CO MAM Z TEGO USUNĄĆ??
====================================
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.
Pozdrawiam kuz5
CO MAM Z TEGO USUNĄĆ??
====================================
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.
Pozdrawiam kuz5
Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki i folder, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log
zastosuj Usuwanie tapety SpySheriff
zobacz Usuwanie VX2.BetterInternet i daj log nr 1 z narzędzia L2Mfix
i co dalej??
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
“Asynchronous”=dword:00000000
“Impersonate”=dword:00000000
“DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
“Logoff”=“ChainWlxLogoffEvent”
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
“Asynchronous”=dword:00000000
“Impersonate”=dword:00000000
“DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
“Logoff”=“CryptnetWlxLogoffEvent”
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
“DLLName”=“cscdll.dll”
“Logon”=“WinlogonLogonEvent”
“Logoff”=“WinlogonLogoffEvent”
“ScreenSaver”=“WinlogonScreenSaverEvent”
“Startup”=“WinlogonStartupEvent”
“Shutdown”=“WinlogonShutdownEvent”
“StartShell”=“WinlogonStartShellEvent”
“Impersonate”=dword:00000000
“Asynchronous”=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
“DLLName”=“wlnotify.dll”
“Logon”=“SCardStartCertProp”
“Logoff”=“SCardStopCertProp”
“Lock”=“SCardSuspendCertProp”
“Unlock”=“SCardResumeCertProp”
“Enabled”=dword:00000001
“Impersonate”=dword:00000001
“Asynchronous”=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
“Asynchronous”=dword:00000000
“DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
“Impersonate”=dword:00000000
“StartShell”=“SchedStartShell”
“Logoff”=“SchedEventLogOff”
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
“Logoff”=“WLEventLogoff”
“Impersonate”=dword:00000000
“Asynchronous”=dword:00000001
“DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
“DLLName”=“WlNotify.dll”
“Lock”=“SensLockEvent”
“Logon”=“SensLogonEvent”
“Logoff”=“SensLogoffEvent”
“Safe”=dword:00000001
“MaxWait”=dword:00000258
“StartScreenSaver”=“SensStartScreenSaverEvent”
“StopScreenSaver”=“SensStopScreenSaverEvent”
“Startup”=“SensStartupEvent”
“Shutdown”=“SensShutdownEvent”
“StartShell”=“SensStartShellEvent”
“PostShell”=“SensPostShellEvent”
“Disconnect”=“SensDisconnectEvent”
“Reconnect”=“SensReconnectEvent”
“Unlock”=“SensUnlockEvent”
“Impersonate”=dword:00000001
“Asynchronous”=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
“Asynchronous”=dword:00000000
“DllName”=“C:\WINDOWS\system32\g204lcdq1f0e.dll”
“Impersonate”=dword:00000000
“Logon”=“WinLogon”
“Logoff”=“WinLogoff”
“Shutdown”=“WinShutdown”
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
“Asynchronous”=dword:00000000
“DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
“Impersonate”=dword:00000000
“Logoff”=“TSEventLogoff”
“Logon”=“TSEventLogon”
“PostShell”=“TSEventPostShell”
“Shutdown”=“TSEventShutdown”
“StartShell”=“TSEventStartShell”
“Startup”=“TSEventStartup”
“MaxWait”=dword:00000258
“Reconnect”=“TSEventReconnect”
“Disconnect”=“TSEventDisconnect”
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
“DLLName”=“wlnotify.dll”
“Logon”=“RegisterTicketExpiredNotificationEvent”
“Logoff”=“UnregisterTicketExpiredNotificationEvent”
“Impersonate”=dword:00000001
“Asynchronous”=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
“DLLName”=“wzcdlg.dll”
“Logon”=“WZCEventLogon”
“Logoff”=“WZCEventLogoff”
“Impersonate”=dword:00000000
“Asynchronous”=dword:00000000
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
“{DAAACE7D-95A1-76E7-C7FA-E78636B1A085}”=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
“{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego”
“{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM”
“{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS”
“{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile”
“{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w”
“{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension”
“{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej”
“{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania”
“{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania”
“{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS”
“{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci”
“{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki”
“{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy”
“{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network”
“{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM”
“{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM”
“{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w”
“{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web”
“{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI”
“{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania”
“{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka”
“{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu”
“{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts”
“{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC”
“{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek”
“{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w”
“{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension”
“{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO”
“{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign”
“{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe”
“{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe”
“{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne"
“{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne"
“{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne"
“{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne"
“{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne"
“{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension”
“{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension”
“{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows”
“{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link”
“{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler”
“{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension”
“{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania”
“{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start”
“{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj”
“{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna”
“{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna”
“{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…”
“{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet”
“{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail”
“{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki”
“{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne”
“{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler”
“{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler”
“{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler”
“{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler”
“{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler”
“{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor”
“{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet”
“{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania”
“{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej”
“{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2”
“{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy”
“{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft”
“{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania”
“{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w”
“{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku”
“{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web”
“{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru”
“{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres"
“{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu”
“{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft”
“{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident”
“{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU”
“{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU”
“{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny”
“{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia”
“{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu”
“{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft”
“{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft”
“{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft”
“{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki”
“{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp”
“{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki”
“{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite”
“{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika”
“{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w”
“{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band”
“{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service”
“{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer”
“{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture”
“{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut”
“{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service”
“{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia”
“{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe”
“{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe”
“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook”
“{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4”
“{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook”
“{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC”
“{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC”
“{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet”
“{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space”
“{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora”
“{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service”
“{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service”
“{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX”
“{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck”
“{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr”
“{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji”
“{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler”
“{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent”
“{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent”
“{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent”
“{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent”
“{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent”
“{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler”
“{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki”
“{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji”
“{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin”
“{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs”
“{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory”
“{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w”
“{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)”
“{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML”
“{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler”
“{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web”
“{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web”
“{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji”
“{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport”
“{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w”
“{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler”
“{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target”
“{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau”
“{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau”
“{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau”
“{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu”
“{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties”
“{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview”
“{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext”
“{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control”
“{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control”
“{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control”
“{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control”
“{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control”
“{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI”
“{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object”
“{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find”
“{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find”
“{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI”
“{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs”
“{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook”
“{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target”
“{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties”
“{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu”
“{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options”
“{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline”
“{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler”
“{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell”
“{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%"
“{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler”
“{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer"
“{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…"
“{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler”
“{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler”
“{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler”
“{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults”
“{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Previous Versions Property Page”
“{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Previous Versions”
“{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder”
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension”
“{21569614-B795-46b1-85F4-E737A8DC09AD}”=“Shell Search Band”
“{C24568AA-6DA1-49A2-B263-512332C49EC7}”=""
“{2974D59F-C4C0-4C3C-845E-ADDFA872CB84}”=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID{C24568AA-6DA1-49A2-B263-512332C49EC7}]
@=""
“IDEx”=“ADDR”
[HKEY_CLASSES_ROOT\CLSID{C24568AA-6DA1-49A2-B263-512332C49EC7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID{C24568AA-6DA1-49A2-B263-512332C49EC7}\Implemented Categories{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID{C24568AA-6DA1-49A2-B263-512332C49EC7}\InprocServer32]
@=“C:\WINDOWS\system32\dtskmon.dll”
“ThreadingModel”=“Apartment”
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID{2974D59F-C4C0-4C3C-845E-ADDFA872CB84}]
@=""
[HKEY_CLASSES_ROOT\CLSID{2974D59F-C4C0-4C3C-845E-ADDFA872CB84}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID{2974D59F-C4C0-4C3C-845E-ADDFA872CB84}\Implemented Categories{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID{2974D59F-C4C0-4C3C-845E-ADDFA872CB84}\InprocServer32]
@=“C:\WINDOWS\system32\mktext40.dll”
“ThreadingModel”=“Apartment”
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
azaol7~1.dll Mon 2006-01-09 15:51:10 …S.R 234 099 228,61 K
browseui.dll Thu 2005-11-24 1:39:20 A… 1 022 464 998,50 K
cdfview.dll Fri 2005-10-21 4:42:08 A… 151 552 148,00 K
danim.dll Sat 2005-11-05 4:18:02 A… 1 055 744 1,00 M
dn0u01~1.dll Mon 2006-01-09 17:01:50 …S.R 234 858 229,35 K
dxtrans.dll Fri 2005-10-21 4:42:08 A… 205 312 200,50 K
esent.dll Thu 2005-10-20 23:30:54 A… 1 092 608 1,04 M
extmgr.dll Fri 2005-10-21 4:42:08 … 55 808 54,50 K
g204lc~1.dll Mon 2006-01-09 19:49:14 …S.R 233 957 228,47 K
gdi32.dll Thu 2005-12-29 3:56:06 A… 280 064 273,50 K
iepeers.dll Fri 2005-10-21 4:42:08 A… 251 392 245,50 K
inseng.dll Fri 2005-10-21 4:42:08 A… 96 768 94,50 K
itagehlp.dll Fri 2006-01-06 15:58:04 …S.R 236 568 231,02 K
k4no0e~1.dll Mon 2006-01-09 20:32:20 …S.R 235 562 230,04 K
kt8ol7~1.dll Mon 2006-01-09 15:42:20 …S.R 233 941 228,46 K
ktl6l7~1.dll Sat 2006-01-07 10:19:14 …S.R 236 640 231,09 K
l6p20g~1.dll Tue 2006-01-10 16:14:08 …S.R 233 957 228,47 K
mktext40.dll Tue 2006-01-10 18:21:58 … 233 957 228,47 K
mshtml.dll Thu 2005-11-24 1:39:22 A… 3 013 632 2,87 M
mshtmled.dll Fri 2005-10-21 4:42:10 A… 448 512 438,00 K
msrating.dll Fri 2005-10-21 4:42:10 A… 146 432 143,00 K
mstime.dll Fri 2005-10-21 4:42:10 A… 530 944 518,50 K
nmlanui2.dll Mon 2006-01-09 17:10:56 …S.R 233 957 228,47 K
nzmsdba.dll Mon 2006-01-09 15:51:10 …S.R 236 413 230,87 K
pngfilt.dll Fri 2005-10-21 4:42:10 A… 39 424 38,50 K
shdocvw.dll Thu 2005-12-01 4:34:28 A… 1 492 480 1,42 M
shlwapi.dll Fri 2005-10-21 4:42:12 A… 473 600 462,50 K
spmsg.dll Thu 2005-10-13 0:21:28 … 16 096 15,72 K
urlmon.dll Sat 2005-11-05 4:18:08 A… 605 184 591,00 K
wininet.dll Fri 2005-10-21 4:42:12 A… 660 992 645,50 K
zlbw.dll Thu 2006-01-05 21:05:24 A… 46 592 45,50 K
31 items found: 31 files (10 H/S), 0 directories.
Total of file sizes: 14 269 509 bytes 13,61 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
guard.tmp Tue 2006-01-10 18:25:58 …S.R 233 957 228,47 K
1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 233 957 bytes 228,47 K
**********************************************************************************
Directory Listing of system files:
Wolumin w stacji C to POTEKTO
Numer seryjny woluminu: 5869-20D5
Katalog: C:\WINDOWS\System32
2006-01-10 18:25 233˙957 guard.tmp
2006-01-10 16:14 233˙957 l6p20g7oe6.dll
2006-01-09 20:32 235˙562 k4no0e53eh.dll
2006-01-09 19:49
2006-01-09 19:49 233˙957 g204lcdq1f0e.dll
2006-01-09 17:10 233˙957 nmlanui2.dll
2006-01-09 17:01 234˙858 dn0u01d9e.dll
2006-01-09 15:51 236˙413 nzmsdba.dll
2006-01-09 15:51 234˙099 azaol7l31.dll
2006-01-09 15:42 233˙941 kt8ol7l31.dll
2006-01-07 10:19 236˙640 ktl6l73s1.dll
2006-01-06 15:58 236˙568 itagehlp.dll
2005-04-15 17:15
11 plik(˘w) 2˙583˙909 bajt˘w
2 katalog(˘w) 4˙581˙740˙544 bajt˘w wolnych
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG
Start do z Konsoli Odzyskiwania CD XP i komendy:
CD C:\WINDOWS\system32
ATTRIB -R-S-H guard.tmp
ATTRIB -R-S-H l6p20g7oe6.dll
ATTRIB -R-S-H k4no0e53eh.dll
ATTRIB -R-S-H g204lcdq1f0e.dll
ATTRIB -R-S-H nmlanui2.dll
ATTRIB -R-S-H nzmsdba.dll
ATTRIB -R-S-H mktext40.dll
ATTRIB -R-S-H dn0u01d9e.dll
ATTRIB -R-S-H dtskmon.dll
ATTRIB -R-S-H nzmsdba.dll
ATTRIB -R-S-H azaol7l31.dll
ATTRIB -R-S-H kt8ol7l31.dll
ATTRIB -R-S-H ktl6l73s1.dll
ATTRIB -R-S-H itagehlp.dll
ATTRIB -R-S-H zlbw.dll
DEL guard.tmp
DEL l6p20g7oe6.dll
DEL k4no0e53eh.dll
DEL g204lcdq1f0e.dll
DEL nmlanui2.dll
DEL nzmsdba.dll
DEL mktext40.dll
DEL dn0u01d9e.dll
DEL dtskmon.dll
DEL nzmsdba.dll
DEL azaol7l31.dll
DEL kt8ol7l31.dll
DEL ktl6l73s1.dll
DEL itagehlp.dll
DEL zlbw.dll
EXIT
Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz mi nowego loga L2MFix robionego z opcji 1.