.exe
O4 - HKCU\..\Run: [Hid] C:\WINDOWS\Jja.exe
O4 - HKCU\..\Run: [Fdh] C:\WINDOWS\System32\Djs.exe
O4 - HKCU\..\Run: [Ueo] C:\WINDOWS\Lkm.exe
O4 - HKCU\..\Run: [Hos] C:\WINDOWS\System32\Esq.exe
O4 - HKCU\..\Run: [Tnk] C:\WINDOWS\System32\Aov.exe
O4 - HKCU\..\Run: [Qei] C:\WINDOWS\System32\Cff.exe
O4 - HKCU\..\Run: [Egd] C:\WINDOWS\System32\Trs.exe
O4 - HKCU\..\Run: [Bub] C:\WINDOWS\System32\Udg.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - D:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\PROGRA~1\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103734827958
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\q468leju1ho8.dll
O21 - SSODL: QgRar - {681EE585-C2B4-4F2F-1011-511A7DA57594} - C:\WINDOWS\System32\yn.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Can you take a look and tell me what is wrong with it?
Anyone?
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Pistons

Welcome to geekstogo ;)

You need the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Kc :tazz:
  • 0

#5
Pistons

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks ThatMan for your time and help!
This board is my last hope so I hope :tazz:

This is the log:

L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\q468leju1ho8.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CB351729-79E1-4126-96A8-CB55C90CEC1A}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeń NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udostępniania zasob˘w"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeń usˆugi DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeń drukarek"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udostępniania zasob˘w"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadań i menu Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narzędzia administracyjne"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narzędzi programu Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwiększonej"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwiększonej 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narzędzie opcji drzewa rejestru"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodrębnianie obraz˘w Trident"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dostępny"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podręczny ˜ledzenia"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pamięci podręcznej ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodrębniajĄcy miniatury plik˘w"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodrębnianie miniatur HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Foldery w sieci Web"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{71BF6E14-951E-4EAE-AAE0-4AEEFFDC1235}"=""
"{934AF93A-07C7-4010-A33E-66765E028946}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{71BF6E14-951E-4EAE-AAE0-4AEEFFDC1235}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71BF6E14-951E-4EAE-AAE0-4AEEFFDC1235}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71BF6E14-951E-4EAE-AAE0-4AEEFFDC1235}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71BF6E14-951E-4EAE-AAE0-4AEEFFDC1235}\InprocServer32]
@="C:\\WINDOWS\\system32\\wxcsapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{934AF93A-07C7-4010-A33E-66765E028946}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{934AF93A-07C7-4010-A33E-66765E028946}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{934AF93A-07C7-4010-A33E-66765E028946}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{934AF93A-07C7-4010-A33E-66765E028946}\InprocServer32]
@="C:\\WINDOWS\\system32\\qidwipes.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
cmdlin~1.dll Thu 2005-01-13 17:12:28 A.... 43 520 42,50 K
dsmana~1.dll Sun 2005-02-27 23:19:58 A.... 26 112 25,50 K
enj4l1~1.dll Mon 2005-02-28 18:04:52 ..S.R 231 710 226,28 K
gpn2l3~1.dll Mon 2005-02-28 17:56:16 ..S.R 230 299 224,90 K
j66m0g~1.dll Mon 2005-02-28 16:00:16 ..S.R 230 465 225,06 K
pncrt.dll Fri 2004-12-24 0:14:40 A.... 278 528 272,00 K
pndx5016.dll Fri 2004-12-24 0:14:40 A.... 6 656 6,50 K
pndx5032.dll Fri 2004-12-24 0:14:40 A.... 5 632 5,50 K
q468le~1.dll Mon 2005-02-28 10:06:40 ..S.R 230 299 224,90 K
qidwipes.dll Mon 2005-02-28 18:04:52 ..S.R 230 299 224,90 K
rmoc3260.dll Fri 2004-12-24 0:14:44 A.... 176 167 172,04 K
s32evnt1.dll Mon 2004-12-20 18:58:18 A.... 83 664 81,70 K
skaner~1.dll Thu 2005-02-17 14:02:30 A.... 983 040 960,00 K
symneti.dll Fri 2005-01-21 22:31:54 A.... 513 752 501,71 K
symredir.dll Fri 2005-01-21 22:31:52 A.... 141 016 137,71 K
vsdata.dll Wed 2005-01-26 4:22:16 A.... 75 536 73,77 K
vsinit.dll Wed 2005-01-26 4:22:28 A.... 124 688 121,77 K
vsmonapi.dll Wed 2005-01-26 4:22:36 A.... 108 312 105,77 K
vspubapi.dll Wed 2005-01-26 4:22:40 A.... 198 424 193,77 K
vsregexp.dll Wed 2005-01-26 4:22:44 A.... 71 448 69,77 K
vsutil.dll Wed 2005-01-26 4:22:56 A.... 354 064 345,77 K
vsxml.dll Wed 2005-01-26 4:23:04 A.... 100 112 97,77 K
zlcomm.dll Wed 2005-01-26 4:23:24 A.... 75 536 73,77 K
zlcommdb.dll Wed 2005-01-26 4:23:28 A.... 67 352 65,77 K

24 items found: 24 files (5 H/S), 0 directories.
Total of file sizes: 4 586 631 bytes 4,37 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: 681E-E584

Katalog: C:\WINDOWS\System32

2005-02-28 18:04 230˙299 qidwipes.dll
2005-02-28 18:04 231˙710 enj4l11q1.dll
2005-02-28 17:56 230˙299 gpn2l35o1.dll
2005-02-28 16:00 230˙465 j66m0gj1e6o.dll
2005-02-28 10:06 230˙299 q468leju1ho8.dll
2005-01-09 12:35 <DIR> dllcache
2004-12-22 17:48 <DIR> Microsoft
5 plik(˘w) 1˙153˙072 bajt˘w
2 katalog(˘w) 30˙328˙127˙488 bajt˘w wolnych


Let me know what now?
Best regards
Pistons
  • 0

#6
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Pistons

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Kc :tazz:

Credit: Shadowwar, OSC
  • 0

#7
Pistons

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi ThatMan!

Thanks for helping me.
This is the LOG i got:

L2Mfix 1.02b

Running From:
C:\Documents and Settings\Matrix\Pulpit\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-NI) ALLOW Full access BUILTIN\Administratorzy
(ID-IO) ALLOW Full access BUILTIN\Administratorzy
(ID-NI) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access TWŕRCA-WťAŚCICIEL



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C access for really "Everyone"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Wszyscy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-NI) ALLOW Full access BUILTIN\Administratorzy
(ID-IO) ALLOW Full access BUILTIN\Administratorzy
(ID-NI) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access TWŕRCA-WťAŚCICIEL



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Matrix\Pulpit\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Matrix\Pulpit\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 312 'explorer.exe'
Killing PID 312 'explorer.exe'
Killing PID 312 'explorer.exe'
Killing PID 312 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1836 'rundll32.exe'
Killing PID 668 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\enj4l11q1.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\gpn2l35o1.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\ilsecsnp.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\j66m0gj1e6o.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\qidwipes.dll
Liczba skopiowanych plik˘w: 1.
deleting: C:\WINDOWS\system32\enj4l11q1.dll
Successfully Deleted: C:\WINDOWS\system32\enj4l11q1.dll
deleting: C:\WINDOWS\system32\gpn2l35o1.dll
Successfully Deleted: C:\WINDOWS\system32\gpn2l35o1.dll
deleting: C:\WINDOWS\system32\ilsecsnp.dll
Successfully Deleted: C:\WINDOWS\system32\ilsecsnp.dll
deleting: C:\WINDOWS\system32\j66m0gj1e6o.dll
Successfully Deleted: C:\WINDOWS\system32\j66m0gj1e6o.dll
deleting: C:\WINDOWS\system32\qidwipes.dll
Successfully Deleted: C:\WINDOWS\system32\qidwipes.dll

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: enj4l11q1.dll (164 bytes security) (deflated 5%)
adding: gpn2l35o1.dll (164 bytes security) (deflated 5%)
adding: ilsecsnp.dll (164 bytes security) (deflated 5%)
adding: j66m0gj1e6o.dll (164 bytes security) (deflated 5%)
adding: qidwipes.dll (164 bytes security) (deflated 5%)
adding: clear.reg (164 bytes security) (deflated 37%)
adding: echo.reg (164 bytes security) (deflated 9%)
adding: desktop.ini (164 bytes security) (deflated 14%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 76%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 65%)
adding: test.txt (164 bytes security) (deflated 60%)
adding: test2.txt (164 bytes security) (deflated 17%)
adding: test3.txt (164 bytes security) (deflated 17%)
adding: test5.txt (164 bytes security) (deflated 17%)
adding: xfind.txt (164 bytes security) (deflated 53%)
adding: backregs/71BF6E14-951E-4EAE-AAE0-4AEEFFDC1235.reg (164 bytes security) (deflated 70%)
adding: backregs/934AF93A-07C7-4010-A33E-66765E028946.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for really "Everyone"


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-NI) ALLOW Full access BUILTIN\Administratorzy
(ID-IO) ALLOW Full access BUILTIN\Administratorzy
(ID-NI) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access TWŕRCA-WťAŚCICIEL


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

deleting local copy: enj4l11q1.dll
deleting local copy: gpn2l35o1.dll
deleting local copy: ilsecsnp.dll
deleting local copy: j66m0gj1e6o.dll
deleting local copy: qidwipes.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\enj4l11q1.dll
C:\WINDOWS\system32\gpn2l35o1.dll
C:\WINDOWS\system32\ilsecsnp.dll
C:\WINDOWS\system32\j66m0gj1e6o.dll
C:\WINDOWS\system32\qidwipes.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{71BF6E14-951E-4EAE-AAE0-4AEEFFDC1235}"=-
"{934AF93A-07C7-4010-A33E-66765E028946}"=-
[-HKEY_CLASSES_ROOT\CLSID\{71BF6E14-951E-4EAE-AAE0-4AEEFFDC1235}]
[-HKEY_CLASSES_ROOT\CLSID\{934AF93A-07C7-4010-A33E-66765E028946}]
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CB351729-79E1-4126-96A8-CB55C90CEC1A}"=-
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{CB351729-79E1-4126-96A8-CB55C90CEC1A}</IDone>
<IDtwo>VT00</IDtwo>
<VERSION>200</VERSION>
****************************************************************************



Best regards
Pistons
  • 0

#8
Pistons

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
any new tips?
  • 0

#9
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Pistons

I need a new HijackThis.Log from you as stated in my last post

Kc :tazz:
  • 0

#10
Pistons

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hi Pistons

I need a new HijackThis.Log from you  as stated in my last post

Kc  :tazz:

View Post


Hi ThatMan!
There is no any single word about HiJackThis.Log in your last post ;)
Anyway here it comes :thumbsup:
Thank you for helping me!

Logfile of HijackThis v1.99.1
Scan saved at 11:12:46, on 2005-03-01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\Hqs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\hjt\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yoursearch.ws/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yoursearch.ws/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Skrˇt do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKLM\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKLM\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKLM\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKLM\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKLM\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKLM\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKLM\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKLM\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKLM\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKLM\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKLM\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKLM\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKLM\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKLM\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKLM\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKLM\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKLM\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKLM\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKLM\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKLM\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKLM\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKLM\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKLM\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKLM\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKLM\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKLM\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKLM\..\Run: [Lpr] C:\WINDOWS\Gof.exe
O4 - HKLM\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKLM\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKLM\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKLM\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKLM\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKLM\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKLM\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKLM\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKLM\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKLM\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKLM\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKLM\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKLM\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKLM\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKLM\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKLM\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKLM\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKLM\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKLM\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKLM\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKLM\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKLM\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKLM\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKLM\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKLM\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKLM\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKLM\..\Run: [Jov] C:\WINDOWS\Ome.exe
O4 - HKLM\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKLM\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKLM\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKLM\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKLM\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKLM\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKLM\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKLM\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKLM\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKLM\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKLM\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKLM\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKLM\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKLM\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKLM\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKLM\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKLM\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKLM\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKLM\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKLM\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKLM\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKLM\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKLM\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKLM\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKLM\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKLM\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKLM\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKLM\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKLM\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKLM\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKLM\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKLM\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKLM\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKLM\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKLM\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKLM\..\Run: [Tad] C:\WINDOWS\System32\Mhc.exe
O4 - HKLM\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKLM\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKLM\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKLM\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKLM\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKLM\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKLM\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKLM\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKLM\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKLM\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKLM\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKLM\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKLM\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKLM\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKLM\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKLM\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKLM\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKLM\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKLM\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKLM\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKLM\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKLM\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKLM\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - HKLM\..\Run: [Lhb] C:\WINDOWS\Som.exe
O4 - HKLM\..\Run: [Ode] C:\WINDOWS\System32\Ple.exe
O4 - HKLM\..\Run: [Dcv] C:\WINDOWS\Huf.exe
O4 - HKLM\..\Run: [Hid] C:\WINDOWS\Jja.exe
O4 - HKLM\..\Run: [Fdh] C:\WINDOWS\System32\Djs.exe
O4 - HKLM\..\Run: [Ueo] C:\WINDOWS\Lkm.exe
O4 - HKLM\..\Run: [Hos] C:\WINDOWS\System32\Esq.exe
O4 - HKLM\..\Run: [Tnk] C:\WINDOWS\System32\Aov.exe
O4 - HKLM\..\Run: [Qei] C:\WINDOWS\System32\Cff.exe
O4 - HKLM\..\Run: [Egd] C:\WINDOWS\System32\Trs.exe
O4 - HKLM\..\Run: [Bub] C:\WINDOWS\System32\Udg.exe
O4 - HKLM\..\Run: [Qht] C:\WINDOWS\Gcc.exe
O4 - HKLM\..\Run: [Ose] C:\WINDOWS\System32\Ghg.exe
O4 - HKLM\..\Run: [Gpq] C:\WINDOWS\System32\Jbv.exe
O4 - HKLM\..\Run: [Gns] C:\WINDOWS\Ibk.exe
O4 - HKLM\..\Run: [Smt] C:\WINDOWS\Fqs.exe
O4 - HKLM\..\Run: [Esg] C:\WINDOWS\System32\Fms.exe
O4 - HKLM\..\Run: [Sca] C:\WINDOWS\System32\Sbq.exe
O4 - HKLM\..\Run: [Ges] C:\WINDOWS\Gqb.exe
O4 - HKLM\..\Run: [Pff] C:\WINDOWS\Klb.exe
O4 - HKLM\..\Run: [Dqr] C:\WINDOWS\Tas.exe
O4 - HKLM\..\Run: [Hel] C:\WINDOWS\System32\Fge.exe
O4 - HKLM\..\Run: [Vra] C:\WINDOWS\Ajf.exe
O4 - HKLM\..\Run: [Ovu] C:\WINDOWS\System32\Aue.exe
O4 - HKLM\..\Run: [Mts] C:\WINDOWS\System32\Nfa.exe
O4 - HKLM\..\Run: [Dgo] C:\WINDOWS\System32\Rkq.exe
O4 - HKLM\..\Run: [Qts] C:\WINDOWS\System32\Jti.exe
O4 - HKLM\..\Run: [Pdh] C:\WINDOWS\Lvv.exe
O4 - HKLM\..\Run: [Fup] C:\WINDOWS\Rci.exe
O4 - HKLM\..\Run: [Lkt] C:\WINDOWS\Aqi.exe
O4 - HKLM\..\Run: [Abc] C:\WINDOWS\Kio.exe
O4 - HKLM\..\Run: [Vcb] C:\WINDOWS\System32\Ouv.exe
O4 - HKLM\..\Run: [Hde] C:\WINDOWS\System32\Oad.exe
O4 - HKLM\..\Run: [Ils] C:\WINDOWS\Afj.exe
O4 - HKLM\..\Run: [Lgu] C:\WINDOWS\System32\Jut.exe
O4 - HKLM\..\Run: [Huj] C:\WINDOWS\Gsn.exe
O4 - HKLM\..\Run: [Pfd] C:\WINDOWS\System32\Gij.exe
O4 - HKLM\..\Run: [Rjf] C:\WINDOWS\System32\Oon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKCU\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKCU\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKCU\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKCU\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKCU\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKCU\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKCU\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKCU\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKCU\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKCU\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKCU\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKCU\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKCU\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKCU\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKCU\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKCU\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKCU\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKCU\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKCU\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKCU\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKCU\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKCU\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKCU\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKCU\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKCU\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKCU\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKCU\..\Run: [Lpr] C:\WINDOWS\Gof.exe
O4 - HKCU\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKCU\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKCU\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKCU\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKCU\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKCU\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKCU\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKCU\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKCU\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKCU\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKCU\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKCU\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKCU\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKCU\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKCU\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKCU\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKCU\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKCU\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKCU\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKCU\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKCU\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKCU\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKCU\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKCU\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKCU\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKCU\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKCU\..\Run: [Jov] C:\WINDOWS\Ome.exe
O4 - HKCU\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKCU\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKCU\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKCU\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKCU\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKCU\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKCU\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKCU\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKCU\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKCU\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKCU\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKCU\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKCU\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKCU\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKCU\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKCU\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKCU\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKCU\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKCU\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKCU\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKCU\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKCU\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKCU\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKCU\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKCU\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKCU\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKCU\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKCU\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKCU\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKCU\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKCU\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKCU\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKCU\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKCU\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKCU\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKCU\..\Run: [Tad] C:\WINDOWS\System32\Mhc.exe
O4 - HKCU\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKCU\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKCU\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKCU\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKCU\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKCU\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKCU\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKCU\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKCU\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKCU\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKCU\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKCU\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKCU\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKCU\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKCU\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKCU\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKCU\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKCU\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKCU\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKCU\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKCU\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKCU\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKCU\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - HKCU\..\Run: [Lhb] C:\WINDOWS\Som.exe
O4 - HKCU\..\Run: [Ode] C:\WINDOWS\System32\Ple.exe
O4 - HKCU\..\Run: [Dcv] C:\WINDOWS\Huf.exe
O4 - HKCU\..\Run: [Hid] C:\WINDOWS\Jja.exe
O4 - HKCU\..\Run: [Fdh] C:\WINDOWS\System32\Djs.exe
O4 - HKCU\..\Run: [Ueo] C:\WINDOWS\Lkm.exe
O4 - HKCU\..\Run: [Hos] C:\WINDOWS\System32\Esq.exe
O4 - HKCU\..\Run: [Tnk] C:\WINDOWS\System32\Aov.exe
O4 - HKCU\..\Run: [Qei] C:\WINDOWS\System32\Cff.exe
O4 - HKCU\..\Run: [Egd] C:\WINDOWS\System32\Trs.exe
O4 - HKCU\..\Run: [Bub] C:\WINDOWS\System32\Udg.exe
O4 - HKCU\..\Run: [Qht] C:\WINDOWS\Gcc.exe
O4 - HKCU\..\Run: [Ose] C:\WINDOWS\System32\Ghg.exe
O4 - HKCU\..\Run: [Gpq] C:\WINDOWS\System32\Jbv.exe
O4 - HKCU\..\Run: [Gns] C:\WINDOWS\Ibk.exe
O4 - HKCU\..\Run: [Smt] C:\WINDOWS\Fqs.exe
O4 - HKCU\..\Run: [Esg] C:\WINDOWS\System32\Fms.exe
O4 - HKCU\..\Run: [Sca] C:\WINDOWS\System32\Sbq.exe
O4 - HKCU\..\Run: [Ges] C:\WINDOWS\Gqb.exe
O4 - HKCU\..\Run: [Pff] C:\WINDOWS\Klb.exe
O4 - HKCU\..\Run: [Dqr] C:\WINDOWS\Tas.exe
O4 - HKCU\..\Run: [Hel] C:\WINDOWS\System32\Fge.exe
O4 - HKCU\..\Run: [Vra] C:\WINDOWS\Ajf.exe
O4 - HKCU\..\Run: [Ovu] C:\WINDOWS\System32\Aue.exe
O4 - HKCU\..\Run: [Mts] C:\WINDOWS\System32\Nfa.exe
O4 - HKCU\..\Run: [Dgo] C:\WINDOWS\System32\Rkq.exe
O4 - HKCU\..\Run: [Qts] C:\WINDOWS\System32\Jti.exe
O4 - HKCU\..\Run: [Pdh] C:\WINDOWS\Lvv.exe
O4 - HKCU\..\Run: [Fup] C:\WINDOWS\Rci.exe
O4 - HKCU\..\Run: [Lkt] C:\WINDOWS\Aqi.exe
O4 - HKCU\..\Run: [Abc] C:\WINDOWS\Kio.exe
O4 - HKCU\..\Run: [Vcb] C:\WINDOWS\System32\Ouv.exe
O4 - HKCU\..\Run: [Hde] C:\WINDOWS\System32\Oad.exe
O4 - HKCU\..\Run: [Ils] C:\WINDOWS\Afj.exe
O4 - HKCU\..\Run: [Lgu] C:\WINDOWS\System32\Jut.exe
O4 - HKCU\..\Run: [Huj] C:\WINDOWS\Gsn.exe
O4 - HKCU\..\Run: [Pfd] C:\WINDOWS\System32\Gij.exe
O4 - HKCU\..\Run: [Rjf] C:\WINDOWS\System32\Oon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - D:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\PROGRA~1\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103734827958
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.co...kanerOnline.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...432/mcfscan.cab
O21 - SSODL: QgRar - {681EE585-C2B4-4F2F-1011-511A7DA57594} - C:\WINDOWS\System32\yn.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#11
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Pistons

From the xxxxxx folder on your desktop, double click xxxxxx and select option xx for Run Fix by typing x and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

Kc :tazz:
  • 0

#12
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Pistons

We need to do a rerun.

Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Kc :tazz:
  • 0

#13
Pistons

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi ThatMan!

Here is the new log:

L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeń NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udostępniania zasob˘w"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeń usˆugi DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeń drukarek"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udostępniania zasob˘w"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadań i menu Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narzędzia administracyjne"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narzędzi programu Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwiększonej"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwiększonej 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narzędzie opcji drzewa rejestru"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodrębnianie obraz˘w Trident"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dostępny"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podręczny ˜ledzenia"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pamięci podręcznej ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodrębniajĄcy miniatury plik˘w"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodrębnianie miniatur HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Foldery w sieci Web"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
cmdlin~1.dll Thu 2005-01-13 17:12:28 A.... 43 520 42,50 K
dsmana~1.dll Sun 2005-02-27 23:19:58 A.... 26 112 25,50 K
pncrt.dll Fri 2004-12-24 0:14:40 A.... 278 528 272,00 K
pndx5016.dll Fri 2004-12-24 0:14:40 A.... 6 656 6,50 K
pndx5032.dll Fri 2004-12-24 0:14:40 A.... 5 632 5,50 K
rmoc3260.dll Fri 2004-12-24 0:14:44 A.... 176 167 172,04 K
s32evnt1.dll Mon 2004-12-20 18:58:18 A.... 83 664 81,70 K
skaner~1.dll Thu 2005-02-17 14:02:30 A.... 983 040 960,00 K
symneti.dll Fri 2005-01-21 22:31:54 A.... 513 752 501,71 K
symredir.dll Fri 2005-01-21 22:31:52 A.... 141 016 137,71 K
vsdata.dll Wed 2005-01-26 4:22:16 A.... 75 536 73,77 K
vsinit.dll Wed 2005-01-26 4:22:28 A.... 124 688 121,77 K
vsmonapi.dll Wed 2005-01-26 4:22:36 A.... 108 312 105,77 K
vspubapi.dll Wed 2005-01-26 4:22:40 A.... 198 424 193,77 K
vsregexp.dll Wed 2005-01-26 4:22:44 A.... 71 448 69,77 K
vsutil.dll Wed 2005-01-26 4:22:56 A.... 354 064 345,77 K
vsxml.dll Wed 2005-01-26 4:23:04 A.... 100 112 97,77 K
zlcomm.dll Wed 2005-01-26 4:23:24 A.... 75 536 73,77 K
zlcommdb.dll Wed 2005-01-26 4:23:28 A.... 67 352 65,77 K

19 items found: 19 files, 0 directories.
Total of file sizes: 3 433 559 bytes 3,27 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: 681E-E584

Katalog: C:\WINDOWS\System32

2005-01-09 12:35 <DIR> dllcache
2004-12-22 17:48 <DIR> Microsoft
0 plik(˘w) 0 bajt˘w
2 katalog(˘w) 29˙753˙229˙312 bajt˘w wolnych
  • 0

#14
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Pistons

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Kc :tazz:

Credit: Shadowwar, OSC
  • 0

#15
Pistons

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi ThatMan!
here it goes master!

L2Mfix 1.02b

Running From:
C:\Documents and Settings\Matrix\Pulpit\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-NI) ALLOW Full access BUILTIN\Administratorzy
(ID-IO) ALLOW Full access BUILTIN\Administratorzy
(ID-NI) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access TWŕRCA-WťAŚCICIEL



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C access for really "Everyone"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Wszyscy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-NI) ALLOW Full access BUILTIN\Administratorzy
(ID-IO) ALLOW Full access BUILTIN\Administratorzy
(ID-NI) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access TWŕRCA-WťAŚCICIEL



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Matrix\Pulpit\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Matrix\Pulpit\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 392 'explorer.exe'
Killing PID 392 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 740 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
updating: clear.reg (164 bytes security) (deflated 2%)
updating: echo.reg (164 bytes security) (deflated 9%)
updating: direct.txt (164 bytes security) (stored 0%)
updating: lo2.txt (164 bytes security) (deflated 72%)
updating: readme.txt (164 bytes security) (deflated 49%)
updating: report.txt (164 bytes security) (deflated 63%)
updating: test.txt (164 bytes security) (stored 0%)
updating: test2.txt (164 bytes security) (stored 0%)
updating: test3.txt (164 bytes security) (stored 0%)
updating: test5.txt (164 bytes security) (stored 0%)
adding: log.txt (164 bytes security) (deflated 79%)
updating: backregs/71BF6E14-951E-4EAE-AAE0-4AEEFFDC1235.reg (164 bytes security) (deflated 70%)
updating: backregs/934AF93A-07C7-4010-A33E-66765E028946.reg (164 bytes security) (deflated 70%)
updating: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for really "Everyone"


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-NI) ALLOW Full access BUILTIN\Administratorzy
(ID-IO) ALLOW Full access BUILTIN\Administratorzy
(ID-NI) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access ZARZĄDZANIE NT\SYSTEM
(ID-IO) ALLOW Full access TWŕRCA-WťAŚCICIEL


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************













*************************************************
HiJackThis LOG
************************************************

Logfile of HijackThis v1.99.1
Scan saved at 14:14:13, on 2005-03-01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\Hqs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yoursearch.ws/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yoursearch.ws/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Skrˇt do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKLM\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKLM\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKLM\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKLM\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKLM\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKLM\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKLM\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKLM\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKLM\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKLM\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKLM\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKLM\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKLM\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKLM\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKLM\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKLM\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKLM\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKLM\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKLM\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKLM\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKLM\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKLM\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKLM\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKLM\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKLM\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKLM\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKLM\..\Run: [Lpr] C:\WINDOWS\Gof.exe
O4 - HKLM\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKLM\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKLM\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKLM\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKLM\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKLM\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKLM\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKLM\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKLM\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKLM\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKLM\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKLM\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKLM\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKLM\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKLM\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKLM\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKLM\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKLM\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKLM\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKLM\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKLM\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKLM\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKLM\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKLM\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKLM\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKLM\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKLM\..\Run: [Jov] C:\WINDOWS\System32\Ihu.exe
O4 - HKLM\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKLM\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKLM\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKLM\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKLM\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKLM\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKLM\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKLM\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKLM\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKLM\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKLM\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKLM\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKLM\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKLM\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKLM\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKLM\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKLM\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKLM\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKLM\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKLM\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKLM\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKLM\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKLM\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKLM\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKLM\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKLM\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKLM\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKLM\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKLM\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKLM\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKLM\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKLM\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKLM\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKLM\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKLM\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKLM\..\Run: [Tad] C:\WINDOWS\System32\Mhc.exe
O4 - HKLM\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKLM\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKLM\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKLM\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKLM\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKLM\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKLM\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKLM\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKLM\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKLM\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKLM\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKLM\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKLM\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKLM\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKLM\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKLM\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKLM\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKLM\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKLM\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKLM\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKLM\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKLM\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKLM\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - HKLM\..\Run: [Lhb] C:\WINDOWS\Som.exe
O4 - HKLM\..\Run: [Ode] C:\WINDOWS\System32\Ple.exe
O4 - HKLM\..\Run: [Dcv] C:\WINDOWS\Huf.exe
O4 - HKLM\..\Run: [Hid] C:\WINDOWS\Jja.exe
O4 - HKLM\..\Run: [Fdh] C:\WINDOWS\System32\Djs.exe
O4 - HKLM\..\Run: [Ueo] C:\WINDOWS\Lkm.exe
O4 - HKLM\..\Run: [Hos] C:\WINDOWS\System32\Esq.exe
O4 - HKLM\..\Run: [Tnk] C:\WINDOWS\System32\Aov.exe
O4 - HKLM\..\Run: [Qei] C:\WINDOWS\System32\Cff.exe
O4 - HKLM\..\Run: [Egd] C:\WINDOWS\System32\Trs.exe
O4 - HKLM\..\Run: [Bub] C:\WINDOWS\System32\Udg.exe
O4 - HKLM\..\Run: [Qht] C:\WINDOWS\Gcc.exe
O4 - HKLM\..\Run: [Ose] C:\WINDOWS\System32\Ghg.exe
O4 - HKLM\..\Run: [Gpq] C:\WINDOWS\System32\Jbv.exe
O4 - HKLM\..\Run: [Gns] C:\WINDOWS\Ibk.exe
O4 - HKLM\..\Run: [Smt] C:\WINDOWS\Fqs.exe
O4 - HKLM\..\Run: [Esg] C:\WINDOWS\System32\Fms.exe
O4 - HKLM\..\Run: [Sca] C:\WINDOWS\System32\Sbq.exe
O4 - HKLM\..\Run: [Ges] C:\WINDOWS\Gqb.exe
O4 - HKLM\..\Run: [Pff] C:\WINDOWS\Klb.exe
O4 - HKLM\..\Run: [Dqr] C:\WINDOWS\Tas.exe
O4 - HKLM\..\Run: [Hel] C:\WINDOWS\System32\Fge.exe
O4 - HKLM\..\Run: [Vra] C:\WINDOWS\Ajf.exe
O4 - HKLM\..\Run: [Ovu] C:\WINDOWS\System32\Aue.exe
O4 - HKLM\..\Run: [Mts] C:\WINDOWS\System32\Nfa.exe
O4 - HKLM\..\Run: [Dgo] C:\WINDOWS\System32\Rkq.exe
O4 - HKLM\..\Run: [Qts] C:\WINDOWS\System32\Jti.exe
O4 - HKLM\..\Run: [Pdh] C:\WINDOWS\Lvv.exe
O4 - HKLM\..\Run: [Fup] C:\WINDOWS\Rci.exe
O4 - HKLM\..\Run: [Lkt] C:\WINDOWS\Aqi.exe
O4 - HKLM\..\Run: [Abc] C:\WINDOWS\Kio.exe
O4 - HKLM\..\Run: [Vcb] C:\WINDOWS\System32\Ouv.exe
O4 - HKLM\..\Run: [Hde] C:\WINDOWS\System32\Oad.exe
O4 - HKLM\..\Run: [Ils] C:\WINDOWS\Afj.exe
O4 - HKLM\..\Run: [Lgu] C:\WINDOWS\System32\Jut.exe
O4 - HKLM\..\Run: [Huj] C:\WINDOWS\Gsn.exe
O4 - HKLM\..\Run: [Pfd] C:\WINDOWS\System32\Gij.exe
O4 - HKLM\..\Run: [Rjf] C:\WINDOWS\System32\Oon.exe
O4 - HKLM\..\Run: [Fme] C:\WINDOWS\System32\Kdm.exe
O4 - HKLM\..\Run: [Ugg] C:\WINDOWS\Uag.exe
O4 - HKLM\..\Run: [Qfj] C:\WINDOWS\System32\Tfa.exe
O4 - HKLM\..\Run: [Bbr] C:\WINDOWS\System32\Nje.exe
O4 - HKLM\..\Run: [Kdp] C:\WINDOWS\System32\Qks.exe
O4 - HKLM\..\Run: [Bnp] C:\WINDOWS\System32\Bau.exe
O4 - HKLM\..\Run: [Mdg] C:\WINDOWS\Kpf.exe
O4 - HKLM\..\Run: [Vbc] C:\WINDOWS\System32\Pmc.exe
O4 - HKLM\..\Run: [Gqg] C:\WINDOWS\System32\Vrn.exe
O4 - HKLM\..\Run: [Gjv] C:\WINDOWS\Oap.exe
O4 - HKLM\..\Run: [Ikd] C:\WINDOWS\Djc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKCU\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKCU\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKCU\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKCU\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKCU\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKCU\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKCU\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKCU\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKCU\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKCU\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKCU\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKCU\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKCU\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKCU\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKCU\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKCU\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKCU\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKCU\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKCU\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKCU\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKCU\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKCU\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKCU\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKCU\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKCU\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKCU\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKCU\..\Run: [Lpr] C:\WINDOWS\Gof.exe
O4 - HKCU\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKCU\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKCU\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKCU\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKCU\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKCU\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKCU\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKCU\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKCU\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKCU\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKCU\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKCU\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKCU\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKCU\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKCU\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKCU\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKCU\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKCU\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKCU\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKCU\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKCU\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKCU\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKCU\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKCU\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKCU\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKCU\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKCU\..\Run: [Jov] C:\WINDOWS\System32\Ihu.exe
O4 - HKCU\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKCU\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKCU\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKCU\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKCU\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKCU\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKCU\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKCU\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKCU\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKCU\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKCU\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKCU\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKCU\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKCU\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKCU\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKCU\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKCU\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKCU\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKCU\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKCU\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKCU\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKCU\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKCU\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKCU\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKCU\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKCU\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKCU\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKCU\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKCU\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKCU\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKCU\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKCU\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKCU\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKCU\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKCU\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKCU\..\Run: [Tad] C:\WINDOWS\System32\Mhc.exe
O4 - HKCU\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKCU\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKCU\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKCU\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKCU\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKCU\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKCU\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKCU\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKCU\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKCU\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKCU\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKCU\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKCU\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKCU\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKCU\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKCU\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKCU\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKCU\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKCU\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKCU\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKCU\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKCU\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKCU\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - HKCU\..\Run: [Lhb] C:\WINDOWS\Som.exe
O4 - HKCU\..\Run: [Ode] C:\WINDOWS\System32\Ple.exe
O4 - HKCU\..\Run: [Dcv] C:\WINDOWS\Huf.exe
O4 - HKCU\..\Run: [Hid] C:\WINDOWS\Jja.exe
O4 - HKCU\..\Run: [Fdh] C:\WINDOWS\System32\Djs.exe
O4 - HKCU\..\Run: [Ueo] C:\WINDOWS\Lkm.exe
O4 - HKCU\..\Run: [Hos] C:\WINDOWS\System32\Esq.exe
O4 - HKCU\..\Run: [Tnk] C:\WINDOWS\System32\Aov.exe
O4 - HKCU\..\Run: [Qei] C:\WINDOWS\System32\Cff.exe
O4 - HKCU\..\Run: [Egd] C:\WINDOWS\System32\Trs.exe
O4 - HKCU\..\Run: [Bub] C:\WINDOWS\System32\Udg.exe
O4 - HKCU\..\Run: [Qht] C:\WINDOWS\Gcc.exe
O4 - HKCU\..\Run: [Ose] C:\WINDOWS\System32\Ghg.exe
O4 - HKCU\..\Run: [Gpq] C:\WINDOWS\System32\Jbv.exe
O4 - HKCU\..\Run: [Gns] C:\WINDOWS\Ibk.exe
O4 - HKCU\..\Run: [Smt] C:\WINDOWS\Fqs.exe
O4 - HKCU\..\Run: [Esg] C:\WINDOWS\System32\Fms.exe
O4 - HKCU\..\Run: [Sca] C:\WINDOWS\System32\Sbq.exe
O4 - HKCU\..\Run: [Ges] C:\WINDOWS\Gqb.exe
O4 - HKCU\..\Run: [Pff] C:\WINDOWS\Klb.exe
O4 - HKCU\..\Run: [Dqr] C:\WINDOWS\Tas.exe
O4 - HKCU\..\Run: [Hel] C:\WINDOWS\System32\Fge.exe
O4 - HKCU\..\Run: [Vra] C:\WINDOWS\Ajf.exe
O4 - HKCU\..\Run: [Ovu] C:\WINDOWS\System32\Aue.exe
O4 - HKCU\..\Run: [Mts] C:\WINDOWS\System32\Nfa.exe
O4 - HKCU\..\Run: [Dgo] C:\WINDOWS\System32\Rkq.exe
O4 - HKCU\..\Run: [Qts] C:\WINDOWS\System32\Jti.exe
O4 - HKCU\..\Run: [Pdh] C:\WINDOWS\Lvv.exe
O4 - HKCU\..\Run: [Fup] C:\WINDOWS\Rci.exe
O4 - HKCU\..\Run: [Lkt] C:\WINDOWS\Aqi.exe
O4 - HKCU\..\Run: [Abc] C:\WINDOWS\Kio.exe
O4 - HKCU\..\Run: [Vcb] C:\WINDOWS\System32\Ouv.exe
O4 - HKCU\..\Run: [Hde] C:\WINDOWS\System32\Oad.exe
O4 - HKCU\..\Run: [Ils] C:\WINDOWS\Afj.exe
O4 - HKCU\..\Run: [Lgu] C:\WINDOWS\System32\Jut.exe
O4 - HKCU\..\Run: [Huj] C:\WINDOWS\Gsn.exe
O4 - HKCU\..\Run: [Pfd] C:\WINDOWS\System32\Gij.exe
O4 - HKCU\..\Run: [Rjf] C:\WINDOWS\System32\Oon.exe
O4 - HKCU\..\Run: [Fme] C:\WINDOWS\System32\Kdm.exe
O4 - HKCU\..\Run: [Ugg] C:\WINDOWS\Uag.exe
O4 - HKCU\..\Run: [Qfj] C:\WINDOWS\System32\Tfa.exe
O4 - HKCU\..\Run: [Bbr] C:\WINDOWS\System32\Nje.exe
O4 - HKCU\..\Run: [Kdp] C:\WINDOWS\System32\Qks.exe
O4 - HKCU\..\Run: [Bnp] C:\WINDOWS\System32\Bau.exe
O4 - HKCU\..\Run: [Mdg] C:\WINDOWS\Kpf.exe
O4 - HKCU\..\Run: [Vbc] C:\WINDOWS\System32\Pmc.exe
O4 - HKCU\..\Run: [Gqg] C:\WINDOWS\System32\Vrn.exe
O4 - HKCU\..\Run: [Gjv] C:\WINDOWS\Oap.exe
O4 - HKCU\..\Run: [Ikd] C:\WINDOWS\Djc.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - D:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\PROGRA~1\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103734827958
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.co...kanerOnline.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...432/mcfscan.cab
O21 - SSODL: QgRar - {681EE585-C2B4-4F2F-1011-511A7DA57594} - C:\WINDOWS\System32\yn.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Please tell me what now.
Best regards
Pistons
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP