prosze o rutynowe sprawdzenie loga

[Mr Yo]

Kod: Zaznacz wszystko

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesJavajre1.5.0_06injusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesLexmark 4300 Seriesezprint.exe
C:Program FilesCommon FilesAheadlibNMBgMonitor.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesiPodiniPodService.exe
C:WINDOWSSystem32lxcecoms.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesSpikSpik.exe
F:Program FilesFastStone CaptureFSCapture.exe
C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe
C:Documents and SettingsMAUstawienia lokalneTempKatalog tymczasowy 1 dla hijackthis.zipHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.the-exit.com/search
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.the-exit.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www/the-exit.com/search
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.the-exit.com/search
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchURL = http://www.the-exit.com/search
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.the-exit.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.the-exit.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.the-exit.com/search
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.the-exit.com/search
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.the-exit.com/search
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.the-exit.com/search
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,(Default) = http://www.the-exit.com/search
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.the-exit.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.the-exit.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 80.58.205.61:80
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:PROGRA~1FlashGetjccatch.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar2.binMGSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06inssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar2.binMGSBAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:PROGRA~1FlashGetfgiebar.dll
O4 - HKLM..Run: [KAVPersonal50] "C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Prokav.exe" /minimize
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSSystem32NeroCheck.exe
O4 - HKLM..Run: [Spik] C:Program FilesSpikSpik.exe -autostart
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06injusched.exe
O4 - HKLM..Run: [BearShare] "f:Program FilesBearShareBearShare.exe" /pause
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LXCECATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [lxcemon.exe] "C:Program FilesLexmark 4300 Serieslxcemon.exe"
O4 - HKLM..Run: [EzPrint] "C:Program FilesLexmark 4300 Seriesezprint.exe"
O4 - HKLM..Run: [FaxCenterServer] "C:Program FilesLexmark Fax Solutionsfm3032.exe" /s
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [ares] "C:Program FilesAresAres.exe" -h
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
O8 - Extra context menu item: Download All by FlashGet - F:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:Program FilesFlashGetjc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06inssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:PROGRA~1FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:PROGRA~1FlashGetflashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wp.pl
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:Program FilesSpikurl_wpmsg.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Prokavsvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:WINDOWSSystem32lxcecoms.exe

edit by niunka
Log jest nie kompletny
Log wklejamy w tagach

[pp3088]

Kod: Zaznacz wszystko

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.the-exit.com/search
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.the-exit.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www/the-exit.com/search
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.the-exit.com/search
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchURL = http://www.the-exit.com/search
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.the-exit.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.the-exit.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.the-exit.com/search
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.the-exit.com/search
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.the-exit.com/search
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.the-exit.com/search
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,(Default) = http://www.the-exit.com/search
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.the-exit.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.the-exit.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 80.58.205.61:80


Ty ustawiłeś tą stone?? Znasz te proxy?

Kod: Zaznacz wszystko

[b]Spyware Global Search[/b]
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program Files[i]MyGlobalSearchar2[/i].binMGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program Files[i]MyGlobalSearchar2[/i].binMGSBAR.DLL
[b]0o [/b]
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
[b]Alexa[/b]
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm


Fix w hijacku usuwasz podkreślone ręcznie.

[NeroFilterCheck]
[SunJavaUpdateSched]
[iTunesHelper]
[QuickTime Task] mega pożeracz usuwasz bez gadania
[Skype]
[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]"
[MSMSGS]

Zrobisz to w wiadomy sposób

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

Start>>programy>>autostart>>usuń tą wartość.

Zrób loga z Silent Runners. Ściągasz go na kompa, uruchamiasz i dajesz no i czekasz na komunikat done. Wklejasz zawartośc na forum

http://www.silentrunners.org/Silent%20Runners.vbs

3.Ściągnij to i zrób scan

https://www.instalki.pl/programy/downlo ... yware.html

4.Wklej logi z Hijacka i Silenta ;P

[Mr Yo]

człowieku masz u mnie plusa dużego plusa pomogłś mi za to jesteś moim kumplem a co do proxy tak ustawiałme sobie proxy typu wysoka aninomowość ale mnie kwurzała a co do tej strony x hmm... nie ja lecz muj tata nie wiadomo <lol>
zaraz zorbie to co muwiłeś

p.s wziełem odpaliłem tom stronke (pierwszy liunk) ale wywaliło mi bardzo lista loga i to mam wklejić ?

[pp3088]

Nie jest dobrze stronka na liście spyware blastera, czyli około tysiąća najgorszych syfów. Mi zablokowało. Weź daj logi po akcjach co pisałem.

P.S. Dzięki za plusika, a co do pomocy to po tu jestem. Ktoś mi kiedys pomógł, ja pomoge Ci, a ktoś inny mnie. Tak tworzy się łańcuch pomocy, dzięki czamu każdy tylko zyska. Kurde wyszłą mi myśl filozoficzna

[Mr Yo]

hiuston mamy problem

Kod: Zaznacz wszystko

Mon Sep 11 17:20:56 2006 Connecting http://www.grisoft.cz:80
Mon Sep 11 17:20:57 2006 Connecting http://www.grisoft.cz [IP=193.86.103.18:80]
Mon Sep 11 17:21:18 2006 Error occured! Socket Error=10060 Connection refused. Please read user manual for more information.
Mon Sep 11 17:21:18 2006 Wait 5 second for retry
Mon Sep 11 17:21:23 2006 Connecting http://www.grisoft.cz [IP=193.86.103.18:80]
Mon Sep 11 17:21:44 2006 Error occured! Socket Error=10060 Connection refused. Please read user manual for more information.
Mon Sep 11 17:21:44 2006 Wait 5 second for retry

nie działą ta stronka a raczej plik log z flasgeta jednakże prosze o poprawienie tego na stronie instalki.pl

p.s moge uzyc ad-ware ?

[pp3088]

Kod: Zaznacz wszystko


R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.the-exit.com
[b]Spyware Global Search[/b]
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program Files[i]MyGlobalSearchar2[/i].binMGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program Files[i]MyGlobalSearchar2[/i].binMGSBAR.DLL
[b]0o [/b]
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}



Fix w hijacku usuwasz podkreślone ręcznie.

Czyli to co na początku, robiłeś to w awaryjnym? Start do awaryjnego start>>uruchom>>msconfig>>boot.ini>>zaznacz safeboot>>restart. Dobra koniec zabawy ściagasz gmera http://www.gmer.net

Wchodzisz do lini cmd i wpsujesz

CD C:Program Files
ATTRIB -R -S -H MyGlobalSearchBar2
DEL MyGlobalSearchBar2

Wracasz do okna procesy dajesz zabij wsyzstko. Lej na ostrzeżeni, to tylko profilatktyka.

Przez 3 kropki wskazujesz HiJacka i kasujesz podane wpisy.


Co to za log z Silenta powinien wyglądać tak

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["sms-express.com"]
"SpybotSD TeaTimer" = "C:Program FilesSpybot - Search & DestroyTeaTimer.exe" ["Safer Networking Limited"]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"HPDJ Taskbar Utility" = "C:WINDOWSsystem32spooldriversw32x863hpztsb05.exe" ["HP"]
"PestPatrol Control Center" = "c:PROGRA~1PestPatrolPPControl.exe" ["Computer Associates International"]
"MSConfig" = "C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                   InProcServer32(Default) = "C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   InProcServer32(Default) = "C:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   InProcServer32(Default) = "C:Program FilesWinRAR
arext.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   InProcServer32(Default) = "C:WINDOWSsystem32
vcpl.dll" ["NVIDIA Corporation"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   InProcServer32(Default) = ""C:Program FilesOpenOffice.ux.pl 2.0.1programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
  -> {HKLM...CLSID} = (no title provided)
                   InProcServer32(Default) = ""C:Program FilesOpenOffice.ux.pl 2.0.1programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
  -> {HKLM...CLSID} = (no title provided)
                   InProcServer32(Default) = ""C:Program FilesOpenOffice.ux.pl 2.0.1programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
  -> {HKLM...CLSID} = (no title provided)
                   InProcServer32(Default) = ""C:Program FilesOpenOffice.ux.pl 2.0.1programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
  -> {HKLM...CLSID} = "Shell Search Band"
                   InProcServer32(Default) = "C:WINDOWSsystem32rowseui.dll" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   InProcServer32(Default) = "C:WINDOWSsystem32
vcpl.dll" ["NVIDIA Corporation"]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
  -> {HKLM...CLSID} = "CMenuExtender"
                   InProcServer32(Default) = "C:WINDOWSBricoPacksVista InspiratiColorFolderCMExt.dll" ["Revenger inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {HKLM...CLSID} = "iTunes"
                   InProcServer32(Default) = "C:Program FilesiTunesiTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
                   InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
                   InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   InProcServer32(Default) = "C:Program Filesewido anti-malwareshellhook.dll" ["TODO: <Firmenname>"]

HKLMSoftwareClassesFoldershellexColumnHandlers
{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
                   InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   InProcServer32(Default) = ""C:Program FilesOpenOffice.ux.pl 2.0.1programshlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"]
ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                   InProcServer32(Default) = "C:Program Filesewido anti-malwarecontext.dll" ["ewido networks"]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   InProcServer32(Default) = "C:Program FilesWinRAR
arext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"]
CMenuExtender(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
  -> {HKLM...CLSID} = "CMenuExtender"
                   InProcServer32(Default) = "C:WINDOWSBricoPacksVista InspiratiColorFolderCMExt.dll" ["Revenger inc."]
ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                   InProcServer32(Default) = "C:Program Filesewido anti-malwarecontext.dll" ["ewido networks"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   InProcServer32(Default) = "C:Program FilesWinRAR
arext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   InProcServer32(Default) = "C:Program FilesWinRAR
arext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

HKCUControl PanelDesktop
"Wallpaper" = "C:WINDOWSBricoPack Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%system32
svpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCUSoftwareMicrosoftInternet ExplorerExplorer Bars
{21569614-B795-46B1-85F4-E737A8DC09AD}(Default) = (no title provided)
  -> {HKLM...CLSID} = "Shell Search Band"
                   InProcServer32(Default) = "C:WINDOWSsystem32rowseui.dll" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, "C:Program FilesAntiVir PersonalEdition Classicavguard.exe" ["AVIRA GmbH"]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, "C:Program FilesAntiVir PersonalEdition Classicsched.exe" ["Avira GmbH"]
ewido security suite control, ewido security suite control, "C:Program Filesewido anti-malwareewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:Program Filesewido anti-malwareewidoguard.exe" ["ewido networks"]
HTTP SSL, HTTPFilter, "C:WINDOWSSystem32svchost.exe -k HTTPFilter" {"C:WINDOWSSystem32w3ssl.dll" [MS]}
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32
vsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
hpzsnt05Driver = "hpzsnt05.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
  use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 28 seconds, including 4 seconds for message boxes)

[Mr Yo]

dobra spokio robi sie a teraz nie moge bo jestm w budzie lol

jestem już narazie dam sobie spokuj wiem o co ci hodzi aloe dzisiaj mi się nie hce to co muwiles poprzedniu o tych podkreślonych usunołem je ja sie tym nie martwie starszy bedzie sie martwil co sie dzieje na kompie
a jak j będe miał swojego to będe się martwić o niego )