Proszę o sprawdzenie loga


(Karuzel) #1

Bardzo bym prosił o sprawdzenie loga.Sam nie daję rady.WIRUSY-help.

Logfile of HijackThis v1.99.1

Scan saved at 13:45:27, on 2006-01-24

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\windows\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\windows\Explorer.EXE

C:\windows\system32\spoolsv.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\windows\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\winlogon.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\windows\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\UAService7.exe

C:\windows\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\DOCUME~1\mariusz\USTAWI~1\Temp\Rar$EX00.781\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\mariusz\USTAWI~1\Temp\Rar$EX00.297\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe /tsr

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.pcworld.pl

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_66.cab

O20 - AppInit_DLLs: C:\windows\System32\wmfhotfix.dll

O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\n4p40e7qeh.dll

O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe


(Gutek) #2

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Windows Logon Process Service a w awaryjnym trybie usun plik

Ściągnij L2Mfix i daj log nr 1 z narzędzia L2Mfix

Jak masz

l2mfix.png

wybierasz opcję 1. Run Find Log = odpowiednik tworzenia loga w FindIt. Patrz dalej na LOG NUMER 1. ZAWSZE tego loga macie utworzyć by mi pokazać


(Karuzel) #3

Dzięki.Zatrzymałem i wyłączyłem Windows Logon Process Service.W awaryjnym usunąłem " O20 - AppInit_DLLs: C:\windows\System32\wmfhotfix.dll ".Pliku drugiego nie było(O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\n4p40e7qeh.dll ).Były 2 inne:020 Winlogon Notify: WRNotifer-c:\windows\SYSTEM 32\WRLogonNTF.dll i 020 Winlogon Notify: Control Panel-C:\WINDOWS\system 32\jt2407fqe.dll.Tych nie usunąłem.(???)A oto mój LOG z L2MFix:

L2MFIX find log 010406

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings]

"Asynchronous"=dword:00000000

"DllName"="C:\WINDOWS\system32\n64slgh7164.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

"Asynchronous"=dword:00000000

"DllName"="WRLogonNTF.dll"

"Impersonate"=dword:00000001

"Lock"="WRLock"

"StartScreenSaver"="WRStartScreenSaver"

"StartShell"="WRStartShell"

"Startup"="WRStartup"

"StopScreenSaver"="WRStopScreenSaver"

"Unlock"="WRUnlock"

"Shutdown"="WRShutdown"

"Logoff"="WRLogoff"

"Logon"="WRLogon"

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{3B0B6DF9-4ADD-BE16-ABFA-D4B5A9AD99E0}"=""

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Karta waciwoci pliku multimedialnego"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona waciwoci OLE Docfile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usugi DS"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodnoci"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsugi danych wycinkowych powoki"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powoki dla kompresji plik˘w"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoĄczenia sieciowe"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoĄczenia sieciowe"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenie powloki dla programu Windows Script Host"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powoki zwi©kszonej"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powoki zwi©kszonej 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupenianie Microsoft"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeniania MRU"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ledzenia"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeniania historii Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powoki"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powoki"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powoki"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powoki kreatora publikacji"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanau"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanau"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsugi kanau"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{58567DF8-0D9B-4E3F-A4FE-F49C63371AC3}"=""

"{92106334-0C70-48DC-8A6A-475DCF3196B4}"=""

"{E5CC2094-CDB8-48B5-9597-2C754A94E04E}"=""

"{677E3128-F03E-45EF-A1B9-F38954B7B8A8}"=""

"{D30003E6-3559-4416-8AB0-8FE3E36010F4}"=""

"{9C75F4C8-97B5-4B2B-A686-9A9D55D545FB}"=""

**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{58567DF8-0D9B-4E3F-A4FE-F49C63371AC3}]

@=""

"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID{58567DF8-0D9B-4E3F-A4FE-F49C63371AC3}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{58567DF8-0D9B-4E3F-A4FE-F49C63371AC3}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{58567DF8-0D9B-4E3F-A4FE-F49C63371AC3}\InprocServer32]

@="C:\WINDOWS\system32\rhpsnd.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{E5CC2094-CDB8-48B5-9597-2C754A94E04E}]

@=""

[HKEY_CLASSES_ROOT\CLSID{E5CC2094-CDB8-48B5-9597-2C754A94E04E}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{E5CC2094-CDB8-48B5-9597-2C754A94E04E}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{E5CC2094-CDB8-48B5-9597-2C754A94E04E}\InprocServer32]

@="C:\windows\system32\nolanui.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{677E3128-F03E-45EF-A1B9-F38954B7B8A8}]

@=""

[HKEY_CLASSES_ROOT\CLSID{677E3128-F03E-45EF-A1B9-F38954B7B8A8}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{677E3128-F03E-45EF-A1B9-F38954B7B8A8}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{677E3128-F03E-45EF-A1B9-F38954B7B8A8}\InprocServer32]

@="C:\windows\system32\nklanui2.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{D30003E6-3559-4416-8AB0-8FE3E36010F4}]

@=""

[HKEY_CLASSES_ROOT\CLSID{D30003E6-3559-4416-8AB0-8FE3E36010F4}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{D30003E6-3559-4416-8AB0-8FE3E36010F4}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{D30003E6-3559-4416-8AB0-8FE3E36010F4}\InprocServer32]

@="C:\windows\system32\mtident.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{9C75F4C8-97B5-4B2B-A686-9A9D55D545FB}]

@=""

[HKEY_CLASSES_ROOT\CLSID{9C75F4C8-97B5-4B2B-A686-9A9D55D545FB}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{9C75F4C8-97B5-4B2B-A686-9A9D55D545FB}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{9C75F4C8-97B5-4B2B-A686-9A9D55D545FB}\InprocServer32]

@="C:\windows\system32\aotodisc.dll"

"ThreadingModel"="Apartment"

**********************************************************************************

Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\

aotodisc.dll Tue 2006-01-24 15:17:00 ..S.R 234 121 228,63 K

chip.dll Thu 2005-12-01 23:20:18 A.... 34 308 33,50 K

cmdlin~1.dll Sat 2005-12-03 22:44:42 A.... 98 304 96,00 K

h2n00c~1.dll Tue 2006-01-24 15:17:00 ..S.R 234 173 228,68 K

msssc.dll Wed 2005-11-30 22:45:36 A.... 44 0,04 K

mtident.dll Tue 2006-01-24 11:47:48 ..S.R 235 013 229,50 K

n64slg~1.dll Tue 2006-01-24 15:08:24 ..S.R 234 121 228,63 K

nv4_disp.dll Fri 2005-11-11 13:47:00 A.... 3 924 992 3,74 M

nvapi.dll Fri 2005-11-11 13:47:00 A.... 86 016 84,00 K

nvcod.dll Fri 2005-11-11 13:47:00 A.... 35 328 34,50 K

nvcodins.dll Fri 2005-11-11 13:47:00 A.... 35 328 34,50 K

nvcpl.dll Fri 2005-11-11 13:47:00 A.... 7 311 360 6,97 M

nvhwvid.dll Fri 2005-11-11 13:47:00 A.... 573 440 560,00 K

nview.dll Fri 2005-11-11 13:47:00 A.... 1 466 368 1,40 M

nvmccs.dll Fri 2005-11-11 13:47:00 A.... 229 376 224,00 K

nvmccsrs.dll Fri 2005-11-11 13:47:00 A.... 45 056 44,00 K

nvmctray.dll Fri 2005-11-11 13:47:00 A.... 86 016 84,00 K

nvnt4cpl.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvoglnt.dll Fri 2005-11-11 13:47:00 A.... 5 394 432 5,14 M

nvrsar.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvrscs.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrsda.dll Fri 2005-11-11 13:47:00 A.... 245 760 240,00 K

nvrsde.dll Fri 2005-11-11 13:47:00 A.... 270 336 264,00 K

nvrsel.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrseng.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrses.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrsesm.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsfi.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrsfr.dll Fri 2005-11-11 13:47:00 A.... 278 528 272,00 K

nvrshe.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvrshu.dll Fri 2005-11-11 13:47:00 A.... 253 952 248,00 K

nvrsit.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrsja.dll Fri 2005-11-11 13:47:00 A.... 258 048 252,00 K

nvrsko.dll Fri 2005-11-11 13:47:00 A.... 253 952 248,00 K

nvrsnl.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsno.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrspl.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrspt.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsptb.dll Fri 2005-11-11 13:47:00 A.... 262 144 256,00 K

nvrsru.dll Fri 2005-11-11 13:47:00 A.... 262 144 256,00 K

nvrssk.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrssl.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrssv.dll Fri 2005-11-11 13:47:00 A.... 245 760 240,00 K

nvrstr.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrszhc.dll Fri 2005-11-11 13:47:00 A.... 217 088 212,00 K

nvrszht.dll Fri 2005-11-11 13:47:00 A.... 118 784 116,00 K

nvshell.dll Fri 2005-11-11 13:47:00 A.... 466 944 456,00 K

nvwddi.dll Fri 2005-11-11 13:47:00 A.... 81 920 80,00 K

nvwdmcpl.dll Fri 2005-11-11 13:47:00 A.... 1 662 976 1,59 M

nvwimg.dll Fri 2005-11-11 13:47:00 A.... 1 019 904 996,00 K

nvwrsar.dll Fri 2005-11-11 13:47:00 A.... 282 624 276,00 K

nvwrscs.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvwrsda.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrsde.dll Fri 2005-11-11 13:47:00 A.... 311 296 304,00 K

nvwrsel.dll Fri 2005-11-11 13:47:00 A.... 335 872 328,00 K

nvwrseng.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvwrses.dll Fri 2005-11-11 13:47:00 A.... 335 872 328,00 K

nvwrsesm.dll Fri 2005-11-11 13:47:00 A.... 327 680 320,00 K

nvwrsfi.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrsfr.dll Fri 2005-11-11 13:47:00 A.... 327 680 320,00 K

nvwrshe.dll Fri 2005-11-11 13:47:00 A.... 278 528 272,00 K

nvwrshu.dll Fri 2005-11-11 13:47:00 A.... 315 392 308,00 K

nvwrsit.dll Fri 2005-11-11 13:47:00 A.... 323 584 316,00 K

nvwrsja.dll Fri 2005-11-11 13:47:00 A.... 212 992 208,00 K

nvwrsko.dll Fri 2005-11-11 13:47:00 A.... 196 608 192,00 K

nvwrsnl.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvwrsno.dll Fri 2005-11-11 13:47:00 A.... 299 008 292,00 K

nvwrspl.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrspt.dll Fri 2005-11-11 13:47:00 A.... 323 584 316,00 K

nvwrsptb.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvwrsru.dll Fri 2005-11-11 13:47:00 A.... 315 392 308,00 K

nvwrssk.dll Fri 2005-11-11 13:47:00 A.... 299 008 292,00 K

nvwrssl.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrssv.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrstr.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrszhc.dll Fri 2005-11-11 13:47:00 A.... 163 840 160,00 K

nvwrszht.dll Fri 2005-11-11 13:47:00 A.... 167 936 164,00 K

plspl.dll Tue 2006-01-24 15:08:24 ..S.R 236 529 230,98 K

px.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

pxdrv.dll Mon 2005-12-05 6:12:26 ..... 405 504 396,00 K

pxmas.dll Mon 2005-12-05 6:12:26 ..... 172 032 168,00 K

pxwave.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

s32evnt1.dll Thu 2005-12-01 12:14:20 A.... 86 091 84,07 K

vxblock.dll Mon 2005-12-05 6:12:26 ..... 28 672 28,00 K

wmfhot~1.dll Tue 2006-01-17 10:44:22 A.... 3 584 3,50 K

wrlogo~1.dll Thu 2005-10-27 16:41:02 A.... 492 544 481,00 K

wrlzma.dll Thu 2005-10-27 16:40:58 A.... 17 920 17,50 K

zlbw.dll Mon 2005-12-19 20:50:16 A.... 46 592 45,50 K

88 items found: 88 files (5 H/S), 0 directories.

Total of file sizes: 40 670 784 bytes 38,79 M

Locate .tmp files:

C:\WINDOWS\SYSTEM32\

guard.tmp Tue 2006-01-24 15:17:04 A.... 235 641 230,12 K

1 item found: 1 file, 0 directories.

Total of file sizes: 235 641 bytes 230,12 K

**********************************************************************************

Directory Listing of system files:

Wolumin w stacji C nie ma etykiety.

Numer seryjny woluminu: 0894-691B

Katalog: C:\windows\System32

2006-01-24 15:16 234˙121 aotodisc.dll

2006-01-24 15:16 234˙173 h2n00c5mef.dll

2006-01-24 15:08 236˙529 plspl.dll

2006-01-24 15:08 234˙121 n64slgh7164.dll

2006-01-24 11:47 235˙013 mtident.dll

2006-01-21 16:36

2005-12-01 22:35

1999-09-30 19:21 166˙672 mstext35.dll

1999-09-28 21:42 1˙050˙896 msjet35.dll

1999-09-09 22:06 168˙720 msltus35.dll

1999-09-09 22:06 252˙688 msexcl35.dll

1999-08-25 14:57 415˙504 msrepl35.dll

1999-06-10 09:34 123˙664 msjint35.dll

1999-06-10 09:34 24˙848 msjter35.dll

1999-06-07 18:59 250˙128 mspdox35.dll

1999-04-25 17:00 252˙176 Msrd2x35.dll

1999-04-25 17:00 368˙912 Vbar332.dll

1999-04-25 17:00 287˙504 Msxbse35.dll

16 plik(˘w) 4˙535˙669 bajt˘w

2 katalog(˘w) 51˙210˙350˙592 bajt˘w wolnych


(Gutek) #4

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H guard.tmp

ATTRIB -R-S-H aotodisc.dll

ATTRIB -R-S-H h2n00c5mef.dll

ATTRIB -R-S-H plspl.dll

ATTRIB -R-S-H n64slgh7164.dll

ATTRIB -R-S-H nklanui2.dll

ATTRIB -R-S-H nolanui.dll

ATTRIB -R-S-H mtident.dll

ATTRIB -R-S-H mstext35.dll

ATTRIB -R-S-H msjet35.dll

ATTRIB -R-S-H msltus35.dll

ATTRIB -R-S-H msexcl35.dll

ATTRIB -R-S-H msrepl35.dll

ATTRIB -R-S-H msjint35.dll

ATTRIB -R-S-H msjter35.dll

ATTRIB -R-S-H mspdox35.dll

ATTRIB -R-S-H Msrd2x35.dll

ATTRIB -R-S-H rhpsnd.dll

ATTRIB -R-S-H Vbar332.dll

ATTRIB -R-S-H Msxbse35.dll

ATTRIB -R-S-H zlbw.dll

DEL guard.tmp

DEL aotodisc.dll

DEL h2n00c5mef.dll

DEL plspl.dll

DEL n64slgh7164.dll

DEL nklanui2.dll

DEL nolanui.dll

DEL mtident.dll

DEL mstext35.dll

DEL msjet35.dll

DEL msltus35.dll

DEL msexcl35.dll

DEL msrepl35.dll

DEL msjint35.dll

DEL msjter35.dll

DEL mspdox35.dll

DEL Msrd2x35.dll

DEL rhpsnd.dll

DEL Vbar332.dll

DEL Msxbse35.dll

DEL zlbw.dll

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz mi nowego loga L2MFix robionego z opcji 1.

EDIT: Kurcze nie sprawdzilem wpisow i zobaczcie jakie bledy jeden - a jakie zniszczenia. Poprawiony aby sie nie mylic


(Karuzel) #5

Zrobiłem wszystko zgodnie ze wskazówkami.Te pliki nie zostały znalezione:

h2n00c5mef.dll

plspl.dll

n64slgh7164.dll

nklanui2.dll

nolanui.dll

rhpsnd.dll

A oto moje nowe logo:

L2MFIX find log 010406

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]

"Asynchronous"=dword:00000000

"DllName"="C:\WINDOWS\system32\p88q0il5e8q.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{3B0B6DF9-4ADD-BE16-ABFA-D4B5A9AD99E0}"=""

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Karta waciwoci pliku multimedialnego"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona waciwoci OLE Docfile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usugi DS"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodnoci"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsugi danych wycinkowych powoki"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powoki dla kompresji plik˘w"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoĄczenia sieciowe"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoĄczenia sieciowe"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenie powloki dla programu Windows Script Host"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powoki zwi©kszonej"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powoki zwi©kszonej 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupenianie Microsoft"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeniania MRU"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ledzenia"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeniania historii Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powoki"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powoki"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powoki"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powoki kreatora publikacji"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanau"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanau"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsugi kanau"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{58567DF8-0D9B-4E3F-A4FE-F49C63371AC3}"=""

"{92106334-0C70-48DC-8A6A-475DCF3196B4}"=""

"{E5CC2094-CDB8-48B5-9597-2C754A94E04E}"=""

"{677E3128-F03E-45EF-A1B9-F38954B7B8A8}"=""

"{D30003E6-3559-4416-8AB0-8FE3E36010F4}"=""

"{9C75F4C8-97B5-4B2B-A686-9A9D55D545FB}"=""

"{7EB0259C-CBE5-4087-A986-075B1CD072AB}"=""

"{235CCDBD-34BE-478C-A945-737E22C86AEF}"=""

"{4389C7C2-6749-488A-9072-90CBE3AE64D0}"=""

"{DD239313-D963-40E5-8708-E3E461B17474}"=""

"{742DE5F9-DC0D-4FB5-83E2-4B20D91D2EB4}"=""

"{21DDB774-7C0C-4437-818E-A3C1AFE21881}"=""

**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{58567DF8-0D9B-4E3F-A4FE-F49C63371AC3}]

@=""

"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID{58567DF8-0D9B-4E3F-A4FE-F49C63371AC3}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{58567DF8-0D9B-4E3F-A4FE-F49C63371AC3}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{58567DF8-0D9B-4E3F-A4FE-F49C63371AC3}\InprocServer32]

@="C:\WINDOWS\system32\rhpsnd.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{E5CC2094-CDB8-48B5-9597-2C754A94E04E}]

@=""

[HKEY_CLASSES_ROOT\CLSID{E5CC2094-CDB8-48B5-9597-2C754A94E04E}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{E5CC2094-CDB8-48B5-9597-2C754A94E04E}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{E5CC2094-CDB8-48B5-9597-2C754A94E04E}\InprocServer32]

@="C:\windows\system32\nolanui.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{677E3128-F03E-45EF-A1B9-F38954B7B8A8}]

@=""

[HKEY_CLASSES_ROOT\CLSID{677E3128-F03E-45EF-A1B9-F38954B7B8A8}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{677E3128-F03E-45EF-A1B9-F38954B7B8A8}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{677E3128-F03E-45EF-A1B9-F38954B7B8A8}\InprocServer32]

@="C:\windows\system32\nklanui2.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{D30003E6-3559-4416-8AB0-8FE3E36010F4}]

@=""

[HKEY_CLASSES_ROOT\CLSID{D30003E6-3559-4416-8AB0-8FE3E36010F4}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{D30003E6-3559-4416-8AB0-8FE3E36010F4}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{D30003E6-3559-4416-8AB0-8FE3E36010F4}\InprocServer32]

@="C:\windows\system32\mtident.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{9C75F4C8-97B5-4B2B-A686-9A9D55D545FB}]

@=""

[HKEY_CLASSES_ROOT\CLSID{9C75F4C8-97B5-4B2B-A686-9A9D55D545FB}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{9C75F4C8-97B5-4B2B-A686-9A9D55D545FB}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{9C75F4C8-97B5-4B2B-A686-9A9D55D545FB}\InprocServer32]

@="C:\windows\system32\aotodisc.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{7EB0259C-CBE5-4087-A986-075B1CD072AB}]

@=""

[HKEY_CLASSES_ROOT\CLSID{7EB0259C-CBE5-4087-A986-075B1CD072AB}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{7EB0259C-CBE5-4087-A986-075B1CD072AB}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{7EB0259C-CBE5-4087-A986-075B1CD072AB}\InprocServer32]

@="C:\windows\system32\tfbyuv.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{235CCDBD-34BE-478C-A945-737E22C86AEF}]

@=""

[HKEY_CLASSES_ROOT\CLSID{235CCDBD-34BE-478C-A945-737E22C86AEF}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{235CCDBD-34BE-478C-A945-737E22C86AEF}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{235CCDBD-34BE-478C-A945-737E22C86AEF}\InprocServer32]

@="C:\windows\system32\igetcplc.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{4389C7C2-6749-488A-9072-90CBE3AE64D0}]

@=""

[HKEY_CLASSES_ROOT\CLSID{4389C7C2-6749-488A-9072-90CBE3AE64D0}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{4389C7C2-6749-488A-9072-90CBE3AE64D0}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{4389C7C2-6749-488A-9072-90CBE3AE64D0}\InprocServer32]

@="C:\windows\system32\cMpesnpn.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{DD239313-D963-40E5-8708-E3E461B17474}]

@=""

[HKEY_CLASSES_ROOT\CLSID{DD239313-D963-40E5-8708-E3E461B17474}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{DD239313-D963-40E5-8708-E3E461B17474}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{DD239313-D963-40E5-8708-E3E461B17474}\InprocServer32]

@="C:\windows\system32\dvrpsetu.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{742DE5F9-DC0D-4FB5-83E2-4B20D91D2EB4}]

@=""

[HKEY_CLASSES_ROOT\CLSID{742DE5F9-DC0D-4FB5-83E2-4B20D91D2EB4}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{742DE5F9-DC0D-4FB5-83E2-4B20D91D2EB4}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{742DE5F9-DC0D-4FB5-83E2-4B20D91D2EB4}\InprocServer32]

@="C:\windows\system32\vupodbc.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{21DDB774-7C0C-4437-818E-A3C1AFE21881}]

@=""

[HKEY_CLASSES_ROOT\CLSID{21DDB774-7C0C-4437-818E-A3C1AFE21881}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{21DDB774-7C0C-4437-818E-A3C1AFE21881}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{21DDB774-7C0C-4437-818E-A3C1AFE21881}\InprocServer32]

@="C:\windows\system32\aaphelp.dll"

"ThreadingModel"="Apartment"

**********************************************************************************

Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\

aaphelp.dll Tue 2006-01-24 22:28:14 ..S.R 233 984 228,50 K

chip.dll Thu 2005-12-01 23:20:18 A.... 34 308 33,50 K

cmdlin~1.dll Sat 2005-12-03 22:44:42 A.... 98 304 96,00 K

cmpesnpn.dll Tue 2006-01-24 16:54:04 ..S.R 235 267 229,75 K

dn4q01~1.dll Tue 2006-01-24 16:07:14 ..S.R 235 753 230,23 K

drcprop2.dll Tue 2006-01-24 22:22:46 ..S.R 235 300 229,79 K

dvrpsetu.dll Tue 2006-01-24 18:18:00 ..S.R 236 295 230,75 K

igetcplc.dll Tue 2006-01-24 16:22:48 ..S.R 234 323 228,83 K

jt0207~1.dll Tue 2006-01-24 22:22:52 ..S.R 236 775 231,22 K

msssc.dll Wed 2005-11-30 22:45:36 A.... 44 0,04 K

nv4_disp.dll Fri 2005-11-11 13:47:00 A.... 3 924 992 3,74 M

nvapi.dll Fri 2005-11-11 13:47:00 A.... 86 016 84,00 K

nvcod.dll Fri 2005-11-11 13:47:00 A.... 35 328 34,50 K

nvcodins.dll Fri 2005-11-11 13:47:00 A.... 35 328 34,50 K

nvcpl.dll Fri 2005-11-11 13:47:00 A.... 7 311 360 6,97 M

nvhwvid.dll Fri 2005-11-11 13:47:00 A.... 573 440 560,00 K

nview.dll Fri 2005-11-11 13:47:00 A.... 1 466 368 1,40 M

nvmccs.dll Fri 2005-11-11 13:47:00 A.... 229 376 224,00 K

nvmccsrs.dll Fri 2005-11-11 13:47:00 A.... 45 056 44,00 K

nvmctray.dll Fri 2005-11-11 13:47:00 A.... 86 016 84,00 K

nvnt4cpl.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvoglnt.dll Fri 2005-11-11 13:47:00 A.... 5 394 432 5,14 M

nvrsar.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvrscs.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrsda.dll Fri 2005-11-11 13:47:00 A.... 245 760 240,00 K

nvrsde.dll Fri 2005-11-11 13:47:00 A.... 270 336 264,00 K

nvrsel.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrseng.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrses.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrsesm.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsfi.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrsfr.dll Fri 2005-11-11 13:47:00 A.... 278 528 272,00 K

nvrshe.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvrshu.dll Fri 2005-11-11 13:47:00 A.... 253 952 248,00 K

nvrsit.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrsja.dll Fri 2005-11-11 13:47:00 A.... 258 048 252,00 K

nvrsko.dll Fri 2005-11-11 13:47:00 A.... 253 952 248,00 K

nvrsnl.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsno.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrspl.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrspt.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsptb.dll Fri 2005-11-11 13:47:00 A.... 262 144 256,00 K

nvrsru.dll Fri 2005-11-11 13:47:00 A.... 262 144 256,00 K

nvrssk.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrssl.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrssv.dll Fri 2005-11-11 13:47:00 A.... 245 760 240,00 K

nvrstr.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrszhc.dll Fri 2005-11-11 13:47:00 A.... 217 088 212,00 K

nvrszht.dll Fri 2005-11-11 13:47:00 A.... 118 784 116,00 K

nvshell.dll Fri 2005-11-11 13:47:00 A.... 466 944 456,00 K

nvwddi.dll Fri 2005-11-11 13:47:00 A.... 81 920 80,00 K

nvwdmcpl.dll Fri 2005-11-11 13:47:00 A.... 1 662 976 1,59 M

nvwimg.dll Fri 2005-11-11 13:47:00 A.... 1 019 904 996,00 K

nvwrsar.dll Fri 2005-11-11 13:47:00 A.... 282 624 276,00 K

nvwrscs.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvwrsda.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrsde.dll Fri 2005-11-11 13:47:00 A.... 311 296 304,00 K

nvwrsel.dll Fri 2005-11-11 13:47:00 A.... 335 872 328,00 K

nvwrseng.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvwrses.dll Fri 2005-11-11 13:47:00 A.... 335 872 328,00 K

nvwrsesm.dll Fri 2005-11-11 13:47:00 A.... 327 680 320,00 K

nvwrsfi.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrsfr.dll Fri 2005-11-11 13:47:00 A.... 327 680 320,00 K

nvwrshe.dll Fri 2005-11-11 13:47:00 A.... 278 528 272,00 K

nvwrshu.dll Fri 2005-11-11 13:47:00 A.... 315 392 308,00 K

nvwrsit.dll Fri 2005-11-11 13:47:00 A.... 323 584 316,00 K

nvwrsja.dll Fri 2005-11-11 13:47:00 A.... 212 992 208,00 K

nvwrsko.dll Fri 2005-11-11 13:47:00 A.... 196 608 192,00 K

nvwrsnl.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvwrsno.dll Fri 2005-11-11 13:47:00 A.... 299 008 292,00 K

nvwrspl.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrspt.dll Fri 2005-11-11 13:47:00 A.... 323 584 316,00 K

nvwrsptb.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvwrsru.dll Fri 2005-11-11 13:47:00 A.... 315 392 308,00 K

nvwrssk.dll Fri 2005-11-11 13:47:00 A.... 299 008 292,00 K

nvwrssl.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrssv.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrstr.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrszhc.dll Fri 2005-11-11 13:47:00 A.... 163 840 160,00 K

nvwrszht.dll Fri 2005-11-11 13:47:00 A.... 167 936 164,00 K

p88q0i~1.dll Tue 2006-01-24 19:19:10 ..S.R 233 984 228,50 K

px.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

pxdrv.dll Mon 2005-12-05 6:12:26 ..... 405 504 396,00 K

pxmas.dll Mon 2005-12-05 6:12:26 ..... 172 032 168,00 K

pxwave.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

s32evnt1.dll Thu 2005-12-01 12:14:20 A.... 86 091 84,07 K

tfbyuv.dll Tue 2006-01-24 16:07:10 ..S.R 235 641 230,12 K

vupodbc.dll Tue 2006-01-24 19:19:08 ..S.R 237 188 231,63 K

vxblock.dll Mon 2005-12-05 6:12:26 ..... 28 672 28,00 K

wmfhot~1.dll Tue 2006-01-17 10:44:22 A.... 3 584 3,50 K

wrlogo~1.dll Thu 2005-10-27 16:41:02 A.... 492 544 481,00 K

wrlzma.dll Thu 2005-10-27 16:40:58 A.... 17 920 17,50 K

92 items found: 92 files (10 H/S), 0 directories.

Total of file sizes: 41 804 745 bytes 39,87 M

Locate .tmp files:

C:\WINDOWS\SYSTEM32\

guard.tmp Tue 2006-01-24 22:28:16 A.... 235 487 229,96 K

1 item found: 1 file, 0 directories.

Total of file sizes: 235 487 bytes 229,96 K

**********************************************************************************

Directory Listing of system files:

Wolumin w stacji C nie ma etykiety.

Numer seryjny woluminu: 0894-691B

Katalog: C:\windows\System32

2006-01-24 22:28 233˙984 aaphelp.dll

2006-01-24 22:22 236˙775 jt0207doe.dll

2006-01-24 22:22 235˙300 drcprop2.dll

2006-01-24 19:19 233˙984 p88q0il5e8q.dll

2006-01-24 19:19 237˙188 vupodbc.dll

2006-01-24 18:17 236˙295 dvrpsetu.dll

2006-01-24 16:54 235˙267 cMpesnpn.dll

2006-01-24 16:22 234˙323 igetcplc.dll

2006-01-24 16:07 235˙753 dn4q01h5e.dll

2006-01-24 16:07 235˙641 tfbyuv.dll

2006-01-21 16:36

2005-12-01 22:35

10 plik(˘w) 2˙354˙510 bajt˘w

2 katalog(˘w) 50˙925˙973˙504 bajt˘w wolnych


(Kuz5) #6

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H guard.tmp

ATTRIB -R-S-H aotodisc.dll

ATTRIB -R-S-H mtident.dll

ATTRIB -R-S-H nklanui2.dll

ATTRIB -R-S-H nolanui.dll

ATTRIB -R-S-H rhpsnd.dll

ATTRIB -R-S-H aaphelp.dll

ATTRIB -R-S-H jt0207doe.dll

ATTRIB -R-S-H drcprop2.dll

ATTRIB -R-S-H p88q0il5e8q.dll

ATTRIB -R-S-H vupodbc.dll

ATTRIB -R-S-H dvrpsetu.dll

ATTRIB -R-S-H cMpesnpn.dll

ATTRIB -R-S-H igetcplc.dll

ATTRIB -R-S-H dn4q01h5e.dll

ATTRIB -R-S-H tfbyuv.dll

DEL guard.tmp

DEL aotodisc.dll

DEL mtident.dll

DEL nklanui2.dll

DEL nolanui.dll

DEL rhpsnd.dll

DEL aaphelp.dll

DEL jt0207doe.dll

DELdrcprop2.dll

DEL p88q0il5e8q.dll

DEL vupodbc.dll

DEL dvrpsetu.dll

DEL cMpesnpn.dll

DEL igetcplc.dll

DEL dn4q01h5e.dll

DEL tfbyuv.dll

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz nowego loga L2MFix robionego z opcji 1.


(Karuzel) #7

Dziękuję.Oto mój nowy log:

L2MFIX find log 010406

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Group Policy]

"Asynchronous"=dword:00000000

"DllName"="C:\WINDOWS\system32\en60l1jm1.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{3B0B6DF9-4ADD-BE16-ABFA-D4B5A9AD99E0}"=""

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Karta waciwoci pliku multimedialnego"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona waciwoci OLE Docfile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usugi DS"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodnoci"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsugi danych wycinkowych powoki"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powoki dla kompresji plik˘w"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoĄczenia sieciowe"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoĄczenia sieciowe"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenie powloki dla programu Windows Script Host"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powoki zwi©kszonej"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powoki zwi©kszonej 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupenianie Microsoft"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeniania MRU"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ledzenia"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeniania historii Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powoki"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powoki"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powoki"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powoki kreatora publikacji"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanau"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanau"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsugi kanau"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{E1606E70-34C6-4C42-BE82-9D5EEB556C8B}"=""

"{F35E7551-7653-4CC0-AF15-2FEF33930878}"=""

**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{E1606E70-34C6-4C42-BE82-9D5EEB556C8B}]

@=""

[HKEY_CLASSES_ROOT\CLSID{E1606E70-34C6-4C42-BE82-9D5EEB556C8B}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{E1606E70-34C6-4C42-BE82-9D5EEB556C8B}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{E1606E70-34C6-4C42-BE82-9D5EEB556C8B}\InprocServer32]

@="C:\windows\system32\fklemgmt.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{F35E7551-7653-4CC0-AF15-2FEF33930878}]

@=""

[HKEY_CLASSES_ROOT\CLSID{F35E7551-7653-4CC0-AF15-2FEF33930878}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{F35E7551-7653-4CC0-AF15-2FEF33930878}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{F35E7551-7653-4CC0-AF15-2FEF33930878}\InprocServer32]

@="C:\windows\system32\uttfs.dll"

"ThreadingModel"="Apartment"

**********************************************************************************

Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\

chip.dll Thu 2005-12-01 23:20:18 A.... 34 308 33,50 K

cmdlin~1.dll Sat 2005-12-03 22:44:42 A.... 98 304 96,00 K

en60l1~1.dll Wed 2006-01-25 9:32:06 ..S.R 233 857 228,38 K

fklemgmt.dll Wed 2006-01-25 9:32:02 ..S.R 236 775 231,22 K

hr4m05~1.dll Wed 2006-01-25 10:21:46 ..S.R 236 966 231,41 K

msssc.dll Wed 2005-11-30 22:45:36 A.... 44 0,04 K

nv4_disp.dll Fri 2005-11-11 13:47:00 A.... 3 924 992 3,74 M

nvapi.dll Fri 2005-11-11 13:47:00 A.... 86 016 84,00 K

nvcod.dll Fri 2005-11-11 13:47:00 A.... 35 328 34,50 K

nvcodins.dll Fri 2005-11-11 13:47:00 A.... 35 328 34,50 K

nvcpl.dll Fri 2005-11-11 13:47:00 A.... 7 311 360 6,97 M

nvhwvid.dll Fri 2005-11-11 13:47:00 A.... 573 440 560,00 K

nview.dll Fri 2005-11-11 13:47:00 A.... 1 466 368 1,40 M

nvmccs.dll Fri 2005-11-11 13:47:00 A.... 229 376 224,00 K

nvmccsrs.dll Fri 2005-11-11 13:47:00 A.... 45 056 44,00 K

nvmctray.dll Fri 2005-11-11 13:47:00 A.... 86 016 84,00 K

nvnt4cpl.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvoglnt.dll Fri 2005-11-11 13:47:00 A.... 5 394 432 5,14 M

nvrsar.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvrscs.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrsda.dll Fri 2005-11-11 13:47:00 A.... 245 760 240,00 K

nvrsde.dll Fri 2005-11-11 13:47:00 A.... 270 336 264,00 K

nvrsel.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrseng.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrses.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrsesm.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsfi.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrsfr.dll Fri 2005-11-11 13:47:00 A.... 278 528 272,00 K

nvrshe.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvrshu.dll Fri 2005-11-11 13:47:00 A.... 253 952 248,00 K

nvrsit.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrsja.dll Fri 2005-11-11 13:47:00 A.... 258 048 252,00 K

nvrsko.dll Fri 2005-11-11 13:47:00 A.... 253 952 248,00 K

nvrsnl.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsno.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrspl.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrspt.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsptb.dll Fri 2005-11-11 13:47:00 A.... 262 144 256,00 K

nvrsru.dll Fri 2005-11-11 13:47:00 A.... 262 144 256,00 K

nvrssk.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrssl.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrssv.dll Fri 2005-11-11 13:47:00 A.... 245 760 240,00 K

nvrstr.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrszhc.dll Fri 2005-11-11 13:47:00 A.... 217 088 212,00 K

nvrszht.dll Fri 2005-11-11 13:47:00 A.... 118 784 116,00 K

nvshell.dll Fri 2005-11-11 13:47:00 A.... 466 944 456,00 K

nvwddi.dll Fri 2005-11-11 13:47:00 A.... 81 920 80,00 K

nvwdmcpl.dll Fri 2005-11-11 13:47:00 A.... 1 662 976 1,59 M

nvwimg.dll Fri 2005-11-11 13:47:00 A.... 1 019 904 996,00 K

nvwrsar.dll Fri 2005-11-11 13:47:00 A.... 282 624 276,00 K

nvwrscs.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvwrsda.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrsde.dll Fri 2005-11-11 13:47:00 A.... 311 296 304,00 K

nvwrsel.dll Fri 2005-11-11 13:47:00 A.... 335 872 328,00 K

nvwrseng.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvwrses.dll Fri 2005-11-11 13:47:00 A.... 335 872 328,00 K

nvwrsesm.dll Fri 2005-11-11 13:47:00 A.... 327 680 320,00 K

nvwrsfi.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrsfr.dll Fri 2005-11-11 13:47:00 A.... 327 680 320,00 K

nvwrshe.dll Fri 2005-11-11 13:47:00 A.... 278 528 272,00 K

nvwrshu.dll Fri 2005-11-11 13:47:00 A.... 315 392 308,00 K

nvwrsit.dll Fri 2005-11-11 13:47:00 A.... 323 584 316,00 K

nvwrsja.dll Fri 2005-11-11 13:47:00 A.... 212 992 208,00 K

nvwrsko.dll Fri 2005-11-11 13:47:00 A.... 196 608 192,00 K

nvwrsnl.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvwrsno.dll Fri 2005-11-11 13:47:00 A.... 299 008 292,00 K

nvwrspl.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrspt.dll Fri 2005-11-11 13:47:00 A.... 323 584 316,00 K

nvwrsptb.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvwrsru.dll Fri 2005-11-11 13:47:00 A.... 315 392 308,00 K

nvwrssk.dll Fri 2005-11-11 13:47:00 A.... 299 008 292,00 K

nvwrssl.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrssv.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrstr.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrszhc.dll Fri 2005-11-11 13:47:00 A.... 163 840 160,00 K

nvwrszht.dll Fri 2005-11-11 13:47:00 A.... 167 936 164,00 K

px.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

pxdrv.dll Mon 2005-12-05 6:12:26 ..... 405 504 396,00 K

pxmas.dll Mon 2005-12-05 6:12:26 ..... 172 032 168,00 K

pxwave.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

s32evnt1.dll Thu 2005-12-01 12:14:20 A.... 86 091 84,07 K

uttfs.dll Wed 2006-01-25 10:33:12 ..S.R 233 857 228,38 K

vxblock.dll Mon 2005-12-05 6:12:26 ..... 28 672 28,00 K

wmfhot~1.dll Tue 2006-01-17 10:44:22 A.... 3 584 3,50 K

wrlogo~1.dll Thu 2005-10-27 16:41:02 A.... 492 544 481,00 K

wrlzma.dll Thu 2005-10-27 16:40:58 A.... 17 920 17,50 K

86 items found: 86 files (4 H/S), 0 directories.

Total of file sizes: 40 391 690 bytes 38,52 M

Locate .tmp files:

No matches found.

**********************************************************************************

Directory Listing of system files:

Wolumin w stacji C nie ma etykiety.

Numer seryjny woluminu: 0894-691B

Katalog: C:\windows\System32

2006-01-25 10:33 233˙857 uttfs.dll

2006-01-25 10:21 236˙966 hr4m05h1e.dll

2006-01-25 09:32 233˙857 en60l1jm1.dll

2006-01-25 09:32 236˙775 fklemgmt.dll

2006-01-21 16:36

2005-12-01 22:35

4 plik(˘w) 941˙455 bajt˘w

2 katalog(˘w) 50˙910˙650˙368 bajt˘w wolnych


(Gutek) #8

Zrób tak, zapuść z tego narzędzia L2Mfix opcję 2. Run Fix = opcja automatycznego usuwania VX2, jej wybranie spowoduje uruchomienie procedury czyszczącej oraz prośbę kompa o reset. W trakcie resetu zastartuje plik second.bat, który zabije rundll32.exe + explorer.exe (zniknie wam Pulpit) i dokończy procedurę czyszczącą.

To może trwać DO PIĘCIU MINUT! Na koniec dostaniecie loga co znaleziono i co usunięto.

Po tym daj nowy log nr 1 z L2Mfix , czekam :wink:


(Karuzel) #9

Odpaliłem opcję 2.(ale nie w awaryjnym trybie).Mój nowy log:

L2MFIX find log 010406

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Group Policy]

"Asynchronous"=dword:00000000

"DllName"="C:\WINDOWS\system32\en60l1jm1.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Karta waciwoci pliku multimedialnego"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona waciwoci OLE Docfile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usugi DS"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodnoci"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsugi danych wycinkowych powoki"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powoki dla kompresji plik˘w"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoĄczenia sieciowe"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoĄczenia sieciowe"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenie powloki dla programu Windows Script Host"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powoki zwi©kszonej"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powoki zwi©kszonej 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupenianie Microsoft"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeniania MRU"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ledzenia"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeniania historii Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powoki"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powoki"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powoki"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powoki kreatora publikacji"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanau"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanau"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsugi kanau"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

**********************************************************************************

HKEY ROOT CLASSIDS:

**********************************************************************************

Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\

atmtd.dll Wed 2006-01-25 12:19:44 A.... 687 592 671,48 K

chip.dll Thu 2005-12-01 23:20:18 A.... 34 308 33,50 K

cmdlin~1.dll Sat 2005-12-03 22:44:42 A.... 98 304 96,00 K

msssc.dll Wed 2005-11-30 22:45:36 A.... 44 0,04 K

nv4_disp.dll Fri 2005-11-11 13:47:00 A.... 3 924 992 3,74 M

nvapi.dll Fri 2005-11-11 13:47:00 A.... 86 016 84,00 K

nvcod.dll Fri 2005-11-11 13:47:00 A.... 35 328 34,50 K

nvcodins.dll Fri 2005-11-11 13:47:00 A.... 35 328 34,50 K

nvcpl.dll Fri 2005-11-11 13:47:00 A.... 7 311 360 6,97 M

nvhwvid.dll Fri 2005-11-11 13:47:00 A.... 573 440 560,00 K

nview.dll Fri 2005-11-11 13:47:00 A.... 1 466 368 1,40 M

nvmccs.dll Fri 2005-11-11 13:47:00 A.... 229 376 224,00 K

nvmccsrs.dll Fri 2005-11-11 13:47:00 A.... 45 056 44,00 K

nvmctray.dll Fri 2005-11-11 13:47:00 A.... 86 016 84,00 K

nvnt4cpl.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvoglnt.dll Fri 2005-11-11 13:47:00 A.... 5 394 432 5,14 M

nvrsar.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvrscs.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrsda.dll Fri 2005-11-11 13:47:00 A.... 245 760 240,00 K

nvrsde.dll Fri 2005-11-11 13:47:00 A.... 270 336 264,00 K

nvrsel.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrseng.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrses.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrsesm.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsfi.dll Fri 2005-11-11 13:47:00 A.... 241 664 236,00 K

nvrsfr.dll Fri 2005-11-11 13:47:00 A.... 278 528 272,00 K

nvrshe.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvrshu.dll Fri 2005-11-11 13:47:00 A.... 253 952 248,00 K

nvrsit.dll Fri 2005-11-11 13:47:00 A.... 274 432 268,00 K

nvrsja.dll Fri 2005-11-11 13:47:00 A.... 258 048 252,00 K

nvrsko.dll Fri 2005-11-11 13:47:00 A.... 253 952 248,00 K

nvrsnl.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsno.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrspl.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrspt.dll Fri 2005-11-11 13:47:00 A.... 266 240 260,00 K

nvrsptb.dll Fri 2005-11-11 13:47:00 A.... 262 144 256,00 K

nvrsru.dll Fri 2005-11-11 13:47:00 A.... 262 144 256,00 K

nvrssk.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrssl.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrssv.dll Fri 2005-11-11 13:47:00 A.... 245 760 240,00 K

nvrstr.dll Fri 2005-11-11 13:47:00 A.... 249 856 244,00 K

nvrszhc.dll Fri 2005-11-11 13:47:00 A.... 217 088 212,00 K

nvrszht.dll Fri 2005-11-11 13:47:00 A.... 118 784 116,00 K

nvshell.dll Fri 2005-11-11 13:47:00 A.... 466 944 456,00 K

nvwddi.dll Fri 2005-11-11 13:47:00 A.... 81 920 80,00 K

nvwdmcpl.dll Fri 2005-11-11 13:47:00 A.... 1 662 976 1,59 M

nvwimg.dll Fri 2005-11-11 13:47:00 A.... 1 019 904 996,00 K

nvwrsar.dll Fri 2005-11-11 13:47:00 A.... 282 624 276,00 K

nvwrscs.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvwrsda.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrsde.dll Fri 2005-11-11 13:47:00 A.... 311 296 304,00 K

nvwrsel.dll Fri 2005-11-11 13:47:00 A.... 335 872 328,00 K

nvwrseng.dll Fri 2005-11-11 13:47:00 A.... 286 720 280,00 K

nvwrses.dll Fri 2005-11-11 13:47:00 A.... 335 872 328,00 K

nvwrsesm.dll Fri 2005-11-11 13:47:00 A.... 327 680 320,00 K

nvwrsfi.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrsfr.dll Fri 2005-11-11 13:47:00 A.... 327 680 320,00 K

nvwrshe.dll Fri 2005-11-11 13:47:00 A.... 278 528 272,00 K

nvwrshu.dll Fri 2005-11-11 13:47:00 A.... 315 392 308,00 K

nvwrsit.dll Fri 2005-11-11 13:47:00 A.... 323 584 316,00 K

nvwrsja.dll Fri 2005-11-11 13:47:00 A.... 212 992 208,00 K

nvwrsko.dll Fri 2005-11-11 13:47:00 A.... 196 608 192,00 K

nvwrsnl.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvwrsno.dll Fri 2005-11-11 13:47:00 A.... 299 008 292,00 K

nvwrspl.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrspt.dll Fri 2005-11-11 13:47:00 A.... 323 584 316,00 K

nvwrsptb.dll Fri 2005-11-11 13:47:00 A.... 319 488 312,00 K

nvwrsru.dll Fri 2005-11-11 13:47:00 A.... 315 392 308,00 K

nvwrssk.dll Fri 2005-11-11 13:47:00 A.... 299 008 292,00 K

nvwrssl.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrssv.dll Fri 2005-11-11 13:47:00 A.... 294 912 288,00 K

nvwrstr.dll Fri 2005-11-11 13:47:00 A.... 303 104 296,00 K

nvwrszhc.dll Fri 2005-11-11 13:47:00 A.... 163 840 160,00 K

nvwrszht.dll Fri 2005-11-11 13:47:00 A.... 167 936 164,00 K

px.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

pxdrv.dll Mon 2005-12-05 6:12:26 ..... 405 504 396,00 K

pxmas.dll Mon 2005-12-05 6:12:26 ..... 172 032 168,00 K

pxwave.dll Mon 2005-12-05 6:12:26 ..... 339 968 332,00 K

s32evnt1.dll Thu 2005-12-01 12:14:20 A.... 86 091 84,07 K

vxblock.dll Mon 2005-12-05 6:12:26 ..... 28 672 28,00 K

wmfhot~1.dll Tue 2006-01-17 10:44:22 A.... 3 584 3,50 K

wrlogo~1.dll Thu 2005-10-27 16:41:02 A.... 492 544 481,00 K

wrlzma.dll Thu 2005-10-27 16:40:58 A.... 17 920 17,50 K

83 items found: 83 files, 0 directories.

Total of file sizes: 40 137 827 bytes 38,28 M

Locate .tmp files:

No matches found.

**********************************************************************************

Directory Listing of system files:

Wolumin w stacji C nie ma etykiety.

Numer seryjny woluminu: 0894-691B

Katalog: C:\windows\System32

2006-01-21 16:36

2005-12-01 22:35

0 plik(˘w) 0 bajt˘w

2 katalog(˘w) 50˙307˙432˙448 bajt˘w wolnych


(Gutek) #10

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H en60l1jm1.dll

ATTRIB -R-S-H atmtd.dll

DEL en60l1jm1.dll

DEL atmtd.dll

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz mi log z silenta po tym - Silent opis: http://www.searchengines.pl/phpbb203/in ... opic=15989


(Karuzel) #11

Witam ponownie.http://www.searchengines.pl/phpbb203/in ... opic=15989 widocznie tymczasowo nie działa.Udało mi się ściągnąć Silent Runners.Mam nadzieję ,że zrobiłem wszystko poprawnie.Oto mój nowy log(z trybu normalnego).

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\windows\System32\ctfmon.exe" [MS]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Norton SystemWorks" = ""C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz" ["Symantec Corporation"]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

"OM_Monitor" = "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" ["OLYMPUS IMAGING CORP."]

"VoipStunt" = ""C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]

"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1045" ["DAEMON'S HOME"]

"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"Emurayden PSX Emulator" = (value not set)

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"OM_Monitor" = "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" ["OLYMPUS IMAGING CORP."]

"Onet.pl AutoUpdate" = "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe /tsr" ["Onet.pl"]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"CTFMon" = "C:\windows\System32\CTF\ctfmon.exe" [null data]

"BullsEye Network" = "C:\Program Files\BullsEye Network\bin\bargains.exe" [null data]

"NaviSearch" = "C:\Program Files\NaviSearch\bin\nls.exe" ["eXact Advertising"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{00022613-0000-0000-C000-000000000046}" = "Karta właściwości pliku multimedialnego"

-> {CLSID}\InProcServer32(Default) = "mmsys.cpl" [null data]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Menedżer aplikacji powłoki"

-> {CLSID}\InProcServer32(Default) = "C:\windows\System32\appwiz.cpl" [null data]

"{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Wyliczanie zainstalowanych aplikacji"

-> {CLSID}\InProcServer32(Default) = "C:\windows\System32\appwiz.cpl" [null data]

"{CFCCC7A0-A282-11D1-9082-006008059382}" = "Publikator aplikacji Darwin"

-> {CLSID}\InProcServer32(Default) = "C:\windows\System32\appwiz.cpl" [null data]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\System\CurrentControlSet\Control\Session Manager\

INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies [Description] {enabled Group Policy setting}:


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop"=dword:00000001

[disables Active Desktop; removes Web tab from Display Properties|

Desktop (tab)|Customize Desktop... (button)|Desktop Items (window)]

{User Configuration|Administrative Templates|Desktop|Active Desktop|

Disable Active Desktop}

Active Desktop and Wallpaper:


Active Desktop disabled via Group Policy.

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Startup items in "mariusz" & "All Users" startup folders:


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

Enabled Scheduled Tasks:


"Norton AntiVirus - Scan my computer - mariusz" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~3\Navw32.exe /task:"C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE /AUTO" ["Symantec Corporation"]

"Symantec Drmc" -> launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

Miscellaneous IE Hijack Points


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):

Missing lines (compared with English-language version):

line

Running Services (Display Name, Service Name, Path {Service DLL}):


Command Service, cmdService, "C:\windows\bWFyaXVzeg\command.exe" [null data]

Kerio Personal Firewall 4, KPF4, "C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe" ["Kerio Technologies"]

Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

Norton AntiVirus Firewall Monitor Service, NPFMntor, "C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"]

Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE" ["Symantec Corporation"]

NVIDIA Display Driver Service, NVSvc, "C:\windows\System32\nvsvc32.exe" ["NVIDIA Corporation"]

SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\System32\UAService7.exe" ["Sony DADC Austria AG."]

SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

Symantec SPBBCSvc, SPBBCSvc, "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 148 seconds, including 8 seconds for message boxes)


(Gutek) #12

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

Po tym, jeśli jeszcze nie zadziała, proszę się upewnić iż jest:

Prawy klik na Pulpit >>> Właściwości >>> Pulpit >>> Dostosuj Pulpit >>> Sieć Web >>> odznaczona opcja Blokuj elementy pulpitu

Proszę otworzyć edytor rejestru Start >>> Uruchom >>> regedit i przejść do klucza HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager Tam kliknąć podwójnie na wartość BootExecute i z okienka usunąć wszystko z wyjątkiem autocheck autochk *.


(Karuzel) #13

:smiley: Jesteś wielki.Pierwszy raz obeszło się bez formatu.Mistrzostwo świata.Dziękuję bardzo. :smiley: :smiley: :smiley: Pozdrawiam.