Wirus, trojan? Coś na pewno

bigkoras · 10 Marzec 2007 16:12

Witam, Kaspersky IS 6 za kazdym uruchomieniem komputera znajduje jakies wirusy, wybieram “zablokuj” i potem “usun” ale po restarcie zaczyna sie wszystko na nowo. W IE7 co jakis czas wyskakuje mi okno z jakas reklama programu “antywirusowego”. Prosze o pomoc! Windows Defender cos znalazl, usunal ale dalej to samo…

Logfile of HijackThis v1.99.1 Scan saved at 16:56:44, on 2007-03-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKLM…\Run: [kis] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\Wcescomm.exe” O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [iE Privacy Keeper] “C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe” -startup O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra ‘Tools’ menuitem: Utwórz Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour … se9602.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8091528437 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 8094122421 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ … 586-jc.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

adam9870 · 10 Marzec 2007 16:18

W logu nic szkodliwego nie widać.

Przeskanuj http://www.ewido.net/en/ i wklej log z SilentRunners oraz log numer 1 z narzędzia L2Mfix.

bigkoras · 10 Marzec 2007 16:42

Skanowalem tym ewido, ale to strasznie dlugo trwa i przerwalem. Skanowalem juz chyba z 5 razy kasperskim, defenderem, adaware i spywareblaster i nic nie znalazlo. Tylko kaspersky znajduje usuwa i po restarcie to samo.

Oto logi:

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com”] “H/PC Connection Agent” = ““C:\Program Files\Microsoft ActiveSync\Wcescomm.exe”” [MS] “MsnMsgr” = ““C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background” [MS] “IE Privacy Keeper” = ““C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe” -startup” [“UnH Solutions”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “mRouterConfig for Siemens Data Suite SX1” = “C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe” [“Intuwave Ltd.”] “Windows Defender” = ““C:\Program Files\Windows Defender\MSASCui.exe” -hide” [MS] “kis” = ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {46F1A55F-EE0F-4734-8038-B301C239E18d}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\incqqcnr.dll” [file not found] {48588D90-97D8-4836-8C61-1CB03B3CDF86}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\vtsqn.dll” [null data] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] {9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided) -> {HKLM…CLSID} = “Windows Live Sign-in Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS] {AFC37E94-71A5-4E7B-9480-BCA74A5EFE39}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\pmnkkjj.dll” [null data] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}(Default) = (no title provided) -> {HKLM…CLSID} = “FDMIECookiesBHO Class” \InProcServer32(Default) = “C:\Program Files\Free Download Manager\iefdmcks.dll” [null data] {D38439EC-4A7F-42b4-90C2-D810D7778FDD}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\xmordaby.dll” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Ochrona WWW” -> {HKLM…CLSID} = “Ochrona WWW” \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}” = “NeroCoverEd Live Icons” -> {HKLM…CLSID} = “NeroCoverEdLiveIcons Class” \InProcServer32(Default) = “C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” -> {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\uxtuneup.dll” [“TuneUp Software GmbH”] “{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1” -> {HKLM…CLSID} = “Siemens SX1” \InProcServer32(Default) = “C:\Program Files\Siemens Data Suite SX1\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1 ContextMenuHandler” -> {HKLM…CLSID} = “Siemens SX1 ContextMenuHandler” \InProcServer32(Default) = “C:\Program Files\Siemens Data Suite SX1\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1 PropertySheetHandler” -> {HKLM…CLSID} = “Siemens SX1 PropertySheetHandler” \InProcServer32(Default) = “C:\Program Files\Siemens Data Suite SX1\DES\DESShellExt.dll” [“Siemens AG”] “{49BF5420-FA7F-11cf-8011-00A0C90A8F78}” = “Mobile Device” -> {HKLM…CLSID} = “Urządzenie przenośne” \InProcServer32(Default) = “C:\PROGRA~1\MI3AA1~1\Wcesview.dll” [MS] “{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}” = “Messenger Sharing Folders” -> {HKLM…CLSID} = “Moje foldery udostępniania” \InProcServer32(Default) = “C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{AFC37E94-71A5-4E7B-9480-BCA74A5EFE39}” = “*g” (unwritable string) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\pmnkkjj.dll” [null data] <> “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook” -> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook” \InProcServer32(Default) = “C:\PROGRA~1\WIFD1F~1\MpShHook.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] <> klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”] <> pmnkkjj\DLLName = “pmnkkjj.dll” [null data] <> vtsqn\DLLName = “C:\WINDOWS\system32\vtsqn.dll” [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Cover Designer(Default) = “{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}” -> {HKLM…CLSID} = “NeroCoverEdContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll” [“Kaspersky Lab”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll” [“Kaspersky Lab”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Scheduled Tasks: ------------------------ “MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{F2CF5485-4E02-4F68-819C-B92DE9277049}” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Ochrona WWW” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll” [“Sun Microsystems, Inc.”] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ “ButtonText” = “Ochrona WWW” {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ “ButtonText” = “Create Mobile Favorite” “CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}” -> {HKLM…CLSID} = “Create Mobile Favorite” \InProcServer32(Default) = “C:\PROGRA~1\MI3AA1~1\INetRepl.dll” [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ “MenuText” = “Utwórz Ulubione dla urządzenia przenośnego…” “CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}” -> {HKLM…CLSID} = “Create Mobile Favorite” \InProcServer32(Default) = “C:\PROGRA~1\MI3AA1~1\INetRepl.dll” [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Kaspersky Internet Security 6.0, AVP, ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” -r” [“Kaspersky Lab”] TuneUp Design Expansion, UxTuneUp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]} Usługa Messenger Sharing Folders USN Journal Reader, usnjsvc, ““C:\Program Files\MSN Messenger\usnsvc.exe”” [MS] Windows Defender, WinDefend, ““C:\Program Files\Windows Defender\MsMpEng.exe”” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 126 seconds, including 33 seconds for message boxes)

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] “DLLName”=“Ati2evxx.dll” “Asynchronous”=dword:00000000 “Impersonate”=dword:00000001 “Lock”=“AtiLockEvent” “Logoff”=“AtiLogoffEvent” “Logon”=“AtiLogonEvent” “Disconnect”=“AtiDisConnectEvent” “Reconnect”=“AtiReConnectEvent” “Safe”=dword:00000000 “Shutdown”=“AtiShutdownEvent” “StartScreenSaver”=“AtiStartScreenSaverEvent” “StartShell”=“AtiStartShellEvent” “Startup”=“AtiStartupEvent” “StopScreenSaver”=“AtiStopScreenSaverEvent” “Unlock”=“AtiUnLockEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=“C:\WINDOWS\system32\klogon.dll” “Logon”=“WLEventStop” “Startup”=“WLEventStart” “Lock”=“WLEventStart” “Unlock”=“WLEventStop” “Logoff”=“WLEventStart” @="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnkkjj] “Asynchronous”=dword:00000001 “DllName”=“pmnkkjj.dll” “Impersonate”=dword:00000000 “Logon”=“Logon” “Logoff”=“Logoff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsqn] “Asynchronous”=dword:00000001 “DllName”=“C:\WINDOWS\system32\vtsqn.dll” “Impersonate”=dword:00000000 “Startup”=“SysLogon” “Logoff”=“SysLogoff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] “Logon”=“WLEventLogon” “Logoff”=“WLEventLogoff” “Startup”=“WLEventStartup” “Shutdown”=“WLEventShutdown” “StartScreenSaver”=“WLEventStartScreenSaver” “StopScreenSaver”=“WLEventStopScreenSaver” “Lock”=“WLEventLock” “Unlock”=“WLEventUnlock” “StartShell”=“WLEventStartShell” “PostShell”=“WLEventPostShell” “Disconnect”=“WLEventDisconnect” “Reconnect”=“WLEventReconnect” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000000 “SafeMode”=dword:00000001 “MaxWait”=dword:ffffffff “DllName”=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Event”=dword:00000000 “EulaAccepted”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] “Data”=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,db,4b,64,79,99,b5,8e,44,b0,62,aa,08,5a,0f,f1,40,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,8f,73,bb,b2,7d,04,95,3a,\ 7d,3c,b0,5b,30,06,2c,d7,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,a4,\ 3a,00,fa,1d,59,63,87,b4,31,07,49,65,ac,54,7f,b0,01,00,00,5c,dc,fc,a8,86,ef,\ fe,90,1c,f5,ce,81,2a,48,8f,ff,10,d2,a4,80,78,e2,69,2c,66,2c,36,23,6f,52,cc,\ fd,4e,7a,81,16,48,cf,4b,2d,81,e3,63,65,3a,7b,8b,2f,b0,a1,7f,71,81,7c,2e,95,\ fb,84,54,a4,cd,26,fc,fb,80,3f,74,1b,f5,1b,3c,56,05,2c,ca,d6,05,b6,ef,97,b1,\ 08,29,d5,c0,d3,b4,e3,8c,6c,be,e8,6d,62,4b,c2,ed,da,f0,39,68,fa,cc,14,4d,ac,\ 81,0d,e4,7b,24,05,44,3d,05,43,59,be,a9,c5,db,18,8f,85,40,a5,5d,07,44,bb,6d,\ 1c,b9,80,c0,cd,26,da,80,21,67,ce,ad,1b,14,5b,b9,6a,2a,09,95,0f,fe,06,71,0c,\ aa,84,35,6d,18,bc,1a,5f,fb,88,cd,d3,5f,63,46,05,4d,fb,7e,bd,f4,3a,f7,73,a5,\ 35,ac,3a,a6,32,d5,b3,43,35,80,6a,69,13,ee,7d,9c,b1,b3,4c,60,5e,b6,fc,8c,75,\ 08,0e,b5,e0,fe,38,dd,4b,23,56,48,8f,c5,f6,54,7a,ec,7e,b7,ed,40,5e,0a,47,24,\ 51,83,b7,b0,2b,b0,30,2a,9c,3d,44,c6,17,44,bd,5d,29,10,6b,f9,0d,eb,64,d4,8a,\ 3f,34,df,74,03,21,5a,cc,a8,cc,14,74,f1,84,58,ac,94,72,03,ba,fb,2e,09,e6,97,\ fa,2f,d0,95,5b,32,fa,48,7a,68,df,6d,40,e1,99,52,ba,44,01,00,e5,54,47,b8,a5,\ 89,f3,f2,cb,87,4b,ca,65,3b,81,44,96,21,7f,8e,64,cb,21,1b,c4,da,7a,c9,ec,19,\ fd,aa,a6,ef,c3,a7,43,d6,92,8b,10,fc,47,75,d4,08,d6,23,50,21,0e,df,32,93,5d,\ 6d,af,6e,4a,75,b8,e4,29,09,7b,89,38,ca,3f,61,49,3f,45,e3,ad,30,1b,4c,2c,78,\ 61,d7,11,98,2d,be,bf,bc,8f,a3,54,05,28,de,94,f5,62,3d,6d,8c,cb,24,24,e0,55,\ 52,2b,cb,41,44,7f,f2,b9,63,69,cf,b3,e5,ec,3f,b5,6b,c2,3c,6d,03,a5,45,71,cb,\ 49,14,00,00,00,70,87,32,27,1e,d9,7c,a1,f8,75,be,d2,e0,02,f3,34,96,a2,fb,ea [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Strona waciwoci Poprzednie wersje” “{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Poprzednie wersje” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{21569614-B795-46b1-85F4-E737A8DC09AD}”=“Shell Search Band” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Shell Microsoft AutoComplete” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“IE Search Band” “{3028902F-6374-48b2-8DC6-9725E775B926}”=“IE AutoComplete” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}”=“History Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“History” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Temporary Internet Files” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Temporary Internet Files” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“The Internet” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“ActiveX Cache Folder” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Subscription Folder” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}”=“Autoplay for SlideShow” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Play as Playlist Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}”=“Ochrona WWW” “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}”=“IE Microsoft BrowserBand” “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}”=“IE Fade Task” “{205D7A97-F16D-4691-86EF-F3075DCCA57D}”=“IE Menu Desk Bar” “{43886CD5-6529-41c4-A707-7B3C92C05E68}”=“IE Navigation Bar” “{44C76ECD-F7FA-411c-9929-1B77BA77F524}”=“IE Menu Site” “{4B78D326-D922-44f9-AF2A-07805C2A3560}”=“IE Menu Band” “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}”=“IE Microsoft History AutoComplete List” “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}”=“IE Tracking Shell Menu” “{6CF48EF8-44CD-45d2-8832-A16EA016311B}”=“IE IShellFolderBand” “{73CFD649-CD48-4fd8-A272-2070EA56526B}”=“IE BandProxy” “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}”=“IE MRU AutoComplete List” “{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}”=“IE RSS Feeder Folder” “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}”=“IE Microsoft Shell Folder AutoComplete List” “{B31C5FAE-961F-415b-BAF0-E697A5178B94}”=“IE Microsoft Multiple AutoComplete List Container” “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}”=“Microsoft Browser Architecture” “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}”=“IE Shell Rebar BandSite” “{E6EE9AAC-F76B-4947-8260-A9F136138E11}”=“IE Shell Band Site Menu” “{F2CF5485-4E02-4f68-819C-B92DE9277049}”="&Links" “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}”=“IE Registry Tree Options Utility” “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}”=“IE User Assist” “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}”=“IE Custom MRU AutoCompleted List” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{e82a2d71-5b2f-43a0-97b8-81be15854de8}”=“ShellLink for Application References” “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}”=“Shell Icon Handler for Application References” “{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices” “{35786D3C-B075-49b9-88DD-029876E11C01}”=“Portable Devices” “{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}”=“Portable Devices Menu” “{5E2121EE-0300-11D4-8D3B-444553540000}”=“Catalyst Context Menu extension” “{BDEADF00-C265-11D0-BCED-00A0C90AB50F}”=“Foldery w sieci Web” “{00020D75-0000-0000-C000-000000000046}”=“Microsoft Office Outlook Desktop Icon Handler” “{0006F045-0000-0000-C000-000000000046}”=“Microsoft Office Outlook Custom Icon Handler” “{42042206-2D85-11D3-8CFF-005004838597}”=“Microsoft Office HTML Icon Handler” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}”=“NeroCoverEd Live Icons” “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}”=“TuneUp Shredder Shell Extension” “{44440D00-FF19-4AFC-B765-9A0970567D97}”=“TuneUp Theme Extension” “{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}”=“Siemens SX1” “{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}”=“Siemens SX1 ContextMenuHandler” “{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}”=“Siemens SX1 PropertySheetHandler” “{49BF5420-FA7F-11cf-8011-00A0C90A8F78}”=“Mobile Device” “{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}”=“Messenger Sharing Folders” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ advpack.dll Mon 2007-01-08 19:00:48 A… 124 928 122,00 K ati2cqag.dll Sun 2006-12-17 3:10:58 A… 315 392 308,00 K ati2dvag.dll Sun 2006-12-17 3:50:48 A… 263 168 257,00 K ati2edxx.dll Sun 2006-12-17 3:44:14 A… 42 496 41,50 K ati2evxx.dll Sun 2006-12-17 3:44:04 A… 110 592 108,00 K ati3duag.dll Sun 2006-12-17 3:35:44 A… 2 676 672 2,55 M atiddc.dll Sun 2006-12-17 3:42:04 A… 53 248 52,00 K atidemgr.dll Sun 2006-12-17 3:16:08 A… 303 104 296,00 K atiiiexx.dll Sun 2006-12-17 3:41:46 A… 307 200 300,00 K atikvmag.dll Sun 2006-12-17 3:17:18 A… 241 664 236,00 K atioglx1.dll Sun 2006-12-17 3:23:34 A… 6 684 672 6,38 M atioglxx.dll Sun 2006-12-17 3:21:04 A… 5 304 320 5,06 M atipdlxx.dll Sun 2006-12-17 3:44:40 A… 118 784 116,00 K atitvo32.dll Sun 2006-12-17 3:16:02 A… 17 408 17,00 K ativvaxx.dll Sun 2006-12-17 3:30:44 A… 1 289 472 1,23 M bassmod.dll Sat 2007-02-03 21:27:48 A… 34 308 33,50 K corpol.dll Mon 2007-01-08 19:01:14 A… 17 408 17,00 K cygwin1.dll Thu 2007-03-08 12:52:40 A… 1 126 281 1,07 M cygz.dll Thu 2007-03-08 12:52:40 A… 35 328 34,50 K divx.dll Thu 2007-02-01 5:56:06 A… 639 066 624,09 K dpl100.dll Tue 2007-01-30 5:56:58 A… 73 728 72,00 K dtu100.dll Tue 2007-01-30 5:56:58 A… 196 608 192,00 K extmgr.dll Fri 2007-01-12 9:27:42 A… 132 608 129,50 K ff_vfw.dll Tue 2007-01-09 18:46:02 A… 10 752 10,50 K ieakeng.dll Mon 2007-01-08 19:02:02 A… 153 088 149,50 K ieaksie.dll Mon 2007-01-08 19:02:02 A… 230 400 225,00 K ieakui.dll Mon 2007-01-08 19:02:02 A… 161 792 158,00 K ieapfltr.dll Mon 2007-01-08 19:02:02 … 383 488 374,50 K iedkcs32.dll Mon 2007-01-08 19:02:02 A… 384 000 375,00 K ieframe.dll Fri 2007-01-12 9:27:42 A… 6 054 400 5,77 M iernonce.dll Mon 2007-01-08 19:02:04 A… 44 544 43,50 K iertutil.dll Mon 2007-01-08 19:02:04 A… 266 752 260,50 K jsproxy.dll Fri 2007-01-12 9:27:42 A… 27 136 26,50 K legitc~1.dll Thu 2007-02-15 18:01:04 A… 1 476 992 1,41 M libdivx.dll Tue 2007-01-30 6:03:28 A… 1 044 480 1020,00 K msfeeds.dll Fri 2007-01-12 9:27:42 … 458 752 448,00 K msfeed~1.dll Fri 2007-01-12 9:27:42 … 51 712 50,50 K mshtml.dll Fri 2007-01-12 9:27:42 A… 3 580 416 3,41 M mshtmled.dll Fri 2007-01-12 9:27:42 A… 477 696 466,50 K msrating.dll Mon 2007-01-08 19:03:02 A… 193 024 188,50 K mstime.dll Fri 2007-01-12 9:27:42 A… 670 720 655,00 K occache.dll Mon 2007-01-08 19:04:08 A… 102 400 100,00 K oemdspif.dll Sun 2006-12-17 3:44:28 A… 102 400 100,00 K pmnkkjj.dll Fri 2007-03-09 9:18:00 …SH. 26 685 26,06 K qt-dx331.dll Tue 2007-01-30 6:03:42 A… 3 596 288 3,43 M shell32.dll Tue 2006-12-19 22:51:04 A… 8 482 304 8,09 M shsvcs.dll Tue 2006-12-19 22:51:04 A… 135 168 132,00 K sirenacm.dll Fri 2007-01-19 12:53:04 A… 51 056 49,86 K ssldivx.dll Tue 2007-01-30 6:03:28 A… 200 704 196,00 K ssqro.dll Fri 2007-03-09 9:23:14 …SH. 282 212 275,60 K url.dll Mon 2007-01-08 19:04:54 A… 105 984 103,50 K urlmon.dll Fri 2007-01-12 9:27:42 A… 1 149 952 1,09 M uxtuneup.dll Tue 2006-12-19 16:53:46 A… 24 072 23,51 K vtsqn.dll Fri 2007-03-09 9:23:14 …SH. 282 212 275,60 K webcheck.dll Fri 2007-01-12 9:27:42 A… 232 960 227,50 K wgalogon.dll Thu 2007-02-15 18:00:38 … 236 928 231,38 K wiaservc.dll Tue 2006-12-19 19:18:26 A… 334 336 326,50 K wininet.dll Fri 2007-01-12 9:27:42 A… 822 784 803,50 K wmv9vcm.dll Sat 2007-01-20 21:26:06 A… 1 565 480 1,49 M 59 items found: 59 files (3 H/S), 0 directories. Total of file sizes: 53 512 524 bytes 51,03 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ mcrh.tmp Sat 2007-03-10 15:13:34 A… 143 0,14 K nqstv.tmp Fri 2007-03-09 12:41:02 …SH. 456 834 446,13 K 2 items found: 2 files (1 H/S), 0 directories. Total of file sizes: 456 977 bytes 446,27 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C to XP Numer seryjny woluminu: 9023-FBFE Katalog: C:\WINDOWS\System32 2007-03-10 17:32 460˙566 nqstv.ini2 2007-03-10 15:15 1˙597˙465 tupmipau.ini 2007-03-10 15:15 458˙821 nqstv.bak2 2007-03-10 15:13 1˙597˙463 uvmcglwi.ini 2007-03-10 14:57 1˙597˙583 vbctmhvd.ini 2007-03-09 13:00 458˙122 nqstv.ini 2007-03-09 12:41 456˙834 nqstv.tmp 2007-03-09 09:23 446˙718 nqstv.bak1 2007-03-09 09:23 409 orqss.ini 2007-03-09 09:23 282˙212 vtsqn.dll 2007-03-09 09:23 282˙212 ssqro.dll 2007-03-09 09:17 26˙685 pmnkkjj.dll 2007-03-02 20:12 2007-01-06 14:31 12 plik(˘w) 7˙665˙090 bajt˘w 2 katalog(˘w) 1˙934˙319˙616 bajt˘w wolnych

adam9870 · 10 Marzec 2007 17:13

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

Pobierz Gmer’a.

W Gmerze w zakładce Procesy wybierz Gmer awaryjny. Komputer uruchomi się ponownie i zostaniesz spytany czy chcesz zabić wszystkie procesy na co oczywiście się zgadzasz. Następnie w zakładce Procesy przez … (trzy kropki) wskaż plik FIX.BAT. Po chwilce mignie ekran i komputer się zrestartuje.

Po resecie otwórz Gmer’a i do zakładki CMD z zaznaczoną opcją REGEDIT.EXE wklej:

Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{46F1A55F-EE0F-4734-8038-B301C239E18d}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{48588D90-97D8-4836-8C61-1CB03B3CDF86}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AFC37E94-71A5-4E7B-9480-BCA74A5EFE39}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D38439EC-4A7F-42b4-90C2-D810D7778FDD}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{AFC37E94-71A5-4E7B-9480-BCA74A5EFE39}”=- [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnkkjj] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsqn]

Kliknij z prawej strony Uruchom i reset.

Użyj VundoFix + FixVundo + VirtumundoBeGone. Wszystkie narzędzia należy uruchomić będąc w trybie awaryjnym.

Po wykonaniu wklej nowy log z hijacka, silenta, l2mfix oraz zawartość pliku c:\vundofix.txt

Gutek · 10 Marzec 2007 17:56

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

bigkoras · 11 Marzec 2007 09:13

Zrobilem wszystko tak jak pisales, ale przy tym gmerze wyskakiwaly mi caly czas bledy… W trybie awaryjnym uruchomilem te programy i cos tam mi wykryly i usunely. Narazie jest wszystko OK!

adam9870 · 11 Marzec 2007 09:31

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Usuń wpisy HJT.

Po wykonaniu pokaż nowy log z hjt, SilentRunners + log numer 1 z L2Mfix.

bigkoras · 11 Marzec 2007 10:47

To zrobilem:

Z tego usunalem tylko ten pierwszy wpis bo drugiego nie bylo

Oto nowe logi:

Logfile of HijackThis v1.99.1 Scan saved at 11:39:54, on 2007-03-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\totalcmd\TOTALCMD.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\Wcescomm.exe” O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [iE Privacy Keeper] “C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe” -startup O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra ‘Tools’ menuitem: Utwórz Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour … se9602.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8091528437 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 8094122421 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ … 586-jc.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com”] “H/PC Connection Agent” = ““C:\Program Files\Microsoft ActiveSync\Wcescomm.exe”” [MS] “MsnMsgr” = ““C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background” [MS] “IE Privacy Keeper” = ““C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe” -startup” [“UnH Solutions”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “mRouterConfig for Siemens Data Suite SX1” = “C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe” [“Intuwave Ltd.”] “Windows Defender” = ““C:\Program Files\Windows Defender\MSASCui.exe” -hide” [MS] “AVP” = ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] {9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided) -> {HKLM…CLSID} = “Windows Live Sign-in Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}(Default) = (no title provided) -> {HKLM…CLSID} = “FDMIECookiesBHO Class” \InProcServer32(Default) = “C:\Program Files\Free Download Manager\iefdmcks.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}” = “NeroCoverEd Live Icons” -> {HKLM…CLSID} = “NeroCoverEdLiveIcons Class” \InProcServer32(Default) = “C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” -> {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\uxtuneup.dll” [“TuneUp Software GmbH”] “{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1” -> {HKLM…CLSID} = “Siemens SX1” \InProcServer32(Default) = “C:\Program Files\Siemens Data Suite SX1\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1 ContextMenuHandler” -> {HKLM…CLSID} = “Siemens SX1 ContextMenuHandler” \InProcServer32(Default) = “C:\Program Files\Siemens Data Suite SX1\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1 PropertySheetHandler” -> {HKLM…CLSID} = “Siemens SX1 PropertySheetHandler” \InProcServer32(Default) = “C:\Program Files\Siemens Data Suite SX1\DES\DESShellExt.dll” [“Siemens AG”] “{49BF5420-FA7F-11cf-8011-00A0C90A8F78}” = “Mobile Device” -> {HKLM…CLSID} = “Urządzenie przenośne” \InProcServer32(Default) = “C:\PROGRA~1\MI3AA1~1\Wcesview.dll” [MS] “{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}” = “Messenger Sharing Folders” -> {HKLM…CLSID} = “Moje foldery udostępniania” \InProcServer32(Default) = “C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll” [MS] “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Statystyki ochrony WWW” -> {HKLM…CLSID} = “Statystyki ochrony WWW” \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook” -> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook” \InProcServer32(Default) = “C:\PROGRA~1\WIFD1F~1\MpShHook.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] <> klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Cover Designer(Default) = “{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}” -> {HKLM…CLSID} = “NeroCoverEdContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll” [“Kaspersky Lab”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll” [“Kaspersky Lab”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Scheduled Tasks: ------------------------ “MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{F2CF5485-4E02-4F68-819C-B92DE9277049}” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Statystyki ochrony WWW” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll” [“Sun Microsystems, Inc.”] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ “ButtonText” = “Statystyki ochrony WWW” {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ “ButtonText” = “Create Mobile Favorite” “CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}” -> {HKLM…CLSID} = “Create Mobile Favorite” \InProcServer32(Default) = “C:\PROGRA~1\MI3AA1~1\INetRepl.dll” [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ “MenuText” = “Utwórz Ulubione dla urządzenia przenośnego…” “CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}” -> {HKLM…CLSID} = “Create Mobile Favorite” \InProcServer32(Default) = “C:\PROGRA~1\MI3AA1~1\INetRepl.dll” [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Cyberlink RichVideo Service(CRVS), RichVideo, ““C:\Program Files\CyberLink\Shared files\RichVideo.exe”” [empty string] Kaspersky Internet Security 6.0, AVP, ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” -r” [“Kaspersky Lab”] TuneUp Design Expansion, UxTuneUp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]} Usługa Messenger Sharing Folders USN Journal Reader, usnjsvc, ““C:\Program Files\MSN Messenger\usnsvc.exe”” [MS] Windows Defender, WinDefend, ““C:\Program Files\Windows Defender\MsMpEng.exe”” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 86 seconds. ---------- (total run time: 137 seconds)

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] “DLLName”=“Ati2evxx.dll” “Asynchronous”=dword:00000000 “Impersonate”=dword:00000001 “Lock”=“AtiLockEvent” “Logoff”=“AtiLogoffEvent” “Logon”=“AtiLogonEvent” “Disconnect”=“AtiDisConnectEvent” “Reconnect”=“AtiReConnectEvent” “Safe”=dword:00000000 “Shutdown”=“AtiShutdownEvent” “StartScreenSaver”=“AtiStartScreenSaverEvent” “StartShell”=“AtiStartShellEvent” “Startup”=“AtiStartupEvent” “StopScreenSaver”=“AtiStopScreenSaverEvent” “Unlock”=“AtiUnLockEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=“C:\WINDOWS\system32\klogon.dll” “Logon”=“WLEventStop” “Startup”=“WLEventStart” “Lock”=“WLEventStart” “Unlock”=“WLEventStop” “Logoff”=“WLEventStart” @="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] “Logon”=“WLEventLogon” “Logoff”=“WLEventLogoff” “Startup”=“WLEventStartup” “Shutdown”=“WLEventShutdown” “StartScreenSaver”=“WLEventStartScreenSaver” “StopScreenSaver”=“WLEventStopScreenSaver” “Lock”=“WLEventLock” “Unlock”=“WLEventUnlock” “StartShell”=“WLEventStartShell” “PostShell”=“WLEventPostShell” “Disconnect”=“WLEventDisconnect” “Reconnect”=“WLEventReconnect” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000000 “SafeMode”=dword:00000001 “MaxWait”=dword:ffffffff “DllName”=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Event”=dword:00000000 “EulaAccepted”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] “Data”=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,db,4b,64,79,99,b5,8e,44,b0,62,aa,08,5a,0f,f1,40,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,f2,a1,94,b0,cf,41,fe,8b,\ c6,98,de,d5,22,5f,c5,e2,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,01,\ ee,36,2e,5b,c2,bc,de,1b,34,3f,42,74,bb,c6,3c,b0,01,00,00,43,b9,8d,18,a5,56,\ c2,f1,62,49,f4,be,35,79,44,00,10,b8,6a,d2,42,8e,45,bb,7f,bc,da,24,26,87,60,\ 32,c3,c3,81,d9,ad,4c,f8,d6,3b,c7,be,68,f9,c5,d3,cd,55,20,f3,6d,c3,db,38,b1,\ 1e,1b,eb,ef,5d,19,b2,f4,65,95,7f,7a,38,3d,3e,12,37,a8,ad,b2,1c,80,b7,67,bc,\ 0f,bb,53,9d,68,c5,06,fa,57,8b,7e,6a,48,a2,52,e9,64,bc,15,43,7d,b4,60,29,68,\ f1,a2,79,52,29,21,be,17,8b,1b,39,a1,75,b1,5a,47,01,cc,2e,10,3b,6c,0f,3d,3e,\ 2e,bc,10,40,1a,0e,57,41,8c,01,51,6f,ee,28,f7,5f,ec,33,59,89,d8,85,f3,b1,b3,\ 60,6d,92,bc,89,f2,4d,68,ff,66,ca,4d,4d,44,14,ab,53,fa,68,c6,90,ab,5c,3a,f3,\ 9e,37,6c,01,38,53,65,0e,aa,6a,d7,ec,2b,cc,18,d7,5c,1f,86,c3,63,b3,74,e5,d1,\ 1e,eb,a3,f0,5e,0b,7e,1f,b8,9f,76,9c,36,b0,15,f4,a5,f9,3b,ac,0a,85,a7,c0,b0,\ 57,b9,9b,1f,06,a4,fe,31,d0,a7,d1,c5,ec,28,17,ca,e9,4d,f1,ef,64,58,e6,01,78,\ ad,7f,33,50,ad,f9,32,62,d2,05,de,ec,8e,96,35,ce,97,54,08,dd,80,91,cf,7e,21,\ 9a,0d,15,9e,bc,df,8f,f4,a1,68,af,8a,9d,14,f5,51,f6,be,18,6c,be,b3,89,13,f0,\ c9,cd,04,5d,7e,d1,ca,4d,c5,be,e2,6e,1f,28,f6,0c,cd,ae,ab,76,5e,40,c5,bf,79,\ ea,8c,11,a4,4a,9c,d4,a6,7b,7e,f4,b5,a2,c7,0a,f3,b9,4b,b9,8e,1a,38,f6,63,67,\ 0c,25,ac,18,f6,ba,45,54,37,cb,6e,a4,83,34,d1,df,1a,50,f7,55,2a,61,f8,f0,fe,\ 69,58,0e,48,27,2b,ee,ad,a5,51,89,e2,ad,ac,f4,c7,b0,ba,96,7f,3c,1e,91,04,88,\ 91,73,07,bd,47,50,24,2c,f3,ce,78,6b,19,b9,bd,f6,ec,79,a4,39,c5,34,ed,ad,e7,\ 64,14,00,00,00,1f,55,f7,59,af,93,09,d7,c5,a2,81,e7,af,c3,fe,b1,aa,8e,63,02 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Strona waciwoci Poprzednie wersje” “{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Poprzednie wersje” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{21569614-B795-46b1-85F4-E737A8DC09AD}”=“Shell Search Band” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Shell Microsoft AutoComplete” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“IE Search Band” “{3028902F-6374-48b2-8DC6-9725E775B926}”=“IE AutoComplete” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}”=“History Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“History” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Temporary Internet Files” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Temporary Internet Files” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“The Internet” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“ActiveX Cache Folder” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Subscription Folder” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}”=“Autoplay for SlideShow” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Play as Playlist Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}”=“IE Microsoft BrowserBand” “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}”=“IE Fade Task” “{205D7A97-F16D-4691-86EF-F3075DCCA57D}”=“IE Menu Desk Bar” “{43886CD5-6529-41c4-A707-7B3C92C05E68}”=“IE Navigation Bar” “{44C76ECD-F7FA-411c-9929-1B77BA77F524}”=“IE Menu Site” “{4B78D326-D922-44f9-AF2A-07805C2A3560}”=“IE Menu Band” “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}”=“IE Microsoft History AutoComplete List” “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}”=“IE Tracking Shell Menu” “{6CF48EF8-44CD-45d2-8832-A16EA016311B}”=“IE IShellFolderBand” “{73CFD649-CD48-4fd8-A272-2070EA56526B}”=“IE BandProxy” “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}”=“IE MRU AutoComplete List” “{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}”=“IE RSS Feeder Folder” “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}”=“IE Microsoft Shell Folder AutoComplete List” “{B31C5FAE-961F-415b-BAF0-E697A5178B94}”=“IE Microsoft Multiple AutoComplete List Container” “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}”=“Microsoft Browser Architecture” “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}”=“IE Shell Rebar BandSite” “{E6EE9AAC-F76B-4947-8260-A9F136138E11}”=“IE Shell Band Site Menu” “{F2CF5485-4E02-4f68-819C-B92DE9277049}”="&Links" “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}”=“IE Registry Tree Options Utility” “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}”=“IE User Assist” “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}”=“IE Custom MRU AutoCompleted List” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{e82a2d71-5b2f-43a0-97b8-81be15854de8}”=“ShellLink for Application References” “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}”=“Shell Icon Handler for Application References” “{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices” “{35786D3C-B075-49b9-88DD-029876E11C01}”=“Portable Devices” “{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}”=“Portable Devices Menu” “{5E2121EE-0300-11D4-8D3B-444553540000}”=“Catalyst Context Menu extension” “{BDEADF00-C265-11D0-BCED-00A0C90AB50F}”=“Foldery w sieci Web” “{00020D75-0000-0000-C000-000000000046}”=“Microsoft Office Outlook Desktop Icon Handler” “{0006F045-0000-0000-C000-000000000046}”=“Microsoft Office Outlook Custom Icon Handler” “{42042206-2D85-11D3-8CFF-005004838597}”=“Microsoft Office HTML Icon Handler” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}”=“NeroCoverEd Live Icons” “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}”=“TuneUp Shredder Shell Extension” “{44440D00-FF19-4AFC-B765-9A0970567D97}”=“TuneUp Theme Extension” “{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}”=“Siemens SX1” “{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}”=“Siemens SX1 ContextMenuHandler” “{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}”=“Siemens SX1 PropertySheetHandler” “{49BF5420-FA7F-11cf-8011-00A0C90A8F78}”=“Mobile Device” “{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}”=“Messenger Sharing Folders” “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}”=“Statystyki ochrony WWW” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ advpack.dll Mon 2007-01-08 19:00:48 A… 124 928 122,00 K ati2cqag.dll Sun 2006-12-17 3:10:58 A… 315 392 308,00 K ati2dvag.dll Sun 2006-12-17 3:50:48 A… 263 168 257,00 K ati2edxx.dll Sun 2006-12-17 3:44:14 A… 42 496 41,50 K ati2evxx.dll Sun 2006-12-17 3:44:04 A… 110 592 108,00 K ati3duag.dll Sun 2006-12-17 3:35:44 A… 2 676 672 2,55 M atiddc.dll Sun 2006-12-17 3:42:04 A… 53 248 52,00 K atidemgr.dll Sun 2006-12-17 3:16:08 A… 303 104 296,00 K atiiiexx.dll Sun 2006-12-17 3:41:46 A… 307 200 300,00 K atikvmag.dll Sun 2006-12-17 3:17:18 A… 241 664 236,00 K atioglx1.dll Sun 2006-12-17 3:23:34 A… 6 684 672 6,38 M atioglxx.dll Sun 2006-12-17 3:21:04 A… 5 304 320 5,06 M atipdlxx.dll Sun 2006-12-17 3:44:40 A… 118 784 116,00 K atitvo32.dll Sun 2006-12-17 3:16:02 A… 17 408 17,00 K ativvaxx.dll Sun 2006-12-17 3:30:44 A… 1 289 472 1,23 M bassmod.dll Sat 2007-02-03 21:27:48 A… 34 308 33,50 K corpol.dll Mon 2007-01-08 19:01:14 A… 17 408 17,00 K cygwin1.dll Thu 2007-03-08 12:52:40 A… 1 126 281 1,07 M cygz.dll Thu 2007-03-08 12:52:40 A… 35 328 34,50 K extmgr.dll Fri 2007-01-12 9:27:42 A… 132 608 129,50 K ieakeng.dll Mon 2007-01-08 19:02:02 A… 153 088 149,50 K ieaksie.dll Mon 2007-01-08 19:02:02 A… 230 400 225,00 K ieakui.dll Mon 2007-01-08 19:02:02 A… 161 792 158,00 K ieapfltr.dll Mon 2007-01-08 19:02:02 … 383 488 374,50 K iedkcs32.dll Mon 2007-01-08 19:02:02 A… 384 000 375,00 K ieframe.dll Fri 2007-01-12 9:27:42 A… 6 054 400 5,77 M iernonce.dll Mon 2007-01-08 19:02:04 A… 44 544 43,50 K iertutil.dll Mon 2007-01-08 19:02:04 A… 266 752 260,50 K jsproxy.dll Fri 2007-01-12 9:27:42 A… 27 136 26,50 K klogon.dll Mon 2007-01-29 23:04:00 A… 200 768 196,06 K legitc~1.dll Thu 2007-02-15 18:01:04 A… 1 476 992 1,41 M msfeeds.dll Fri 2007-01-12 9:27:42 … 458 752 448,00 K msfeed~1.dll Fri 2007-01-12 9:27:42 … 51 712 50,50 K mshtml.dll Fri 2007-01-12 9:27:42 A… 3 580 416 3,41 M mshtmled.dll Fri 2007-01-12 9:27:42 A… 477 696 466,50 K msrating.dll Mon 2007-01-08 19:03:02 A… 193 024 188,50 K mstime.dll Fri 2007-01-12 9:27:42 A… 670 720 655,00 K msvcp71.dll Sun 2007-03-11 9:49:10 A… 505 392 493,55 K occache.dll Mon 2007-01-08 19:04:08 A… 102 400 100,00 K oemdspif.dll Sun 2006-12-17 3:44:28 A… 102 400 100,00 K shell32.dll Tue 2006-12-19 22:51:04 A… 8 482 304 8,09 M shsvcs.dll Tue 2006-12-19 22:51:04 A… 135 168 132,00 K sirenacm.dll Fri 2007-01-19 12:53:04 A… 51 056 49,86 K ssqro.dll Fri 2007-03-09 9:23:14 …SH. 282 212 275,60 K url.dll Mon 2007-01-08 19:04:54 A… 105 984 103,50 K urlmon.dll Fri 2007-01-12 9:27:42 A… 1 149 952 1,09 M uxtuneup.dll Tue 2006-12-19 16:53:46 A… 24 072 23,51 K webcheck.dll Fri 2007-01-12 9:27:42 A… 232 960 227,50 K wgalogon.dll Thu 2007-02-15 18:00:38 … 236 928 231,38 K wiaservc.dll Tue 2006-12-19 19:18:26 A… 334 336 326,50 K wininet.dll Fri 2007-01-12 9:27:42 A… 822 784 803,50 K 51 items found: 51 files (1 H/S), 0 directories. Total of file sizes: 46 582 681 bytes 44,42 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ mcrh.tmp Sat 2007-03-10 15:13:34 A… 143 0,14 K 1 item found: 1 file, 0 directories. Total of file sizes: 143 bytes 0,14 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C to XP Numer seryjny woluminu: 9023-FBFE Katalog: C:\WINDOWS\System32 2007-03-10 18:31 296 deufdmfs.ini 2007-03-10 15:15 1˙597˙465 tupmipau.ini 2007-03-10 15:13 1˙597˙463 uvmcglwi.ini 2007-03-10 14:57 1˙597˙583 vbctmhvd.ini 2007-03-09 09:23 409 orqss.ini 2007-03-09 09:23 282˙212 vtsqn.dll.vir 2007-03-09 09:23 282˙212 ssqro.dll 2007-03-09 09:17 26˙685 pmnkkjj.dll.vir 2007-03-02 20:12 2007-01-06 14:31 8 plik(˘w) 5˙384˙325 bajt˘w 2 katalog(˘w) 1˙670˙262˙784 bajt˘w wolnych

adam9870 · 11 Marzec 2007 11:10

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

C:\WINDOWS\SYSTEM32\ssqro.dll

C:\WINDOWS\SYSTEM32\mcrh.tmp

C:\WINDOWS\System32\deufdmfs.ini

C:\WINDOWS\System32\tupmipau.ini

C:\WINDOWS\System32\uvmcglwi.ini

C:\WINDOWS\System32\vbctmhvd.ini

C:\WINDOWS\System32\orqss.ini

C:\WINDOWS\System32\vtsqn.dll.vir

C:\WINDOWS\System32\pmnkkjj.dll.vir

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Po wykonaniu wklej nowy log z l2mfix.

bigkoras · 11 Marzec 2007 11:48

Wykonalem to co napisales.

Oto log:

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] “DLLName”=“Ati2evxx.dll” “Asynchronous”=dword:00000000 “Impersonate”=dword:00000001 “Lock”=“AtiLockEvent” “Logoff”=“AtiLogoffEvent” “Logon”=“AtiLogonEvent” “Disconnect”=“AtiDisConnectEvent” “Reconnect”=“AtiReConnectEvent” “Safe”=dword:00000000 “Shutdown”=“AtiShutdownEvent” “StartScreenSaver”=“AtiStartScreenSaverEvent” “StartShell”=“AtiStartShellEvent” “Startup”=“AtiStartupEvent” “StopScreenSaver”=“AtiStopScreenSaverEvent” “Unlock”=“AtiUnLockEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=“C:\WINDOWS\system32\klogon.dll” “Logon”=“WLEventStop” “Startup”=“WLEventStart” “Lock”=“WLEventStart” “Unlock”=“WLEventStop” “Logoff”=“WLEventStart” @="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] “Logon”=“WLEventLogon” “Logoff”=“WLEventLogoff” “Startup”=“WLEventStartup” “Shutdown”=“WLEventShutdown” “StartScreenSaver”=“WLEventStartScreenSaver” “StopScreenSaver”=“WLEventStopScreenSaver” “Lock”=“WLEventLock” “Unlock”=“WLEventUnlock” “StartShell”=“WLEventStartShell” “PostShell”=“WLEventPostShell” “Disconnect”=“WLEventDisconnect” “Reconnect”=“WLEventReconnect” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000000 “SafeMode”=dword:00000001 “MaxWait”=dword:ffffffff “DllName”=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Event”=dword:00000000 “EulaAccepted”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] “Data”=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,db,4b,64,79,99,b5,8e,44,b0,62,aa,08,5a,0f,f1,40,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,60,e0,9d,c1,e7,7c,0b,19,\ c2,2c,60,95,84,61,d0,bc,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,75,\ 1c,65,03,e4,0b,ee,fc,d8,14,11,82,ac,fd,41,ac,b0,01,00,00,d5,23,4c,ea,cc,cb,\ 61,7b,07,ac,52,82,79,c4,f2,71,57,b3,08,f0,61,6e,88,9b,fb,03,55,4d,6e,a8,25,\ fb,87,cc,e8,81,e8,e0,f1,5f,77,b6,ea,c7,8a,6f,84,32,45,97,26,31,4e,1f,33,d9,\ b1,86,dc,49,1c,23,cb,3a,26,b2,e8,2e,37,63,e8,61,18,4a,16,af,9c,63,42,00,29,\ 8f,70,06,30,4a,7f,f9,a9,63,e7,ce,ed,94,5c,5f,12,52,37,9d,26,b7,56,ea,b1,a4,\ 58,c2,e1,c4,06,83,81,d7,17,e0,bc,2b,1d,10,45,a5,0e,90,0f,06,fd,4b,76,01,60,\ 44,25,07,3d,13,e8,b1,ab,c8,f3,b5,a2,d0,fe,b6,ff,ea,38,53,75,12,89,f4,c3,50,\ 16,f4,25,76,d0,7e,f1,2a,a3,29,b6,64,9a,30,00,b9,fa,d4,8c,da,77,61,9f,09,28,\ 2b,e8,7f,cb,51,7e,21,3d,2d,f2,8a,d2,c2,38,14,93,3a,e4,e0,c2,2d,d1,92,3f,8b,\ 72,ac,88,d1,c8,ba,14,ee,9b,7c,05,29,1e,15,b5,51,fd,db,57,90,01,19,5c,09,d4,\ e5,fb,d4,68,14,6a,34,36,15,34,fb,e2,34,a3,a3,af,46,0d,c2,77,93,78,1d,05,4b,\ 0d,31,02,33,2d,9d,13,06,9e,3e,88,4f,a5,4c,c7,0a,26,ab,ae,20,2f,de,41,36,12,\ 43,c7,0d,95,86,0d,d5,a3,2b,e7,88,be,66,cb,f6,85,97,ff,0c,d4,25,ce,45,4e,c8,\ 4f,02,16,30,2e,38,fa,32,32,18,db,42,eb,ae,9e,8e,8f,af,ac,8c,46,22,6c,36,6a,\ bd,4f,50,88,c7,79,f6,b6,0b,80,ff,18,af,aa,a2,ed,24,45,c0,5a,5c,23,ee,ca,e4,\ ee,d6,e3,ee,74,91,e5,92,60,72,7e,21,61,db,bf,7f,01,b3,83,89,da,2d,83,bf,fc,\ cc,17,52,d0,92,d2,42,2e,6b,40,9f,49,e4,dc,8f,7b,cd,8e,e6,44,58,46,20,02,fe,\ ee,17,4c,3d,d5,aa,ba,82,3a,13,52,0f,ff,d4,a8,e7,49,ae,c2,30,32,dc,e7,86,4b,\ f9,14,00,00,00,9e,b8,e6,43,64,d8,48,25,96,27,df,ff,ce,4a,1e,37,d8,c9,5a,32 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Strona waciwoci Poprzednie wersje” “{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Poprzednie wersje” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{21569614-B795-46b1-85F4-E737A8DC09AD}”=“Shell Search Band” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Shell Microsoft AutoComplete” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“IE Search Band” “{3028902F-6374-48b2-8DC6-9725E775B926}”=“IE AutoComplete” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}”=“History Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“History” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Temporary Internet Files” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Temporary Internet Files” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“The Internet” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“ActiveX Cache Folder” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Subscription Folder” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}”=“Autoplay for SlideShow” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Play as Playlist Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}”=“IE Microsoft BrowserBand” “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}”=“IE Fade Task” “{205D7A97-F16D-4691-86EF-F3075DCCA57D}”=“IE Menu Desk Bar” “{43886CD5-6529-41c4-A707-7B3C92C05E68}”=“IE Navigation Bar” “{44C76ECD-F7FA-411c-9929-1B77BA77F524}”=“IE Menu Site” “{4B78D326-D922-44f9-AF2A-07805C2A3560}”=“IE Menu Band” “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}”=“IE Microsoft History AutoComplete List” “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}”=“IE Tracking Shell Menu” “{6CF48EF8-44CD-45d2-8832-A16EA016311B}”=“IE IShellFolderBand” “{73CFD649-CD48-4fd8-A272-2070EA56526B}”=“IE BandProxy” “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}”=“IE MRU AutoComplete List” “{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}”=“IE RSS Feeder Folder” “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}”=“IE Microsoft Shell Folder AutoComplete List” “{B31C5FAE-961F-415b-BAF0-E697A5178B94}”=“IE Microsoft Multiple AutoComplete List Container” “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}”=“Microsoft Browser Architecture” “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}”=“IE Shell Rebar BandSite” “{E6EE9AAC-F76B-4947-8260-A9F136138E11}”=“IE Shell Band Site Menu” “{F2CF5485-4E02-4f68-819C-B92DE9277049}”="&Links" “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}”=“IE Registry Tree Options Utility” “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}”=“IE User Assist” “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}”=“IE Custom MRU AutoCompleted List” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{e82a2d71-5b2f-43a0-97b8-81be15854de8}”=“ShellLink for Application References” “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}”=“Shell Icon Handler for Application References” “{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices” “{35786D3C-B075-49b9-88DD-029876E11C01}”=“Portable Devices” “{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}”=“Portable Devices Menu” “{5E2121EE-0300-11D4-8D3B-444553540000}”=“Catalyst Context Menu extension” “{BDEADF00-C265-11D0-BCED-00A0C90AB50F}”=“Foldery w sieci Web” “{00020D75-0000-0000-C000-000000000046}”=“Microsoft Office Outlook Desktop Icon Handler” “{0006F045-0000-0000-C000-000000000046}”=“Microsoft Office Outlook Custom Icon Handler” “{42042206-2D85-11D3-8CFF-005004838597}”=“Microsoft Office HTML Icon Handler” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}”=“NeroCoverEd Live Icons” “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}”=“TuneUp Shredder Shell Extension” “{44440D00-FF19-4AFC-B765-9A0970567D97}”=“TuneUp Theme Extension” “{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}”=“Siemens SX1” “{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}”=“Siemens SX1 ContextMenuHandler” “{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}”=“Siemens SX1 PropertySheetHandler” “{49BF5420-FA7F-11cf-8011-00A0C90A8F78}”=“Mobile Device” “{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}”=“Messenger Sharing Folders” “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}”=“Statystyki ochrony WWW” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ advpack.dll Mon 2007-01-08 19:00:48 A… 124 928 122,00 K ati2cqag.dll Sun 2006-12-17 3:10:58 A… 315 392 308,00 K ati2dvag.dll Sun 2006-12-17 3:50:48 A… 263 168 257,00 K ati2edxx.dll Sun 2006-12-17 3:44:14 A… 42 496 41,50 K ati2evxx.dll Sun 2006-12-17 3:44:04 A… 110 592 108,00 K ati3duag.dll Sun 2006-12-17 3:35:44 A… 2 676 672 2,55 M atiddc.dll Sun 2006-12-17 3:42:04 A… 53 248 52,00 K atidemgr.dll Sun 2006-12-17 3:16:08 A… 303 104 296,00 K atiiiexx.dll Sun 2006-12-17 3:41:46 A… 307 200 300,00 K atikvmag.dll Sun 2006-12-17 3:17:18 A… 241 664 236,00 K atioglx1.dll Sun 2006-12-17 3:23:34 A… 6 684 672 6,38 M atioglxx.dll Sun 2006-12-17 3:21:04 A… 5 304 320 5,06 M atipdlxx.dll Sun 2006-12-17 3:44:40 A… 118 784 116,00 K atitvo32.dll Sun 2006-12-17 3:16:02 A… 17 408 17,00 K ativvaxx.dll Sun 2006-12-17 3:30:44 A… 1 289 472 1,23 M bassmod.dll Sat 2007-02-03 21:27:48 A… 34 308 33,50 K corpol.dll Mon 2007-01-08 19:01:14 A… 17 408 17,00 K cygwin1.dll Thu 2007-03-08 12:52:40 A… 1 126 281 1,07 M cygz.dll Thu 2007-03-08 12:52:40 A… 35 328 34,50 K divx.dll Thu 2007-02-01 5:56:06 A… 639 066 624,09 K dpl100.dll Tue 2007-01-30 5:56:58 A… 73 728 72,00 K dtu100.dll Tue 2007-01-30 5:56:58 A… 196 608 192,00 K extmgr.dll Fri 2007-01-12 9:27:42 A… 132 608 129,50 K ff_vfw.dll Wed 2007-02-21 21:00:28 A… 10 752 10,50 K ieakeng.dll Mon 2007-01-08 19:02:02 A… 153 088 149,50 K ieaksie.dll Mon 2007-01-08 19:02:02 A… 230 400 225,00 K ieakui.dll Mon 2007-01-08 19:02:02 A… 161 792 158,00 K ieapfltr.dll Mon 2007-01-08 19:02:02 … 383 488 374,50 K iedkcs32.dll Mon 2007-01-08 19:02:02 A… 384 000 375,00 K ieframe.dll Fri 2007-01-12 9:27:42 A… 6 054 400 5,77 M iernonce.dll Mon 2007-01-08 19:02:04 A… 44 544 43,50 K iertutil.dll Mon 2007-01-08 19:02:04 A… 266 752 260,50 K jsproxy.dll Fri 2007-01-12 9:27:42 A… 27 136 26,50 K klogon.dll Mon 2007-01-29 23:04:00 A… 200 768 196,06 K legitc~1.dll Thu 2007-02-15 18:01:04 A… 1 476 992 1,41 M libdivx.dll Tue 2007-01-30 6:03:28 A… 1 044 480 1020,00 K msfeeds.dll Fri 2007-01-12 9:27:42 … 458 752 448,00 K msfeed~1.dll Fri 2007-01-12 9:27:42 … 51 712 50,50 K mshtml.dll Fri 2007-01-12 9:27:42 A… 3 580 416 3,41 M mshtmled.dll Fri 2007-01-12 9:27:42 A… 477 696 466,50 K msrating.dll Mon 2007-01-08 19:03:02 A… 193 024 188,50 K mstime.dll Fri 2007-01-12 9:27:42 A… 670 720 655,00 K msvcp71.dll Sun 2007-03-11 9:49:10 A… 505 392 493,55 K occache.dll Mon 2007-01-08 19:04:08 A… 102 400 100,00 K oemdspif.dll Sun 2006-12-17 3:44:28 A… 102 400 100,00 K qt-dx331.dll Tue 2007-01-30 6:03:42 A… 3 596 288 3,43 M shell32.dll Tue 2006-12-19 22:51:04 A… 8 482 304 8,09 M shsvcs.dll Tue 2006-12-19 22:51:04 A… 135 168 132,00 K sirenacm.dll Fri 2007-01-19 12:53:04 A… 51 056 49,86 K ssldivx.dll Tue 2007-01-30 6:03:28 A… 200 704 196,00 K url.dll Mon 2007-01-08 19:04:54 A… 105 984 103,50 K urlmon.dll Fri 2007-01-12 9:27:42 A… 1 149 952 1,09 M uxtuneup.dll Tue 2006-12-19 16:53:46 A… 24 072 23,51 K webcheck.dll Fri 2007-01-12 9:27:42 A… 232 960 227,50 K wgalogon.dll Thu 2007-02-15 18:00:38 … 236 928 231,38 K wiaservc.dll Tue 2006-12-19 19:18:26 A… 334 336 326,50 K wininet.dll Fri 2007-01-12 9:27:42 A… 822 784 803,50 K wmv9vcm.dll Sat 2007-01-20 21:26:06 A… 1 565 480 1,49 M 58 items found: 58 files, 0 directories. Total of file sizes: 53 627 575 bytes 51,14 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Wolumin w stacji C to XP Numer seryjny woluminu: 9023-FBFE Katalog: C:\WINDOWS\System32 2007-03-02 20:12 2007-01-06 14:31 0 plik(˘w) 0 bajt˘w 2 katalog(˘w) 1˙631˙109˙120 bajt˘w wolnych

adam9870 · 11 Marzec 2007 12:04

Log czysty.

Czy masz jeszcze jakieś problemy?

bigkoras · 11 Marzec 2007 12:08

Juz wszystko super dziala!

NAPRAWDE DZIEKUJE!