Log z Silent Runners i L2MFIX błąd iexplore
Zamieszczam dwa Logi:
L2MFIX
L2MFIX find log 121205
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C21058BB–10B3–0E91–FA79–B4361BCFB55C}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613–0000–0000–C000–000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego"
"{176d6597–26d3–11d1–b350–080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40–9550–11CE–99D2–00AA006E086C}"="Strona zabezpiecze NTFS"
"{3EA48300–8CF6–101B–84FB–666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile"
"{40dd6e20–7c17–11ce–a804–00aa003ca9f6}"="Rozszerzenia powˆoki dla udostpniania zasobw"
"{41E300E0–78B6–11ce–849B–444553540000}"="PlusPack CPL Extension"
"{42071712–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania"
"{42071714–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania"
"{4E40F770–369C–11d0–8922–00A024AB2DBB}"="Strona zabezpiecze usˆugi DS"
"{513D916F–2A8E–4F51–AEAB–0CBC76FB1AF8}"="Strona zgodno˜ci"
"{56117100–C0CD–101B–81E2–00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki"
"{59099400–57FF–11CE–BD94–0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990–f85c–11ce–aff7–00aa003ca9f6}"="Rozszerzenia powˆoki dla obiektw Microsoft Windows Network"
"{5DB2625A–54DF–11D0–B6C4–0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E–4C4D–11D0–B6C1–0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1–F219–11ce–972D–00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plikw"
"{77597368–7b15–11d0–a0c2–080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web"
"{7988B573–EC89–11cf–9C00–00AA00A14F56}"="Disk Quota UI"
"{853FE2B1–B769–11d0–9C4E–00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920–42A0–1069–A2E4–08002B30309D}"="Aktwka"
"{88895560–9AA2–1069–930E–00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380–8CA2–1069–AB1D–08000948F534}"="Fonts"
"{DBCE2480–C732–101B–BE72–BA78E9AD5B27}"="Profil ICC"
"{F37C5810–4D3F–11d0–B4BF–00AA00BBB723}"="Strona zabezpiecze drukarek"
"{f81e9010–6ea4–11ce–a7ff–00aa003ca9f6}"="Rozszerzenia powˆoki dla udostpniania zasobw"
"{f92e8c40–3d33–11d2–b1aa–080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717–39BF–11D1–8CD9–00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719–39BF–11D1–8CD9–00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7–3202–11D1–AAD2–00805FC1270E}"="PoˆĄczenia sieciowe"
"{992CFFA0–F557–101A–88EC–00DD010CCC48}"="PoˆĄczenia sieciowe"
"{E211B736–43FD–11D1–9EFB–0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A–6C50–11D1–9F1D–0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa–acd6–11d2–8080–00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603–1008–4f6e–A73A–04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3–b28a–4919–a5aa–73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790–D56E–4445–850E–4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514–6C5E–4d60–8F16–D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5–953B–11CF–8C96–00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skryptw systemu Windows"
"{2206CDB2–19C1–11D1–89E0–00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0–9EEF–11cf–8D8E–00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90–9EDD–11cf–8D8E–00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990–4C6A–11CF–8D87–00AA0060F5BF}"="Zaplanowane zadania"
"{0DF44EAA–FF21–4412–828E–260A8728E7F1}"="Pasek zada i menu Start"
"{2559a1f0–21d7–11d4–bdaf–00c04f60b9f0}"="Wyszukaj"
"{2559a1f1–21d7–11d4–bdaf–00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f2–21d7–11d4–bdaf–00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f3–21d7–11d4–bdaf–00c04f60b9f0}"="Uruchom..."
"{2559a1f4–21d7–11d4–bdaf–00c04f60b9f0}"="Internet"
"{2559a1f5–21d7–11d4–bdaf–00c04f60b9f0}"="E–mail"
"{D20EA4E1–3957–11d2–A40B–0C5020524152}"="Czcionki"
"{D20EA4E1–3957–11d2–A40B–0C5020524153}"="Narzdzia administracyjne"
"{875CB1A1–0F29–45de–A1AE–CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757–D6E4–4b49–BB41–0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D–D390–480b–92FD–7DDB47101D71}"="Wav Properties Handler"
"{87D62D94–71B3–4b9a–9489–5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45–6E44–43f9–8644–08598F5A74D9}"="Midi Properties Handler"
"{c5a40261–cd64–4ccf–84cb–c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780–7743–11CF–A12B–00AA004AE837}"="Pasek narzdzi programu Microsoft Internet"
"{22BF0C20–6DA7–11D0–B373–00A0C9034938}"="Stan pobierania"
"{91EA3F8B–C99B–11d0–9815–00C04FD91972}"="Folder powˆoki zwikszonej"
"{6413BA2C–B461–11d1–A18A–080036B11A03}"="Folder powˆoki zwikszonej 2"
"{F61FFEC1–754F–11d0–80CA–00AA005B4383}"="BandProxy"
"{7BA4C742–9E81–11CF–99D3–00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401–6A81–11d0–8274–00C04FD5AE38}"="Pasek wyszukiwania"
"{32683183–48a0–441b–a342–7c2a440a9478}"="Pasek multimediw"
"{169A0691–8DF9–11d1–A1C4–00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131–AF23–11d1–9111–00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510–F982–11d0–8595–00AA004CD6D8}"="Narzdzie opcji drzewa rejestru"
"{01E04581–4EEE–11d0–BFE9–00AA005B4383}"="&Adres"
"{A08C11D2–A228–11d0–825B–00AA005B4383}"="Pole edycji adresu"
"{00BB2763–6A77–11D0–A535–00C04FD7D062}"="Autouzupeˆnianie Microsoft"
"{7376D660–C583–11d0–A3A5–00C04FD706EC}"="Wyodrbnianie obrazw Trident"
"{6756A641–DE71–11d0–831B–00AA005B4383}"="Lista autouzupeˆniania MRU"
"{6935DB93–21E8–4ccc–BEB9–9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU"
"{7e653215–fa25–46bd–a339–34a2790f3cb7}"="Dostpny"
"{acf35015–526e–4230–9596–becbe19f0ac9}"="Pasek podrczny ˜ledzenia"
"{E0E11A09–5CB8–4B6C–8332–E00720A168F2}"="Analizator paska adresu"
"{00BB2764–6A77–11D0–A535–00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft"
"{03C036F1–A186–11D0–824A–00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft"
"{00BB2765–6A77–11D0–A535–00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft"
"{ECD4FC4E–521C–11D0–B792–00A0C90312E1}"="Menu witryny paska powˆoki"
"{3CCF8A41–5C85–11d0–9796–00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C–521C–11D0–B792–00A0C90312E1}"="Pasek pulpitu powˆoki"
"{ECD4FC4D–521C–11D0–B792–00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04–FEFF–11d1–8ECD–0000F87A470C}"="Pomoc dla uytkownika"
"{EF8AD2D1–AE36–11D1–B2D2–006097DF8C11}"="Globalne ustawienia folderw"
"{EFA24E61–B078–11d0–89E4–00C04FC9E26E}"="Favorites Band"
"{0A89A860–D7B1–11CE–8350–444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40–E76A–11CE–A9BB–00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A–8849–11D1–9D8C–00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40–E3F0–101B–8488–00AA003E56F8}"="InternetShortcut"
"{3C374A40–BAE4–11CF–BF7D–00AA006946EE}"="Microsoft Url History Service"
"{FF393560–C2A7–11CF–BFF4–444553540000}"="Historia"
"{7BD29E00–76C1–11CF–9DD0–00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01–76C1–11CF–9DD0–00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00–17A6–11D0–99CB–00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40–CC59–11d0–A3A5–00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0–CCEF–11d0–8024–00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951–7F78–11D0–A979–00C04FD705A2}"="ISFBand OC"
"{9461b922–3c5a–11d2–bf8b–00c04fb93661}"="Search Assistant OC"
"{3DC7A020–0ACD–11CF–A9BB–00AA004AE837}"="Internet"
"{871C5380–42A0–1069–A2EA–08002B30309D}"="Internet Name Space"
"{EFA24E64–B078–11d0–89E4–00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60–C50F–11CF–9A2C–00A0C90A90CE}"="Sendmail service"
"{9E56BE61–C50F–11CF–9A2C–00A0C90A90CE}"="Sendmail service"
"{88C6C381–2E85–11D0–94DE–444553540000}"="Folder pamici podrcznej ActiveX"
"{E6FB5E20–DE35–11CF–9C87–00AA005127ED}"="WebCheck"
"{ABBE31D0–6DAE–11D0–BECA–00C04FD940BE}"="Subscription Mgr"
"{F5175861–2688–11d0–9C5E–00AA00A45957}"="Folder subskrypcji"
"{08165EA0–E946–11CF–9C87–00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6–ABCE–11d0–BC4B–00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0–6B4E–11d0–92DB–00A0C90C2BD7}"="TrayAgent"
"{7D559C10–9FE9–11d0–93F7–00AA0059CE02}"="Code Download Agent"
"{E6CC6978–6B6E–11D0–BECA–00C04FD940BE}"="ConnectionAgent"
"{D8BD2030–6FC9–11D0–864F–00AA006809D9}"="PostAgent"
"{7FC0B86E–5FA7–11d1–BC7C–00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7–8B9A–11D1–B8AE–006008059382}"="Meneder aplikacji powˆoki"
"{0B124F8F–91F0–11D1–B8B5–006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0–A282–11D1–9082–006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c–1d6a–45f6–b725–cb260c236066}"="Shell Image Verbs"
"{66e4e4fb–f385–4dd0–8d74–a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968–480A–4C6C–862D–EFC0897BB84B}"="GDI+program wyodrbniajĄcy miniatury plikw"
"{9DBD2C50–62AD–11d0–B806–00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)"
"{EAB841A0–9550–11cf–8C16–00805F1408F3}"="Wyodrbnianie miniatur HTML"
"{eb9b1153–3b57–4e68–959a–a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB–43F6–46c5–9619–51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8–751a–4579–a266–d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c–76a5–4b6c–bf21–45de9cd503a1}"="Obiekt powˆoki kreatora publikacji"
"{58f1f272–9240–4f51–b6d4–fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport"
"{7A9D77BD–5403–11d2–8785–2E0420524153}"="Konta uytkownikw"
"{BD472F60–27FA–11cf–B8B4–444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60–FC0A–11CF–8F0F–00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0–2e98–11cf–8d82–444553540000}"="FTP Folders Webview"
"{883373C3–BF89–11D1–BE35–080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE–901A–4739–A481–E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210–FD1F–4B19–91DA–67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC–4362–4A12–850B–86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57–2567–4A2C–B881–F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC–BBB3–4D9B–B177–82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E–31C2–11d0–891C–00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0–6E0F–11d2–9601–00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20–2ABC–11d0–88F0–00A024AB2DBB}"="Directory Object Find"
"{F020E586–5264–11d1–A532–0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530–764B–11d0–A1CA–00AA00C16E65}"="Directory Property UI"
"{62AE1F9A–126A–11D0–A14B–0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33–103D–11d2–854D–006008059367}"="MyDocs Copy Hook"
"{ECF03A32–103D–11d2–854D–006008059367}"="MyDocs Drop Target"
"{4a7ded0a–ad25–11d0–98a8–0800361b1103}"="MyDocs Properties"
"{750fdf0e–2a26–11d1–a3ea–080036587f03}"="Offline Files Menu"
"{10CFC467–4392–11d2–8DB4–00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70–2A4C–11d2–9039–00C04F8EEB3E}"="Folder plikw trybu offline"
"{143A62C8–C33B–11D1–84FE–00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543–45CC–11CE–B9BF–0080C87CDBA6}"="DfsShell"
"{60fd46de–f830–4894–a628–6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8–8005–11D2–BCF8–00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0–9F37–11CE–AE65–08002B2E1262}"=".CAB file viewer"
"{32714800–2E5F–11d0–8B85–00AA0044F941}"="&Do osb..."
"{8DD448E6–C188–4aed–AF92–44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1–02AE–4a5f–A6E9–D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F–E9DC–4e68–9D7E–42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}"="WinRAR shell extension"
"{32020A01–506E–484D–A2A8–BE3CF17601C3}"="AlcoholShellEx"
"{BDEADF00–C265–11D0–BCED–00A0C90AB50F}"="Foldery w sieci Web"
"{00020D75–0000–0000–C000–000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045–0000–0000–C000–000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206–2D85–11D3–8CFF–005004838597}"="Microsoft Office HTML Icon Handler"
"{1D2680C9–0E2A–469d–B787–065558BC7D43}"="Fusion Cache"
"{B9E1D2CB–CCFF–4AA6–9579–D7A4754030EF}"="iTunes"
"{52B87208–9CCF–42C9–B88E–069281105805}"="Trojan Remover Shell Extension"
"{f39a0dc0–9cc8–11d0–a599–00c04fd64433}"="Plik kanaˆu"
"{f3aa0dc0–9cc8–11d0–a599–00c04fd64434}"="Skrt kanaˆu"
"{f3ba0dc0–9cc8–11d0–a599–00c04fd64435}"="Obiekt obsˆugi kanaˆu"
"{f3da0dc0–9cc8–11d0–a599–00c04fd64437}"="Channel Menu"
"{f3ea0dc0–9cc8–11d0–a599–00c04fd64438}"="Channel Properties"
"{640167b4–59b0–47a6–b335–a6b3c0695aea}"="Portable Media Devices"
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}"="Portable Media Devices Menu"
"{2559a1f7–21d7–11d4–bdaf–00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062–B4D2–4215–9F74–E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C–F208–4981–8353–73CC61AE2783}"="Previous Versions"
"{692F0339–CBAA–47e6–B5B5–3B84DB604E87}"="Extensions Manager Folder"
"{6AF883DB–B0FE–41FC–A293–CD748A1F5A64}"=""
"{21569614–B795–46b1–85F4–E737A8DC09AD}"="Shell Search Band"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
arcaon~1.dll Fri 2005–12–02 9:56:24 A.... 561 152 548,00 K
browseui.dll Thu 2005–11–24 1:39:20 A.... 1 022 464 998,50 K
cdfview.dll Fri 2005–10–21 4:42:08 A.... 151 552 148,00 K
cmdlin~1.dll Sun 2005–11–20 13:12:26 A.... 98 304 96,00 K
danim.dll Sat 2005–11–05 4:18:02 A.... 1 055 744 1,00 M
ddr64.dll Fri 2005–11–04 19:24:18 A.... 27 0,02 K
divx.dll Wed 2005–12–14 18:21:42 A.... 609 280 595,00 K
dxtrans.dll Fri 2005–10–21 4:42:08 A.... 205 312 200,50 K
esent.dll Thu 2005–10–20 23:30:54 A.... 1 092 608 1,04 M
extmgr.dll Fri 2005–10–21 4:42:08 ..... 55 808 54,50 K
gdi32.dll Thu 2005–10–06 4:18:44 A.... 280 064 273,50 K
iepeers.dll Fri 2005–10–21 4:42:08 A.... 251 392 245,50 K
inseng.dll Fri 2005–10–21 4:42:08 A.... 96 768 94,50 K
iqiesou.dll Fri 2005–12–16 16:19:34 A.... 73 216 71,50 K
kgkfq.dll Fri 2005–12–16 16:19:34 A.... 12 288 12,00 K
mshtml.dll Thu 2005–11–24 1:39:22 A.... 3 013 632 2,87 M
mshtmled.dll Fri 2005–10–21 4:42:10 A.... 448 512 438,00 K
msrating.dll Fri 2005–10–21 4:42:10 A.... 146 432 143,00 K
mstime.dll Fri 2005–10–21 4:42:10 A.... 530 944 518,50 K
pngfilt.dll Fri 2005–10–21 4:42:10 A.... 39 424 38,50 K
shdocvw.dll Thu 2005–12–01 4:34:28 A.... 1 492 480 1,42 M
shell32.dll Fri 2005–09–23 4:07:40 A.... 8 479 232 8,09 M
shlwapi.dll Fri 2005–10–21 4:42:12 A.... 473 600 462,50 K
spmsg.dll Thu 2005–10–13 0:21:28 ..... 16 096 15,72 K
urlmon.dll Sat 2005–11–05 4:18:08 A.... 605 184 591,00 K
wininet.dll Fri 2005–10–21 4:42:12 A.... 660 992 645,50 K
xinput~1.dll Wed 2005–09–28 15:35:48 A.... 61 136 59,70 K
xvid.dll Wed 2005–12–14 18:21:22 A.... 626 688 612,00 K
xvidcore.dll Wed 2005–12–14 18:21:30 A.... 675 840 660,00 K
xvidvfw.dll Wed 2005–12–14 18:21:32 A.... 155 648 152,00 K
30 items found: 30 files, 0 directories.
Total of file sizes: 22 991 819 bytes 21,93 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: C0A3–EB09
Katalog: C:\WINDOWS\System32
2005–12–13 23:04 dllcache
2005–09–28 20:57 401408 t?skmgr.exe
2005–07–19 10:29 Microsoft
1 plik(w) 401408 bajtw
2 katalog(w) 6595641344 bajtw wolnych
Silent Runners
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVRaidService" = "C:\WINDOWS\System32\nvraidservice.exe" ["NVIDIA Corporation"]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"odk_mon" = "C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe" ["FranmoSoft"]
"DAEMON Tools–1033" = ""C:\Program Files\D–Tools\daemon.exe" –lang 1033" ["DAEMON'S HOME"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" –atboottime" ["Apple Computer, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB–D6F0–462C–B6EB–D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{00020D75–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B9E1D2CB–CCFF–4AA6–9579–D7A4754030EF}" = "iTunes"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" [file not found]
"{640167b4–59b0–47a6–b335–a6b3c0695aea}" = "Portable Media Devices"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}" = "Portable Media Devices Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5–5146–11D5–A672–00B0D022E945}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
mgmfsnky\(Default) = "{e28cd9ba–882c–46fb–9e55–55f31fe96f4e}"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\kgkfq.dll" [null data]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Łukasz\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"
Startup items in "Łukasz" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" –> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Norton AntiVirus – Scan my computer – Łukasz" –> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" –> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{E0E899AB–F487–11D5–8D29–0050BA6940E3}" = "FlashGet Bar"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0006–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{92780B25–18CC–41C8–B9BE–3C9C571A8263}\
"ButtonText" = "Badanie"
{D6E814A0–E0C5–11D4–8D29–0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]
HOSTS file
––––––––––
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 34 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
Norton AntiVirus Auto–Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 19 seconds, including 2 seconds for message boxes)
Nie wiem co zrobić, szukałem programu na www.argon–soft.com – kiedyś nie miałem problemów, a teraz od razu mi się załadowało sporo trojanów, poradziłem sobie juź z L2M, ale wciąź mi wyskakuje błąd iexplore i Eksploratora Windows gdy coś przeglądam. Loga z HiJacka nie załączam, bo sprawdzałem automatem i nic nie wykryło. Proszę o pomoc, bo nie mam pojęcia jak naprawić ten powracający błąd.
L2MFIX
L2MFIX find log 121205
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C21058BB–10B3–0E91–FA79–B4361BCFB55C}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613–0000–0000–C000–000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego"
"{176d6597–26d3–11d1–b350–080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40–9550–11CE–99D2–00AA006E086C}"="Strona zabezpiecze NTFS"
"{3EA48300–8CF6–101B–84FB–666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile"
"{40dd6e20–7c17–11ce–a804–00aa003ca9f6}"="Rozszerzenia powˆoki dla udostpniania zasobw"
"{41E300E0–78B6–11ce–849B–444553540000}"="PlusPack CPL Extension"
"{42071712–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania"
"{42071714–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania"
"{4E40F770–369C–11d0–8922–00A024AB2DBB}"="Strona zabezpiecze usˆugi DS"
"{513D916F–2A8E–4F51–AEAB–0CBC76FB1AF8}"="Strona zgodno˜ci"
"{56117100–C0CD–101B–81E2–00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki"
"{59099400–57FF–11CE–BD94–0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990–f85c–11ce–aff7–00aa003ca9f6}"="Rozszerzenia powˆoki dla obiektw Microsoft Windows Network"
"{5DB2625A–54DF–11D0–B6C4–0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E–4C4D–11D0–B6C1–0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1–F219–11ce–972D–00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plikw"
"{77597368–7b15–11d0–a0c2–080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web"
"{7988B573–EC89–11cf–9C00–00AA00A14F56}"="Disk Quota UI"
"{853FE2B1–B769–11d0–9C4E–00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920–42A0–1069–A2E4–08002B30309D}"="Aktwka"
"{88895560–9AA2–1069–930E–00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380–8CA2–1069–AB1D–08000948F534}"="Fonts"
"{DBCE2480–C732–101B–BE72–BA78E9AD5B27}"="Profil ICC"
"{F37C5810–4D3F–11d0–B4BF–00AA00BBB723}"="Strona zabezpiecze drukarek"
"{f81e9010–6ea4–11ce–a7ff–00aa003ca9f6}"="Rozszerzenia powˆoki dla udostpniania zasobw"
"{f92e8c40–3d33–11d2–b1aa–080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717–39BF–11D1–8CD9–00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719–39BF–11D1–8CD9–00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7–3202–11D1–AAD2–00805FC1270E}"="PoˆĄczenia sieciowe"
"{992CFFA0–F557–101A–88EC–00DD010CCC48}"="PoˆĄczenia sieciowe"
"{E211B736–43FD–11D1–9EFB–0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A–6C50–11D1–9F1D–0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa–acd6–11d2–8080–00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603–1008–4f6e–A73A–04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3–b28a–4919–a5aa–73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790–D56E–4445–850E–4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514–6C5E–4d60–8F16–D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5–953B–11CF–8C96–00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skryptw systemu Windows"
"{2206CDB2–19C1–11D1–89E0–00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0–9EEF–11cf–8D8E–00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90–9EDD–11cf–8D8E–00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990–4C6A–11CF–8D87–00AA0060F5BF}"="Zaplanowane zadania"
"{0DF44EAA–FF21–4412–828E–260A8728E7F1}"="Pasek zada i menu Start"
"{2559a1f0–21d7–11d4–bdaf–00c04f60b9f0}"="Wyszukaj"
"{2559a1f1–21d7–11d4–bdaf–00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f2–21d7–11d4–bdaf–00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f3–21d7–11d4–bdaf–00c04f60b9f0}"="Uruchom..."
"{2559a1f4–21d7–11d4–bdaf–00c04f60b9f0}"="Internet"
"{2559a1f5–21d7–11d4–bdaf–00c04f60b9f0}"="E–mail"
"{D20EA4E1–3957–11d2–A40B–0C5020524152}"="Czcionki"
"{D20EA4E1–3957–11d2–A40B–0C5020524153}"="Narzdzia administracyjne"
"{875CB1A1–0F29–45de–A1AE–CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757–D6E4–4b49–BB41–0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D–D390–480b–92FD–7DDB47101D71}"="Wav Properties Handler"
"{87D62D94–71B3–4b9a–9489–5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45–6E44–43f9–8644–08598F5A74D9}"="Midi Properties Handler"
"{c5a40261–cd64–4ccf–84cb–c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780–7743–11CF–A12B–00AA004AE837}"="Pasek narzdzi programu Microsoft Internet"
"{22BF0C20–6DA7–11D0–B373–00A0C9034938}"="Stan pobierania"
"{91EA3F8B–C99B–11d0–9815–00C04FD91972}"="Folder powˆoki zwikszonej"
"{6413BA2C–B461–11d1–A18A–080036B11A03}"="Folder powˆoki zwikszonej 2"
"{F61FFEC1–754F–11d0–80CA–00AA005B4383}"="BandProxy"
"{7BA4C742–9E81–11CF–99D3–00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401–6A81–11d0–8274–00C04FD5AE38}"="Pasek wyszukiwania"
"{32683183–48a0–441b–a342–7c2a440a9478}"="Pasek multimediw"
"{169A0691–8DF9–11d1–A1C4–00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131–AF23–11d1–9111–00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510–F982–11d0–8595–00AA004CD6D8}"="Narzdzie opcji drzewa rejestru"
"{01E04581–4EEE–11d0–BFE9–00AA005B4383}"="&Adres"
"{A08C11D2–A228–11d0–825B–00AA005B4383}"="Pole edycji adresu"
"{00BB2763–6A77–11D0–A535–00C04FD7D062}"="Autouzupeˆnianie Microsoft"
"{7376D660–C583–11d0–A3A5–00C04FD706EC}"="Wyodrbnianie obrazw Trident"
"{6756A641–DE71–11d0–831B–00AA005B4383}"="Lista autouzupeˆniania MRU"
"{6935DB93–21E8–4ccc–BEB9–9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU"
"{7e653215–fa25–46bd–a339–34a2790f3cb7}"="Dostpny"
"{acf35015–526e–4230–9596–becbe19f0ac9}"="Pasek podrczny ˜ledzenia"
"{E0E11A09–5CB8–4B6C–8332–E00720A168F2}"="Analizator paska adresu"
"{00BB2764–6A77–11D0–A535–00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft"
"{03C036F1–A186–11D0–824A–00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft"
"{00BB2765–6A77–11D0–A535–00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft"
"{ECD4FC4E–521C–11D0–B792–00A0C90312E1}"="Menu witryny paska powˆoki"
"{3CCF8A41–5C85–11d0–9796–00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C–521C–11D0–B792–00A0C90312E1}"="Pasek pulpitu powˆoki"
"{ECD4FC4D–521C–11D0–B792–00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04–FEFF–11d1–8ECD–0000F87A470C}"="Pomoc dla uytkownika"
"{EF8AD2D1–AE36–11D1–B2D2–006097DF8C11}"="Globalne ustawienia folderw"
"{EFA24E61–B078–11d0–89E4–00C04FC9E26E}"="Favorites Band"
"{0A89A860–D7B1–11CE–8350–444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40–E76A–11CE–A9BB–00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A–8849–11D1–9D8C–00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40–E3F0–101B–8488–00AA003E56F8}"="InternetShortcut"
"{3C374A40–BAE4–11CF–BF7D–00AA006946EE}"="Microsoft Url History Service"
"{FF393560–C2A7–11CF–BFF4–444553540000}"="Historia"
"{7BD29E00–76C1–11CF–9DD0–00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01–76C1–11CF–9DD0–00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00–17A6–11D0–99CB–00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40–CC59–11d0–A3A5–00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0–CCEF–11d0–8024–00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951–7F78–11D0–A979–00C04FD705A2}"="ISFBand OC"
"{9461b922–3c5a–11d2–bf8b–00c04fb93661}"="Search Assistant OC"
"{3DC7A020–0ACD–11CF–A9BB–00AA004AE837}"="Internet"
"{871C5380–42A0–1069–A2EA–08002B30309D}"="Internet Name Space"
"{EFA24E64–B078–11d0–89E4–00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60–C50F–11CF–9A2C–00A0C90A90CE}"="Sendmail service"
"{9E56BE61–C50F–11CF–9A2C–00A0C90A90CE}"="Sendmail service"
"{88C6C381–2E85–11D0–94DE–444553540000}"="Folder pamici podrcznej ActiveX"
"{E6FB5E20–DE35–11CF–9C87–00AA005127ED}"="WebCheck"
"{ABBE31D0–6DAE–11D0–BECA–00C04FD940BE}"="Subscription Mgr"
"{F5175861–2688–11d0–9C5E–00AA00A45957}"="Folder subskrypcji"
"{08165EA0–E946–11CF–9C87–00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6–ABCE–11d0–BC4B–00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0–6B4E–11d0–92DB–00A0C90C2BD7}"="TrayAgent"
"{7D559C10–9FE9–11d0–93F7–00AA0059CE02}"="Code Download Agent"
"{E6CC6978–6B6E–11D0–BECA–00C04FD940BE}"="ConnectionAgent"
"{D8BD2030–6FC9–11D0–864F–00AA006809D9}"="PostAgent"
"{7FC0B86E–5FA7–11d1–BC7C–00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7–8B9A–11D1–B8AE–006008059382}"="Meneder aplikacji powˆoki"
"{0B124F8F–91F0–11D1–B8B5–006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0–A282–11D1–9082–006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c–1d6a–45f6–b725–cb260c236066}"="Shell Image Verbs"
"{66e4e4fb–f385–4dd0–8d74–a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968–480A–4C6C–862D–EFC0897BB84B}"="GDI+program wyodrbniajĄcy miniatury plikw"
"{9DBD2C50–62AD–11d0–B806–00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)"
"{EAB841A0–9550–11cf–8C16–00805F1408F3}"="Wyodrbnianie miniatur HTML"
"{eb9b1153–3b57–4e68–959a–a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB–43F6–46c5–9619–51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8–751a–4579–a266–d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c–76a5–4b6c–bf21–45de9cd503a1}"="Obiekt powˆoki kreatora publikacji"
"{58f1f272–9240–4f51–b6d4–fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport"
"{7A9D77BD–5403–11d2–8785–2E0420524153}"="Konta uytkownikw"
"{BD472F60–27FA–11cf–B8B4–444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60–FC0A–11CF–8F0F–00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0–2e98–11cf–8d82–444553540000}"="FTP Folders Webview"
"{883373C3–BF89–11D1–BE35–080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE–901A–4739–A481–E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210–FD1F–4B19–91DA–67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC–4362–4A12–850B–86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57–2567–4A2C–B881–F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC–BBB3–4D9B–B177–82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E–31C2–11d0–891C–00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0–6E0F–11d2–9601–00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20–2ABC–11d0–88F0–00A024AB2DBB}"="Directory Object Find"
"{F020E586–5264–11d1–A532–0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530–764B–11d0–A1CA–00AA00C16E65}"="Directory Property UI"
"{62AE1F9A–126A–11D0–A14B–0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33–103D–11d2–854D–006008059367}"="MyDocs Copy Hook"
"{ECF03A32–103D–11d2–854D–006008059367}"="MyDocs Drop Target"
"{4a7ded0a–ad25–11d0–98a8–0800361b1103}"="MyDocs Properties"
"{750fdf0e–2a26–11d1–a3ea–080036587f03}"="Offline Files Menu"
"{10CFC467–4392–11d2–8DB4–00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70–2A4C–11d2–9039–00C04F8EEB3E}"="Folder plikw trybu offline"
"{143A62C8–C33B–11D1–84FE–00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543–45CC–11CE–B9BF–0080C87CDBA6}"="DfsShell"
"{60fd46de–f830–4894–a628–6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8–8005–11D2–BCF8–00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0–9F37–11CE–AE65–08002B2E1262}"=".CAB file viewer"
"{32714800–2E5F–11d0–8B85–00AA0044F941}"="&Do osb..."
"{8DD448E6–C188–4aed–AF92–44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1–02AE–4a5f–A6E9–D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F–E9DC–4e68–9D7E–42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}"="WinRAR shell extension"
"{32020A01–506E–484D–A2A8–BE3CF17601C3}"="AlcoholShellEx"
"{BDEADF00–C265–11D0–BCED–00A0C90AB50F}"="Foldery w sieci Web"
"{00020D75–0000–0000–C000–000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045–0000–0000–C000–000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206–2D85–11D3–8CFF–005004838597}"="Microsoft Office HTML Icon Handler"
"{1D2680C9–0E2A–469d–B787–065558BC7D43}"="Fusion Cache"
"{B9E1D2CB–CCFF–4AA6–9579–D7A4754030EF}"="iTunes"
"{52B87208–9CCF–42C9–B88E–069281105805}"="Trojan Remover Shell Extension"
"{f39a0dc0–9cc8–11d0–a599–00c04fd64433}"="Plik kanaˆu"
"{f3aa0dc0–9cc8–11d0–a599–00c04fd64434}"="Skrt kanaˆu"
"{f3ba0dc0–9cc8–11d0–a599–00c04fd64435}"="Obiekt obsˆugi kanaˆu"
"{f3da0dc0–9cc8–11d0–a599–00c04fd64437}"="Channel Menu"
"{f3ea0dc0–9cc8–11d0–a599–00c04fd64438}"="Channel Properties"
"{640167b4–59b0–47a6–b335–a6b3c0695aea}"="Portable Media Devices"
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}"="Portable Media Devices Menu"
"{2559a1f7–21d7–11d4–bdaf–00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062–B4D2–4215–9F74–E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C–F208–4981–8353–73CC61AE2783}"="Previous Versions"
"{692F0339–CBAA–47e6–B5B5–3B84DB604E87}"="Extensions Manager Folder"
"{6AF883DB–B0FE–41FC–A293–CD748A1F5A64}"=""
"{21569614–B795–46b1–85F4–E737A8DC09AD}"="Shell Search Band"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
arcaon~1.dll Fri 2005–12–02 9:56:24 A.... 561 152 548,00 K
browseui.dll Thu 2005–11–24 1:39:20 A.... 1 022 464 998,50 K
cdfview.dll Fri 2005–10–21 4:42:08 A.... 151 552 148,00 K
cmdlin~1.dll Sun 2005–11–20 13:12:26 A.... 98 304 96,00 K
danim.dll Sat 2005–11–05 4:18:02 A.... 1 055 744 1,00 M
ddr64.dll Fri 2005–11–04 19:24:18 A.... 27 0,02 K
divx.dll Wed 2005–12–14 18:21:42 A.... 609 280 595,00 K
dxtrans.dll Fri 2005–10–21 4:42:08 A.... 205 312 200,50 K
esent.dll Thu 2005–10–20 23:30:54 A.... 1 092 608 1,04 M
extmgr.dll Fri 2005–10–21 4:42:08 ..... 55 808 54,50 K
gdi32.dll Thu 2005–10–06 4:18:44 A.... 280 064 273,50 K
iepeers.dll Fri 2005–10–21 4:42:08 A.... 251 392 245,50 K
inseng.dll Fri 2005–10–21 4:42:08 A.... 96 768 94,50 K
iqiesou.dll Fri 2005–12–16 16:19:34 A.... 73 216 71,50 K
kgkfq.dll Fri 2005–12–16 16:19:34 A.... 12 288 12,00 K
mshtml.dll Thu 2005–11–24 1:39:22 A.... 3 013 632 2,87 M
mshtmled.dll Fri 2005–10–21 4:42:10 A.... 448 512 438,00 K
msrating.dll Fri 2005–10–21 4:42:10 A.... 146 432 143,00 K
mstime.dll Fri 2005–10–21 4:42:10 A.... 530 944 518,50 K
pngfilt.dll Fri 2005–10–21 4:42:10 A.... 39 424 38,50 K
shdocvw.dll Thu 2005–12–01 4:34:28 A.... 1 492 480 1,42 M
shell32.dll Fri 2005–09–23 4:07:40 A.... 8 479 232 8,09 M
shlwapi.dll Fri 2005–10–21 4:42:12 A.... 473 600 462,50 K
spmsg.dll Thu 2005–10–13 0:21:28 ..... 16 096 15,72 K
urlmon.dll Sat 2005–11–05 4:18:08 A.... 605 184 591,00 K
wininet.dll Fri 2005–10–21 4:42:12 A.... 660 992 645,50 K
xinput~1.dll Wed 2005–09–28 15:35:48 A.... 61 136 59,70 K
xvid.dll Wed 2005–12–14 18:21:22 A.... 626 688 612,00 K
xvidcore.dll Wed 2005–12–14 18:21:30 A.... 675 840 660,00 K
xvidvfw.dll Wed 2005–12–14 18:21:32 A.... 155 648 152,00 K
30 items found: 30 files, 0 directories.
Total of file sizes: 22 991 819 bytes 21,93 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: C0A3–EB09
Katalog: C:\WINDOWS\System32
2005–12–13 23:04 dllcache
2005–09–28 20:57 401408 t?skmgr.exe
2005–07–19 10:29 Microsoft
1 plik(w) 401408 bajtw
2 katalog(w) 6595641344 bajtw wolnych
Silent Runners
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVRaidService" = "C:\WINDOWS\System32\nvraidservice.exe" ["NVIDIA Corporation"]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"odk_mon" = "C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe" ["FranmoSoft"]
"DAEMON Tools–1033" = ""C:\Program Files\D–Tools\daemon.exe" –lang 1033" ["DAEMON'S HOME"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" –atboottime" ["Apple Computer, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB–D6F0–462C–B6EB–D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{00020D75–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B9E1D2CB–CCFF–4AA6–9579–D7A4754030EF}" = "iTunes"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" [file not found]
"{640167b4–59b0–47a6–b335–a6b3c0695aea}" = "Portable Media Devices"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}" = "Portable Media Devices Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5–5146–11D5–A672–00B0D022E945}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
mgmfsnky\(Default) = "{e28cd9ba–882c–46fb–9e55–55f31fe96f4e}"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\kgkfq.dll" [null data]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Łukasz\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"
Startup items in "Łukasz" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" –> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Norton AntiVirus – Scan my computer – Łukasz" –> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" –> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{E0E899AB–F487–11D5–8D29–0050BA6940E3}" = "FlashGet Bar"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0006–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{92780B25–18CC–41C8–B9BE–3C9C571A8263}\
"ButtonText" = "Badanie"
{D6E814A0–E0C5–11D4–8D29–0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]
HOSTS file
––––––––––
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 34 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
Norton AntiVirus Auto–Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 19 seconds, including 2 seconds for message boxes)
Nie wiem co zrobić, szukałem programu na www.argon–soft.com – kiedyś nie miałem problemów, a teraz od razu mi się załadowało sporo trojanów, poradziłem sobie juź z L2M, ale wciąź mi wyskakuje błąd iexplore i Eksploratora Windows gdy coś przeglądam. Loga z HiJacka nie załączam, bo sprawdzałem automatem i nic nie wykryło. Proszę o pomoc, bo nie mam pojęcia jak naprawić ten powracający błąd.
Odpowiedzi: 4
Wielkie Dzięki, zrobiłem to:) zawsze mam włączone by były widoczne ukryte pliki, ale on i yak się ukrywał, dziek itym komendom się odnalazł:) Kiedyś nawet nie mogłem odtworzytć menadźera zadań, bo wyskakiwało, źe administrator (czyli ja) zablokował tam dostęp. Na szczęście znalazłem odpowiedni wpis w rejestrze. Jakby co to mogę z Tym pomóc :D
I raczej go nie zobaczysz bo jest ukryty, a siedzi w system32 (opcje folderów i załaczyć pokazywanie ukrytych i systemowych)
W razie czego zrób dwie komendy w wierszu poleceń:
cd C:\Windows\system32
attrib –r –s –h t?skmgr.exe
Idz do system32 znajdz ten plik (będą dwa identyczne) sprawdz własciwosci i usun tego, ktory nie jest podpisany przez M$.
W razie czego zrób dwie komendy w wierszu poleceń:
cd C:\Windows\system32
attrib –r –s –h t?skmgr.exe
Idz do system32 znajdz ten plik (będą dwa identyczne) sprawdz własciwosci i usun tego, ktory nie jest podpisany przez M$.
Dzięki tak zrobiłem, mam nadzieję, źe to pomoźe. Jeśli chodzi o tego pytajnikowca, to go nie znalazłem w sytemie, znalazłem za to dwa taskmgr jeden w System32 a drugi w C:\WINDOWS\ServicePackFiles\i386 Nie będę ich usuwał. Gdzie moźe być ten t?skmgr.exe ?
Więc po kolei,
– bląd explorera najprawdopodobniej powoduje:
Usuwasz więc klucz HKLM\Software\Classes\*\shellex\ContextMenuHandlers\mgmfsnky oraz bibliotekę kgkfq.dll
– ze szczątków Look2me zostało:
Usun więc te dwie wartosci i poszukaj numerków w klamrach w rejestrze.
– wśród tych plików poniźej "Files Found..." jest kilka które trzeba by usunąć mp. ddr64.dll i t?skmgr.exe
Posprawdzaj resztę.
Uwazaj na tego pytajnikowca bo wyglada identycznie jak menadzer zadań, równią się włąściwościami.
– bląd explorera najprawdopodobniej powoduje:
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
mgmfsnky\(Default) = "{e28cd9ba–882c–46fb–9e55–55f31fe96f4e}"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\kgkfq.dll" [null data]
Usuwasz więc klucz HKLM\Software\Classes\*\shellex\ContextMenuHandlers\mgmfsnky oraz bibliotekę kgkfq.dll
– ze szczątków Look2me zostało:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C21058BB–10B3–0E91–FA79–B4361BCFB55C}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{6AF883DB–B0FE–41FC–A293–CD748A1F5A64}"=""
Usun więc te dwie wartosci i poszukaj numerków w klamrach w rejestrze.
– wśród tych plików poniźej "Files Found..." jest kilka które trzeba by usunąć mp. ddr64.dll i t?skmgr.exe
Posprawdzaj resztę.
Uwazaj na tego pytajnikowca bo wyglada identycznie jak menadzer zadań, równią się włąściwościami.
Strona 1 / 1