Proszę o sprawdzenie loga-ja już jestem bezradny

djandru · 22 Styczeń 2006 12:32

Od jakiegoś czasu co kilka minut otwiera mi się strona internetowa. Nie “sexowna” ale z reklamą jakiejś tam biżuterii. Strona jest zawsze ta sama, ale za każdym razem inny adres strony. Użyłem już wszystkich jakie miałem antyspamerów, antytrojanów i antywirusów i nic. POMOOOCY.

Logfile of HijackThis v1.99.1

Scan saved at 13:26:19, on 2006-01-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Jacek\Pulpit\HijackThis.exe


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\m8280ifue8280.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Złączono Posta _: 22.01.2006 (Nie) 15:25_Może dodam jeszcze Startuplist, to będzie coś więcej wiadomo.

StartupList report, 2006-01-21, 13:44:26

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Jacek\Pulpit\HijackThis.EXE

Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================


Running processes:


C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Jacek\Pulpit\HijackThis.exe


--------------------------------------------------


Listing of startup folders:


Shell folders Startup:

[C]

*No files*


Shell folders AltStartup:

*Folder not found*


User shell folders Startup:

*Folder not found*


User shell folders AltStartup:

*Folder not found*


Shell folders Common Startup:

[C]

*No files*


Shell folders Common AltStartup:

*Folder not found*


User shell folders Common Startup:

*Folder not found*


User shell folders Alternate Common Startup:

*Folder not found*


--------------------------------------------------


Checking Windows NT UserInit:


[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,


[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*


[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*


[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run


avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

WinampAgent = C:\Program Files\Winamp\winampa.exe

gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run


CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run


*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run


[OptionalComponents]

*No values found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*


--------------------------------------------------


File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command


(Default) = "%1" /S


--------------------------------------------------


File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command


(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*


--------------------------------------------------


File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command


(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1


--------------------------------------------------


Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)


[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP


[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE


[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP


[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE


[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub


[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll


[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install


[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT


[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser


[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub


[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install


[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll


[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe


--------------------------------------------------


Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps


*Registry key not found*


--------------------------------------------------


Load/Run keys from C:\WINDOWS\WIN.INI:


load=*INI section not found*

run=*INI section not found*


Load/Run keys from Registry:


HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=


--------------------------------------------------


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:


Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*


Shell & screensaver key from Registry:


Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\MINIMI~1.SCR

drivers=*Registry value not found*


Policies Shell key:


HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*


--------------------------------------------------


Checking for EXPLORER.EXE instances:


C:\WINDOWS\Explorer.exe: PRESENT!


C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present


--------------------------------------------------


Checking for superhidden extensions:


.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden


--------------------------------------------------


Verifying REGEDIT.EXE integrity:


- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Edytor rejestru'


Registry check passed


--------------------------------------------------


Enumerating Browser Helper Objects:


*No BHO's found*


--------------------------------------------------


Enumerating Task Scheduler jobs:


*No jobs found*


--------------------------------------------------


Enumerating Download Program Files:


[DirectAnimation Java Classes]

CODEBASE = [url=file://C]file://C[/url]:\WINDOWS\Java\classes\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd


[Microsoft XML Parser for Java]

CODEBASE = [url=file://C]file://C[/url]:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


[Shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx

CODEBASE = [url=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]http://download.macromedia.com/pub/shoc ... wflash.cab[/url]


--------------------------------------------------


Enumerating Winsock LSP files:


NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\system32\wshbth.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll


--------------------------------------------------


Enumerating Windows NT/2000/XP services


a347bus: system32\DRIVERS\a347bus.sys (system)

a347scsi: System32\Drivers\a347scsi.sys (system)

Sterownik Microsoft ACPI: System32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

Środowisko obsługi sieci AFD: \SystemRoot\System32\drivers\afd.sys (system)

Urządzenie alarmowe: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)

Usługa bramy warstwy aplikacji: %SystemRoot%\System32\alg.exe (manual start)

Sterownik procesora AMD K7: System32\DRIVERS\amdk7.sys (system)

Zarządzanie aplikacjami: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)

Sterownik multimediów asynchronicznych RAS: System32\DRIVERS\asyncmac.sys (manual start)

Standardowy kontroler dysku twardego IDE/ESDI: System32\DRIVERS\atapi.sys (system)

Protokół klienta ARP ATM: System32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Sterownik Audio Stub: System32\DRIVERS\audstub.sys (manual start)

Autodesk Licensing Service: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" (autostart)

avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)

avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)

avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)

basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)

Usługa inteligentnego transferu w tle: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Bluetooth Audio Service: system32\DRIVERS\blueletaudio.sys (manual start)

BlueSoleil Hid Service: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (autostart)

Przeglądarka komputera: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Bluetooth PAN Network Adapter: system32\DRIVERS\btnetdrv.sys (manual start)

Bluetooth USB For Bluetooth Service: System32\Drivers\btcusb.sys (manual start)

Sterownik Bluetooth Request Block: system32\DRIVERS\BthEnum.sys (manual start)

Bluetooth HID Enumerator: system32\DRIVERS\vbtenum.sys (manual start)

Bluetooth HID Manager Service: System32\Drivers\BTHidMgr.sys (system)

Sterownik Bluetooth Serial Communications: system32\DRIVERS\bthmodem.sys (manual start)

Bluetooth Device (Personal Area Network): system32\DRIVERS\bthpan.sys (manual start)

Sterownik portu Bluetooth: System32\Drivers\BTHport.sys (manual start)

Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart)

Sterownik USB odbiornika radiowego Bluetooth: System32\Drivers\BTHUSB.sys (manual start)

Bluetooth Network Filter: \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys (manual start)

Dekoder napisów: system32\DRIVERS\CCDECODE.sys (manual start)

Sterownik stacji dysków CD-ROM: System32\DRIVERS\cdrom.sys (system)

Usługa indeksowania: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

Aplikacja systemowa modelu COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Usługi kryptograficzne: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Port gier dla karty Creative SB Live!: System32\DRIVERS\ctljystk.sys (manual start)

Program uruchamiający proces serwera DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Klient DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Sterownik dysku: System32\DRIVERS\disk.sys (system)

Diskeeper: "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe" (autostart)

Usługa administracyjna Menedżera dysków logicznych: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Sterownik Menedżera dysków logicznych: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Menedżer dysków logicznych: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Syntezator Microsoft Kernel DLS: system32\drivers\DMusic.sys (manual start)

Klient DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Creative SB Live! (WDM): system32\drivers\emu10k1m.sys (manual start)

Sterownik Creative Interface Manager (WDM): system32\drivers\ctlfacem.sys (manual start)

Usługa raportowania błędów: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Dziennik zdarzeń: %SystemRoot%\system32\services.exe (autostart)

System zdarzeń COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)

Zgodność szybkiego przełączania użytkowników: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Sterownik kontrolera stacji dyskietek: System32\DRIVERS\fdc.sys (manual start)

VIA Rhine Family Fast Ethernet Adapter Driver: system32\DRIVERS\fetnd5b.sys (manual start)

Sterownik stacji dyskietek: System32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)

Sterownik Menedżera woluminów: System32\DRIVERS\ftdisk.sys (system)

Licznik portów gier: System32\DRIVERS\gameenum.sys (manual start)

Rodzajowy klasyfikator pakietu: System32\DRIVERS\msgpc.sys (manual start)

Pomoc i obsługa techniczna: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Miniport Microsoft Bluetooth HID: system32\DRIVERS\hidbth.sys (manual start)

Dostęp do urządzeń interfejsu HID: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

HSFHWBS2: System32\DRIVERS\HSFBS2S2.sys (manual start)

HSF_DP: System32\DRIVERS\HSFDPSP2.sys (manual start)

hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

Sterownik portu klawiatury i8042 i myszy PS/2: System32\DRIVERS\i8042prt.sys (system)

Sterownik filtru nagrywania dysków CD: System32\DRIVERS\imapi.sys (system)

Usługa COM nagrywania dysków CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)

Sterownik Zapory systemu Windows IPv6: system32\drivers\ip6fw.sys (manual start)

Sterownik filtru ruchu IP: System32\DRIVERS\ipfltdrv.sys (manual start)

Sterownik IP w tunelu IP: System32\DRIVERS\ipinip.sys (manual start)

Translator adresów sieciowych IP: System32\DRIVERS\ipnat.sys (manual start)

Sterownik IPSEC: System32\DRIVERS\ipsec.sys (system)

Usługa wyliczania IR: System32\DRIVERS\irenum.sys (manual start)

Sterownik PnP magistrali ISA/EISA: System32\DRIVERS\isapnp.sys (system)

K56: System32\DRIVERS\HSF_K56K.sys (autostart)

Sterownik klasy klawiatury: System32\DRIVERS\kbdclass.sys (system)

Sterownik klawiatury HID: system32\DRIVERS\kbdhid.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Serwer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Stacja robocza: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

License Management Service ESD: "C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe" (manual start)

LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)

Pomoc TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)

Posłaniec: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

RaySat_3dsmax8 Server: "C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe" (autostart)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Sterownik klasy myszy: System32\DRIVERS\mouclass.sys (system)

Sterownik myszy HID: System32\DRIVERS\mouhid.sys (manual start)

Readresator klienta WebDav: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)

Instalator Windows: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Serwer proxy usługi Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)

Serwer proxy zegara Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)

Serwer proxy menedżera jakości Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)

Sterownik BIOS zarządzania systemem firmy Microsoft: System32\DRIVERS\mssmbios.sys (manual start)

Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming: system32\drivers\MSTEE.sys (manual start)

Koder-dekoder NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start)

Połączenie TV/wideo firmy Microsoft: system32\DRIVERS\NdisIP.sys (manual start)

Sterownik usługi Dostęp zdalny NDIS TAPI: System32\DRIVERS\ndistapi.sys (manual start)

Protokół We/Wy trybu użytkownika NDIS: System32\DRIVERS\ndisuio.sys (manual start)

Sterownik usługi Dostęp zdalny NDIS WAN: System32\DRIVERS\ndiswan.sys (manual start)

Interfejs NetBIOS: System32\DRIVERS\netbios.sys (system)

NetBios przez TCP/IP: System32\DRIVERS\netbt.sys (system)

DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)

DSDM DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)

Logowanie do sieci: %SystemRoot%\System32\lsass.exe (manual start)

Połączenia sieciowe: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Rozpoznawanie lokalizacji w sieci (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Norton Unerase Protection Driver: \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS (manual start)

Norton Unerase Protection: C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (autostart)

Usługa NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)

Magazyn wymienny: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NTSIM: \??\C:\WINDOWS\system32\ntsim.sys (manual start)

nv: System32\DRIVERS\nv4_mini.sys (manual start)

NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)

Sterownik filtru ruchu IPX: System32\DRIVERS\nwlnkflt.sys (manual start)

Sterownik usług przesyłania dalej ruchu IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)

Sterownik portu równoległego: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Usługi IPSEC: %SystemRoot%\System32\lsass.exe (autostart)

WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Magazyn chroniony: %SystemRoot%\system32\lsass.exe (autostart)

Harmonogram pakietów QoS: System32\DRIVERS\psched.sys (manual start)

Sterownik bezpośredniego połączenia kablowego: System32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

Sterownik automatycznego połączenia dostępu zdalnego: System32\DRIVERS\rasacd.sys (system)

Menedżer autopołączenia dostępu zdalnego: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Menedżer połączeń usługi Dostęp zdalny: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Sterownik usługi Dostęp zdalny PPPOE: System32\DRIVERS\raspppoe.sys (manual start)

Bezpośrednie połączenie kablowe: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Sterownik przekierowania urządzenia serwera terminali: System32\DRIVERS\rdpdr.sys (manual start)

Menedżer sesji pomocy pulpitu zdalnego: C:\WINDOWS\system32\sessmgr.exe (manual start)

Sterownik filtru odtwarzania audio cyfrowych dysków CD: System32\DRIVERS\redbook.sys (system)

Routing i dostęp zdalny: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Rejestr zdalny: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Urządzenie Bluetooth (Protokół TDI RFCOMM): system32\DRIVERS\rfcomm.sys (manual start)

Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)

Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)

Lokalizator usługi zdalnego wywołania procedury (RPC): %SystemRoot%\System32\locator.exe (manual start)

Zdalne wywoływanie procedur (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Menedżer kont zabezpieczeń: %SystemRoot%\system32\lsass.exe (autostart)

Karta inteligentna: %SystemRoot%\System32\SCardSvr.exe (manual start)

Harmonogram zadań: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Logowanie pomocnicze: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Zawiadomienie o zdarzeniu systemowym: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

OTI Serial port driver: system32\DRIVERS\SER120.sys (manual start)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Sterownik portu szeregowego: System32\DRIVERS\serial.sys (system)

StarForce Protection Environment Driver (version 1.x): System32\drivers\sfdrv01.sys (system)

StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system)

Sterownik Creative SoundFont Manager (WDM): system32\drivers\sfmanm.sys (manual start)

StarForce Protection Synchronization Driver (version 2.x): System32\drivers\sfsync02.sys (system)

Zapora systemu Windows/Udostępnianie połączenia internetowego: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Wykrywanie sprzętu powłoki: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)

SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)

sony_ssm.sys: \??\C:\DOCUME~1\Jacek\USTAWI~1\Temp\sony_ssm.sys (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Bufor wydruku: %SystemRoot%\system32\spoolsv.exe (autostart)

Sterownik filtru Przywracania systemu: \SystemRoot\System32\DRIVERS\sr.sys (disabled)

Usługa przywracania systemu: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

Usługa odnajdywania SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)

BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)

Sterownik magistrali programowej: System32\DRIVERS\swenum.sys (manual start)

Syntezator tablicy dźwięków WAVE Microsoft Kernel GS: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{61CC3FC1-EC69-43C6-9722-18B8B858B0E7} (manual start)

SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)

Urządzenie audio Microsoft Kernel System: system32\drivers\sysaudio.sys (manual start)

Dzienniki wydajności i alerty: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Sterownik protokołu TCP/IP: System32\DRIVERS\tcpip.sys (system)

Sterownik urządzenia terminalu: System32\DRIVERS\termdd.sys (system)

Usługi terminalowe: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Kompozycje: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)

Tones: System32\DRIVERS\HSF_TONE.sys (autostart)

Klient śledzenia łączy rozproszonych: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Sterownik karty Microsoft Tun Miniport: system32\DRIVERS\tunmp.sys (manual start)

Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)

Sterownik Microcode Update: System32\DRIVERS\update.sys (manual start)

Host uniwersalnego urządzenia Plug and Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Zasilacz awaryjny (UPS): %SystemRoot%\System32\ups.exe (manual start)

Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start)

Standardowy sterownik koncentratora USB Microsoft: System32\DRIVERS\usbhub.sys (manual start)

Klasa PRINTER USB Microsoft: system32\DRIVERS\usbprint.sys (manual start)

Sterownik magazynu masowego USB: system32\DRIVERS\USBSTOR.SYS (manual start)

Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start)

Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC: C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe (autostart)

SecuROM User Access Service (V7): C:\WINDOWS\system32\UAService7.exe (autostart)

V124: System32\DRIVERS\HSF_V124.sys (autostart)

Virtual Serial port driver: system32\DRIVERS\VComm.sys (manual start)

Bluetooth VComm Manager Service: System32\Drivers\VcommMgr.sys (manual start)

Kontroler ekranu VGA.: \SystemRoot\System32\drivers\vga.sys (system)

Bluetooth HID Device Service: system32\drivers\VHIDMini.sys (manual start)

Filtr magistrali AGP VIA: System32\DRIVERS\viaagp.sys (system)

VIA AGP Filter: system32\DRIVERS\viaagp1.sys (system)

ViaIde: System32\DRIVERS\viaide.sys (system)

Kopiowanie woluminów w tle: %SystemRoot%\System32\vssvc.exe (manual start)

Usługa Czas systemu Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Sterownik usługi Dostęp zdalny IP ARP: System32\DRIVERS\wanarp.sys (manual start)

Sterownik zgodności audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

winachsf: System32\DRIVERS\HSFCXTS2.sys (manual start)

Instrumentacja zarządzania Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Usługa numeru seryjnego multimediów przenośnych: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Rozszerzenia sterownika Instrumentacji zarządzania Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Karta wydajności WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Centrum zabezpieczeń: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Kodery-dekodery teletekstu w standardzie światowym: system32\DRIVERS\WSTCODEC.SYS (manual start)

Aktualizacje automatyczne: %systemRoot%\System32\svchost.exe -k netsvcs (autostart)

Konfiguracja zerowej sieci bezprzewodowej: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Usługa dostarczania sieci: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)



--------------------------------------------------


Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*


Windows NT checkdisk command:

BootExecute = autocheck autochk *


Windows NT 'Wininit.ini':

PendingFileRenameOperations: C:\WINDOWS\system32\MRC42PLK.DLL



--------------------------------------------------


Enumerating ShellServiceObjectDelayLoad items:


PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll


--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


*Registry key not found*


--------------------------------------------------


End of report, 36 005 bytes

Report generated in 0,093 seconds


Command line options:

   /verbose - to add additional info on each section

   /complete - to include empty sections and unsuspicious data

   /full - to include several rarely-important sections

   /force9x - to include Win9x-only startups even if running on WinNT

   /forcent - to include WinNT-only startups even if running on Win9x

   /forceall - to include all Win9x and WinNT startups, regardless of platform

   /history - to list version history only

[code]

kuz5 · 22 Styczeń 2006 14:28

Bo masz dziada

Poczytaj Usuwanie VX2.BetterInternet i daj log nr 1 z narzędzia L2Mfix

djandru · 22 Styczeń 2006 14:49

To jest ten Log1

kacz2n · 22 Styczeń 2006 15:58

Otwierasz notatnik i wpisujesz:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H guard.tmp

ATTRIB -R-S-H m8280ifue8280.dll

ATTRIB -R-S-H k2lqlc351f.dll

ATTRIB -R-S-H s0pu0a79ed.dll

ATTRIB -R-S-H mvl4l93q1.dll

ATTRIB -R-S-H j2n20c5oef.dll

ATTRIB -R-S-H d8j0li1m18.dll

ATTRIB -R-S-H p66s0gj7e6o.dll

ATTRIB -R-S-H l2n4lc5q1f.dll

ATTRIB -R-S-H o0660ajsedo60.dll

ATTRIB -R-S-H l80u0id9e80.dll

ATTRIB -R-S-H nacod.dll

ATTRIB -R-S-H eqentprf.dll

ATTRIB -R-S-H VW5DB.DLL

ATTRIB -R-S-H ppchdprf.dll

ATTRIB -R-S-H h0n0la5m1d.dll

ATTRIB -R-S-H mstext35.dll

ATTRIB -R-S-H msexcl35.dll

ATTRIB -R-S-H msjet35.dll

ATTRIB -R-S-H msltus35.dll

ATTRIB -R-S-H msrepl35.dll

ATTRIB -R-S-H Msrd2x35.dll

ATTRIB -R-S-H mspdox35.dll

ATTRIB -R-S-H Msxbse35.dll

ATTRIB -R-S-H mrc42plk.dll

DEL guard.tmp

DEL m8280ifue8280.dll

DEL k2lqlc351f.dll

DEL s0pu0a79ed.dll

DEL mvl4l93q1.dll

DEL j2n20c5oef.dll

DEL d8j0li1m18.dll

DEL p66s0gj7e6o.dll

DEL l2n4lc5q1f.dll

DEL o0660ajsedo60.dll

DEL l80u0id9e80.dll

DEL nacod.dll

DEL eqentprf.dll

DEL VW5DB.DLL

DEL ppchdprf.dll

DEL h0n0la5m1d.dll

DEL mstext35.dll

DEL msexcl35.dll

DEL msjet35.dll

DEL msltus35.dll

DEL msrepl35.dll

DEL Msrd2x35.dll

DEL mspdox35.dll

DEL Msxbse35.dll

DEL mrc42plk.dll

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG Po usuwaniu nowy log z l2mfix z opcji 1.

djandru · 22 Styczeń 2006 17:04

Nie bardzo rozumiem drugiej części.

Po utworzeniu FIX.REG, mam otworzyć konsolę i po kolei wpisywać komendy te tłustym drukiem ?

kacz2n · 22 Styczeń 2006 17:11

O konsoli odzyskiwania Tu: http://www.searchengines.pl/phpbb203/in … opic=14270

Masz tam wejść i wpisać te komendy tłustym drukiem.

djandru · 22 Styczeń 2006 18:25

Wszystko zrobiłem. To jest log z l2mfix po.

L2MFIX find log 010406

kuz5 · 22 Styczeń 2006 22:06

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H s0pu0a79ed.dll

DEL s0pu0a79ed.dll

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz nowego loga L2MFix robionego z opcji 1.

Gutek · 23 Styczeń 2006 09:43

Nie wszystko usuniete

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H atmtdd~1.tmp

ATTRIB -R-S-H scrunzip.dll

DEL atmtdd~1.tmp

DEL scrunzip.dll

EXIT

Dajesz mi nowego loga L2MFix robionego z opcji 1 oraz log z Silenta - Silent opis: http://www.searchengines.pl/phpbb203/in … opic=15989

djandru · 23 Styczeń 2006 10:38

Czy twoją propozycję mogę połączyć z kuz5 (ciut wyżej) i na koniec uruchomić jego FIX.REG ?

Gutek · 23 Styczeń 2006 10:44

Daj na nowo log L2MFix robionego z opcji 1

djandru · 23 Styczeń 2006 18:19

To jest nowy log z L2Mfix

L2MFIX find log 010406

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

  6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

  6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\s0pu0a79ed.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

  6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

  6c,00,6c,00,00,00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

  6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001


**********************************************************************************

useragent:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Karta waciwoci pliku multimedialnego"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona waciwoci OLE Docfile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usugi DS"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodnoci"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsugi danych wycinkowych powoki"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powoki dla kompresji plik˘w"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoĄczenia sieciowe"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoĄczenia sieciowe"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powoki zwi©kszonej"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powoki zwi©kszonej 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupenianie Microsoft"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeniania MRU"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ledzenia"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeniania historii Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powoki"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powoki"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powoki"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powoki kreatora publikacji"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanau"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanau"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsugi kanau"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"

"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"

"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"

"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"

"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"

"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"

"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"

"{C81DCBCA-8AE2-41FC-9C39-78B160393210}"="RhinoShExt"

"{6DEA92E9-8682-4b6a-97DE-354772FE5727}"="Autodesk DWF Preview"

"{2F860D81-AF3C-11D4-BDB3-00E0987D8540}"="UltimateZip Shell Extension"

"{2F860D82-AF3C-11D4-BDB3-00E0987D8540}"="UltimateZip Drag Drop Handler"


**********************************************************************************

HKEY ROOT CLASSIDS:

**********************************************************************************

Files Found are not all bad files:


C:\WINDOWS\SYSTEM32\

   nv4_disp.dll Sat 2005-12-10 3:06:00 A.... 3 955 456 3,77 M

   nvhwvid.dll Sat 2005-12-10 3:06:00 A.... 573 440 560,00 K

   nvapi.dll Sat 2005-12-10 3:06:00 A.... 110 592 108,00 K

   nvoglnt.dll Sat 2005-12-10 3:06:00 A.... 5 402 624 5,15 M

   nvcpl.dll Sat 2005-12-10 3:06:00 A.... 7 311 360 6,97 M

   nvmctray.dll Sat 2005-12-10 3:06:00 A.... 86 016 84,00 K

   nvwddi.dll Sat 2005-12-10 3:06:00 A.... 81 920 80,00 K

   nvnt4cpl.dll Sat 2005-12-10 3:06:00 A.... 286 720 280,00 K

   nvmccs.dll Sat 2005-12-10 3:06:00 A.... 229 376 224,00 K

   nvcod.dll Sat 2005-12-10 3:06:00 A.... 35 840 35,00 K

   nvcodins.dll Sat 2005-12-10 3:06:00 A.... 35 840 35,00 K

   nview.dll Sat 2005-12-10 3:06:00 A.... 1 466 368 1,40 M

   nvshell.dll Sat 2005-12-10 3:06:00 A.... 466 944 456,00 K

   nvwdmcpl.dll Sat 2005-12-10 3:06:00 A.... 1 662 976 1,59 M

   nvwimg.dll Sat 2005-12-10 3:06:00 A.... 1 019 904 996,00 K

   nvmccsrs.dll Sat 2005-12-10 3:06:00 A.... 45 056 44,00 K

   hashlib.dll Tue 2005-11-15 12:12:08 A.... 117 976 115,21 K

   gcunco~1.dll Tue 2005-11-15 12:12:06 A.... 95 448 93,21 K

   browseui.dll Thu 2005-11-24 1:39:20 A.... 1 022 464 998,50 K

   mshtml.dll Thu 2005-11-24 1:39:22 A.... 3 013 632 2,87 M

   gccoll~1.dll Tue 2005-11-15 12:12:08 A.... 126 680 123,71 K

   cmdlin~1.dll Mon 2005-12-26 15:31:02 A.... 98 304 96,00 K

   urlmon.dll Sat 2005-11-05 4:18:08 A.... 605 184 591,00 K

   danim.dll Sat 2005-11-05 4:18:02 A.... 1 055 744 1,00 M

   shdocvw.dll Thu 2005-12-01 4:34:28 A.... 1 492 480 1,42 M

   px.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

   pxmas.dll Mon 2005-12-05 6:12:26 ..... 172 032 168,00 K

   pxwave.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

   vxblock.dll Mon 2005-12-05 6:12:26 ..... 28 672 28,00 K

   pxdrv.dll Mon 2005-12-05 6:12:26 ..... 405 504 396,00 K

   mobolext.dll Mon 2005-10-31 21:28:22 A.... 69 632 68,00 K

   gdi32.dll Thu 2005-12-29 3:56:06 A.... 280 064 273,50 K

   w95inf16.dll Fri 2006-01-13 13:58:42 A.... 2 272 2,22 K

   w95inf32.dll Fri 2006-01-13 13:58:42 A.... 4 608 4,50 K

   ultra.dll Sat 2006-01-14 21:31:32 A.... 0 0,00 K


35 items found: 35 files, 0 directories.

   Total of file sizes: 32 041 064 bytes 30,55 M

Locate .tmp files:


C:\WINDOWS\SYSTEM32\

   atmtdd~1.tmp Sat 2006-01-14 16:28:36 A.... 0 0,00 K


1 item found: 1 file, 0 directories.

   Total of file sizes: 0 bytes 0,00 K

**********************************************************************************

Directory Listing of system files:

 Wolumin w stacji C nie ma etykiety.

 Numer seryjny woluminu: 3625-19FE


 Katalog: C:\WINDOWS\System32


2006-01-13 17:21 32 {A3F85129-F579-4D6B-B4B2-8CDFB8C09AAD}.dat

2006-01-13 17:16 32 {B622AD98-5CEF-4ACA-A3D5-A9285F5CE376}.dat

2006-01-13 17:09 32 {522D16FB-7701-403B-9966-DBE80BB0EBD6}.dat

2006-01-13 17:09 32 {C057A48A-6411-4688-BD85-217CE4433776}.dat

2006-01-13 17:09 32 {3544D9D6-824C-4505-B6A5-0B96D3D333E2}.dat

2005-12-25 19:26    




A to jest log z Silenta

[code]“Silent Runners.vbs”, revision 43, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “gcasServ” = ““C:\Program Files\Microsoft AntiSpyware\gcasServ.exe”” [MS] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL” [MS] “{C81DCBCA-8AE2-41FC-9C39-78B160393210}” = “RhinoShExt” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\RhinoShExt.dll” [“Robert McNeel & Associates”] “{6DEA92E9-8682-4b6a-97DE-354772FE5727}” = “Autodesk DWF Preview” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll” [“Autodesk”] “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” = “UltimateZip Shell Extension” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] “{2F860D82-AF3C-11D4-BDB3-00E0987D8540}” = “UltimateZip Drag Drop Handler” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshldr.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{9EF34FF2-3396-4527-9D27-04C8C1C67806}” = “Microsoft AntiSpyware Service Hook” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Microsoft AntiSpyware\shellextension.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! Dynamic Directory\DLLName = “C:\WINDOWS\system32\s0pu0a79ed.dll” [file not found] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] RhinoShExt(Default) = “{C81DCBCA-8AE2-41FC-9C39-78B160393210}” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\RhinoShExt.dll” [“Robert McNeel & Associates”] UltimateZip(Default) = “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] UltimateZip(Default) = “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\MINIMI~1.SCR” (MINIMINI - OLINEK OKRAGLINEK.SCR) [“Hua SoftWare (www.21hua.com)”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\system32\wshbth.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{327C2873-E90D-4C37-AA9D-10AC9BABA46C}” = “Easy-WebPrint” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Canon\Easy-WebPrint\Toolband.dll” [null data] Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{03C1C47F-0538-4645-8372-D3109B9FC636}\ = “Easy-WebPrint” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Canon\Easy-WebPrint\Toolband.dll” [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Autodesk Licensing Service, Autodesk Licensing Service, ““C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe”” [“Autodesk”] avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe” [null data] Bluetooth Support Service, BthServ, “C:\WINDOWS\system32\svchost.exe -k bthsvcs” {“C:\WINDOWS\System32\bthserv.dll” [MS]} Diskeeper, Diskeeper, ““C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe”” [“Diskeeper Corporation”] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Norton Unerase Protection, NProtectService, “C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE” [“Symantec Corporation”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] RaySat_3dsmax8 Server, mi-raysat_3dsmax8, ““C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe”” [null data] SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\system32\UAService7.exe” [“Sony DADC Austria AG.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor PIXMA iP2000\Driver = “CNMLM66.DLL” [“CANON INC.”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 37 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 28 seconds. ---------- (total run time: 101 seconds)

Złączono Posta : 23.01.2006 (Pon) 19:31

Proszę o ocenę

Gutek · 23 Styczeń 2006 19:30

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H s0pu0a79ed.dll

ATTRIB -R-S-H atmtdd~1.tmp

DEL s0pu0a79ed.dll

DEL atmtdd~1.tmp

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG.

djandru · 23 Styczeń 2006 21:22

W Konsoli Odzyskiwania system twierdzi że nie może znaleść pliku s0pu0a79ed.dll .

Nowy log L2MFix

L2MFIX find log 010406

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

  6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

  6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

  6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

  6c,00,6c,00,00,00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

  6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001


**********************************************************************************

useragent:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Karta waciwoci pliku multimedialnego"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona waciwoci OLE Docfile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usugi DS"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodnoci"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsugi danych wycinkowych powoki"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powoki dla kompresji plik˘w"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoĄczenia sieciowe"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoĄczenia sieciowe"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powoki zwi©kszonej"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powoki zwi©kszonej 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupenianie Microsoft"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeniania MRU"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ledzenia"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeniania historii Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powoki"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powoki"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powoki"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powoki kreatora publikacji"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanau"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanau"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsugi kanau"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"

"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"

"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"

"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"

"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"

"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"

"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"

"{C81DCBCA-8AE2-41FC-9C39-78B160393210}"="RhinoShExt"

"{6DEA92E9-8682-4b6a-97DE-354772FE5727}"="Autodesk DWF Preview"

"{2F860D81-AF3C-11D4-BDB3-00E0987D8540}"="UltimateZip Shell Extension"

"{2F860D82-AF3C-11D4-BDB3-00E0987D8540}"="UltimateZip Drag Drop Handler"


**********************************************************************************

HKEY ROOT CLASSIDS:

**********************************************************************************

Files Found are not all bad files:


C:\WINDOWS\SYSTEM32\

   nv4_disp.dll Sat 2005-12-10 3:06:00 A.... 3 955 456 3,77 M

   nvhwvid.dll Sat 2005-12-10 3:06:00 A.... 573 440 560,00 K

   nvapi.dll Sat 2005-12-10 3:06:00 A.... 110 592 108,00 K

   nvoglnt.dll Sat 2005-12-10 3:06:00 A.... 5 402 624 5,15 M

   nvcpl.dll Sat 2005-12-10 3:06:00 A.... 7 311 360 6,97 M

   nvmctray.dll Sat 2005-12-10 3:06:00 A.... 86 016 84,00 K

   nvwddi.dll Sat 2005-12-10 3:06:00 A.... 81 920 80,00 K

   nvnt4cpl.dll Sat 2005-12-10 3:06:00 A.... 286 720 280,00 K

   nvmccs.dll Sat 2005-12-10 3:06:00 A.... 229 376 224,00 K

   nvcod.dll Sat 2005-12-10 3:06:00 A.... 35 840 35,00 K

   nvcodins.dll Sat 2005-12-10 3:06:00 A.... 35 840 35,00 K

   nview.dll Sat 2005-12-10 3:06:00 A.... 1 466 368 1,40 M

   nvshell.dll Sat 2005-12-10 3:06:00 A.... 466 944 456,00 K

   nvwdmcpl.dll Sat 2005-12-10 3:06:00 A.... 1 662 976 1,59 M

   nvwimg.dll Sat 2005-12-10 3:06:00 A.... 1 019 904 996,00 K

   nvmccsrs.dll Sat 2005-12-10 3:06:00 A.... 45 056 44,00 K

   hashlib.dll Tue 2005-11-15 12:12:08 A.... 117 976 115,21 K

   gcunco~1.dll Tue 2005-11-15 12:12:06 A.... 95 448 93,21 K

   browseui.dll Thu 2005-11-24 1:39:20 A.... 1 022 464 998,50 K

   mshtml.dll Thu 2005-11-24 1:39:22 A.... 3 013 632 2,87 M

   gccoll~1.dll Tue 2005-11-15 12:12:08 A.... 126 680 123,71 K

   cmdlin~1.dll Mon 2005-12-26 15:31:02 A.... 98 304 96,00 K

   urlmon.dll Sat 2005-11-05 4:18:08 A.... 605 184 591,00 K

   danim.dll Sat 2005-11-05 4:18:02 A.... 1 055 744 1,00 M

   shdocvw.dll Thu 2005-12-01 4:34:28 A.... 1 492 480 1,42 M

   px.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

   pxmas.dll Mon 2005-12-05 6:12:26 ..... 172 032 168,00 K

   pxwave.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

   vxblock.dll Mon 2005-12-05 6:12:26 ..... 28 672 28,00 K

   pxdrv.dll Mon 2005-12-05 6:12:26 ..... 405 504 396,00 K

   mobolext.dll Mon 2005-10-31 21:28:22 A.... 69 632 68,00 K

   gdi32.dll Thu 2005-12-29 3:56:06 A.... 280 064 273,50 K

   w95inf16.dll Fri 2006-01-13 13:58:42 A.... 2 272 2,22 K

   w95inf32.dll Fri 2006-01-13 13:58:42 A.... 4 608 4,50 K

   ultra.dll Sat 2006-01-14 21:31:32 A.... 0 0,00 K


35 items found: 35 files, 0 directories.

   Total of file sizes: 32 041 064 bytes 30,55 M

Locate .tmp files:


No matches found.

**********************************************************************************

Directory Listing of system files:

 Wolumin w stacji C nie ma etykiety.

 Numer seryjny woluminu: 3625-19FE


 Katalog: C:\WINDOWS\System32


2006-01-13 17:21 32 {A3F85129-F579-4D6B-B4B2-8CDFB8C09AAD}.dat

2006-01-13 17:16 32 {B622AD98-5CEF-4ACA-A3D5-A9285F5CE376}.dat

2006-01-13 17:09 32 {522D16FB-7701-403B-9966-DBE80BB0EBD6}.dat

2006-01-13 17:09 32 {C057A48A-6411-4688-BD85-217CE4433776}.dat

2006-01-13 17:09 32 {3544D9D6-824C-4505-B6A5-0B96D3D333E2}.dat

2005-12-25 19:26    




Nowy log Silenta

[code]“Silent Runners.vbs”, revision 43, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “gcasServ” = ““C:\Program Files\Microsoft AntiSpyware\gcasServ.exe”” [MS] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL” [MS] “{C81DCBCA-8AE2-41FC-9C39-78B160393210}” = “RhinoShExt” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\RhinoShExt.dll” [“Robert McNeel & Associates”] “{6DEA92E9-8682-4b6a-97DE-354772FE5727}” = “Autodesk DWF Preview” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll” [“Autodesk”] “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” = “UltimateZip Shell Extension” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] “{2F860D82-AF3C-11D4-BDB3-00E0987D8540}” = “UltimateZip Drag Drop Handler” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshldr.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{9EF34FF2-3396-4527-9D27-04C8C1C67806}” = “Microsoft AntiSpyware Service Hook” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Microsoft AntiSpyware\shellextension.dll” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] RhinoShExt(Default) = “{C81DCBCA-8AE2-41FC-9C39-78B160393210}” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\RhinoShExt.dll” [“Robert McNeel & Associates”] UltimateZip(Default) = “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] UltimateZip(Default) = “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\MINIMI~1.SCR” (MINIMINI - OLINEK OKRAGLINEK.SCR) [“Hua SoftWare (www.21hua.com)”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\system32\wshbth.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{327C2873-E90D-4C37-AA9D-10AC9BABA46C}” = “Easy-WebPrint” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Canon\Easy-WebPrint\Toolband.dll” [null data] Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{03C1C47F-0538-4645-8372-D3109B9FC636}\ = “Easy-WebPrint” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Canon\Easy-WebPrint\Toolband.dll” [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Autodesk Licensing Service, Autodesk Licensing Service, ““C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe”” [“Autodesk”] avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe” [null data] Bluetooth Support Service, BthServ, “C:\WINDOWS\system32\svchost.exe -k bthsvcs” {“C:\WINDOWS\System32\bthserv.dll” [MS]} Diskeeper, Diskeeper, ““C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe”” [“Diskeeper Corporation”] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Norton Unerase Protection, NProtectService, “C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE” [“Symantec Corporation”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] RaySat_3dsmax8 Server, mi-raysat_3dsmax8, ““C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe”” [null data] SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\system32\UAService7.exe” [“Sony DADC Austria AG.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor PIXMA iP2000\Driver = “CNMLM66.DLL” [“CANON INC.”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 37 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 29 seconds. ---------- (total run time: 98 seconds)

Gutek · 23 Styczeń 2006 21:30

No juz Ok

djandru · 23 Styczeń 2006 21:40

WIELKIE DZIĘKI