Look2Me – nie daję rady.
Proszę o pomoc w likwidacji tego ścierwa.Norton wykrywa mi adware Look2Me.Za kaźdym razem kasuję ale zawsze jeden zostaje.Podczas pracy w internecie wyskakują mi niechciane strony.Prubowałem róźnych sposobów do wywalenia tego i nic.Poprzez Spyware Doctor, Ad–Aware SE Personal,poprzez instrukcje(do kasacji Look2Me–spyware i Look2Me–adware)ze strony Symantec Norton(przez safe mode, rejestr itd.).FxSpMe–program ze strony nortona potwierdza spyware Look2Me.Być moźe popełniłem jakieś błedy przy próbie likwidacji ,ale w źaden sposób nie mogę z tym poradzić.Proszę o pomoc.Z góry dziękuję.A oto jeszcze mój log:
Scan saved at 23:11:32, on 2005–11–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\NORTON~1\NORTON~3\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mariusz\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1045
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Anti–Blaxx Manager] C:\Program Files\Anti–Blaxx 1.18\Anti–Blaxx.exe
O4 – HKLM\..\Run: [ecsiin] c:\ecsiin.stub.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD–5CC4–4ceb–AAAF–CF00BF39736A} /MODE CfgWiz
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: Pobierz z &BitSpirit – C:\Program Files\BitSpirit\bsurl.htm
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 – DPF: {01012101–5E80–11D8–9E86–0007E96C65AE} (SupportSoft Script Runner Class) – http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 – DPF: {1F2F4C9E–6F09–47BC–970D–3C54734667FE} (LSSupCtl Class) – http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 – DPF: {CE28D5D2–60CF–4C7D–9FE8–0F47A3308078} (ActiveDataInfo Class) – http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 – Winlogon Notify: Reliability – C:\WINDOWS\system32\p28q0cl5efq.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: PC Tools Spyware Doctor (SDhelper) – PC Tools – C:\Program Files\Spyware Doctor\sdhelp.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Scan saved at 23:11:32, on 2005–11–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\NORTON~1\NORTON~3\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mariusz\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1045
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Anti–Blaxx Manager] C:\Program Files\Anti–Blaxx 1.18\Anti–Blaxx.exe
O4 – HKLM\..\Run: [ecsiin] c:\ecsiin.stub.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD–5CC4–4ceb–AAAF–CF00BF39736A} /MODE CfgWiz
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: Pobierz z &BitSpirit – C:\Program Files\BitSpirit\bsurl.htm
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 – DPF: {01012101–5E80–11D8–9E86–0007E96C65AE} (SupportSoft Script Runner Class) – http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 – DPF: {1F2F4C9E–6F09–47BC–970D–3C54734667FE} (LSSupCtl Class) – http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 – DPF: {CE28D5D2–60CF–4C7D–9FE8–0F47A3308078} (ActiveDataInfo Class) – http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 – Winlogon Notify: Reliability – C:\WINDOWS\system32\p28q0cl5efq.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: PC Tools Spyware Doctor (SDhelper) – PC Tools – C:\Program Files\Spyware Doctor\sdhelp.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Odpowiedzi: 10
Dzięki.Po zainstalowaniu konsoli odzyskiwania udało mi się usunąć 2 pliki z 7.Przy próbie usunięcia innych wyświetla "odmowa dostępu".Dalej przy próbie zmiany atrybutu pliku (napisałem: ATTRIB –S–H hbetmon.dll wyświetla ,źe nie moźe znaleźć pliku. Czy powinienem uźyć innego polecenia ,a jeźeli tak to jakiego,czy teź prubować metodą prób i błędów.Czy teź popełniłem jakiś błąd? Proszę o dalsze wskazówki.
marus:
Uźyłem polecenia:
cmd(enter)
E:(enter)
i386/winnt32/cmdcons(enter)
no i wyskoczyło to co w powyźszym poście.
Próbowałem teź wpisać odrazu całą ścieźkę:
E:\i386\winnt32.exe/cmdcons
iteź nic(jakiś błąd itd.)
Oba z instrukcji z internetu.
Rozumiem, źe E: to Twój napęd z włozoną płytą instalacyjną Windowsa.
Polecenie moźesz wpisać jednorazowo w start –> uruchom. Błąd we wprowadzaniu poleceń polega na braku spacji pomiędzy winnt32.exe a /cmdcons. Czyli prawidłowo będzie:
E:\i386\winnt32.exe /cmdcons
Uźyłem polecenia:
cmd(enter)
E:(enter)
i386/winnt32/cmdcons(enter)
no i wyskoczyło to co w powyźszym poście.
Próbowałem teź wpisać odrazu całą ścieźkę:
E:\i386\winnt32.exe/cmdcons
iteź nic(jakiś błąd itd.)
Oba z instrukcji z internetu.
cmd(enter)
E:(enter)
i386/winnt32/cmdcons(enter)
no i wyskoczyło to co w powyźszym poście.
Próbowałem teź wpisać odrazu całą ścieźkę:
E:\i386\winnt32.exe/cmdcons
iteź nic(jakiś błąd itd.)
Oba z instrukcji z internetu.
A jakiego polecenia uźywasz do tego celu ?? Bo wygląda na to, źe robisz w nim błąd – i386 jest nazwą katalogu na płycie instalacyjnej a nie plikiem wykonywalnym
Mam następny problem.Czy ktoś moźe mi poradzić co ztym zrobić.Przy prubie instalacji Konsoli Odzyskiwania widzę to:
"nazwa i386 nie jest rozpoznawalna jako polecenie wewnętrznelub wewnętrzne, program wykonywalny czy plik wsadowy."
"nazwa i386 nie jest rozpoznawalna jako polecenie wewnętrznelub wewnętrzne, program wykonywalny czy plik wsadowy."
Dzięki juź wiem.
Dziękuje bardzo.Mam jeszcze małe pytanie.Jak zrobić fixa?
Wklejasz taki tekst do notatnika i zapisujesz z rozszerzeniem reg np. jako fix.reg
Z dysku znikaja takie pliki:
msupdate32.dll
wifbvm50.dll
hbetmon.dll
jt0207doe.dll
f6j20g1oe6.dll
gau32.dll
enpsl1771.dll
Najlpiej jakbyś usunął je w konsoli odzyskiwnia poleceniem del, wczesniej być moźe trzeba dać attrib z parametrami (–s –h)
Wszystko to masz w helpie pod attrib /?
Pózniej uuruchamiasz system w awaryjnym i dodajesz do rejestru wcześniej zrobionego fixa.
Windows Registry Editor Version 5.00
[–HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate]
[–HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D37B5833–146D–25D9–682E–5F7AEB117F26}"=–
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}"=–
"{006598A4–919A–4BB5–B45C–B6D950FB7E21}"=–
[–HKEY_CLASSES_ROOT\CLSID\{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}]
[–HKEY_CLASSES_ROOT\CLSID\{006598A4–919A–4BB5–B45C–B6D950FB7E21}]
Z dysku znikaja takie pliki:
msupdate32.dll
wifbvm50.dll
hbetmon.dll
jt0207doe.dll
f6j20g1oe6.dll
gau32.dll
enpsl1771.dll
Najlpiej jakbyś usunął je w konsoli odzyskiwnia poleceniem del, wczesniej być moźe trzeba dać attrib z parametrami (–s –h)
Wszystko to masz w helpie pod attrib /?
Pózniej uuruchamiasz system w awaryjnym i dodajesz do rejestru wcześniej zrobionego fixa.
Dziękuję za wskazówki. Chciałbym zabrać się za usówanie ,ale jestem laikiem i nie wiem czy czegoś nie zawalę.Prosiłbym o sprawdzenie tego raportu i podanie co dokładnie muszę wywalić. Dziękuję i pozdrawiam.
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate]
"DllName"="msupdate32.dll"
"Startup"="WinlogonStartupEvent"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\f6j20g1oe6.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
RegDACL 5.1 – Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999–2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access ZARZDZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZDZANIE NT\SYSTEM
(NI) ALLOW Full access ZARZDZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–CI) DENY ––C––––––– BUILTIN\Administratorzy
(ID–NI) ALLOW Read BUILTIN\Uytkownicy
(ID–IO) ALLOW Read BUILTIN\Uytkownicy
(ID–NI) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–IO) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–NI) ALLOW Full access BUILTIN\Administratorzy
(ID–IO) ALLOW Full access BUILTIN\Administratorzy
(ID–NI) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access TWRCA–WACICIEL
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D37B5833–146D–25D9–682E–5F7AEB117F26}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613–0000–0000–C000–000000000046}"="Karta waciwoci pliku multimedialnego"
"{176d6597–26d3–11d1–b350–080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40–9550–11CE–99D2–00AA006E086C}"="Strona zabezpiecze NTFS"
"{3EA48300–8CF6–101B–84FB–666CCB9BCD32}"="Strona waciwoci OLE Docfile"
"{40dd6e20–7c17–11ce–a804–00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasobw"
"{41E300E0–78B6–11ce–849B–444553540000}"="PlusPack CPL Extension"
"{42071712–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"
"{42071714–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"
"{4E40F770–369C–11d0–8922–00A024AB2DBB}"="Strona zabezpiecze usugi DS"
"{513D916F–2A8E–4F51–AEAB–0CBC76FB1AF8}"="Strona zgodnoci"
"{56117100–C0CD–101B–81E2–00AA004AE837}"="Program obsugi danych wycinkowych powoki"
"{59099400–57FF–11CE–BD94–0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990–f85c–11ce–aff7–00aa003ca9f6}"="Rozszerzenia powoki dla obiektw Microsoft Windows Network"
"{5DB2625A–54DF–11D0–B6C4–0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E–4C4D–11D0–B6C1–0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1–F219–11ce–972D–00AA00A14F56}"="Rozszerzenia powoki dla kompresji plikw"
"{77597368–7b15–11d0–a0c2–080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"
"{7988B573–EC89–11cf–9C00–00AA00A14F56}"="Disk Quota UI"
"{853FE2B1–B769–11d0–9C4E–00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920–42A0–1069–A2E4–08002B30309D}"="Aktwka"
"{88895560–9AA2–1069–930E–00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380–8CA2–1069–AB1D–08000948F534}"="Fonts"
"{DBCE2480–C732–101B–BE72–BA78E9AD5B27}"="Profil ICC"
"{F37C5810–4D3F–11d0–B4BF–00AA00BBB723}"="Strona zabezpiecze drukarek"
"{f81e9010–6ea4–11ce–a7ff–00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasobw"
"{f92e8c40–3d33–11d2–b1aa–080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717–39BF–11D1–8CD9–00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719–39BF–11D1–8CD9–00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7–3202–11D1–AAD2–00805FC1270E}"="PoĄczenia sieciowe"
"{992CFFA0–F557–101A–88EC–00DD010CCC48}"="PoĄczenia sieciowe"
"{E211B736–43FD–11D1–9EFB–0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A–6C50–11D1–9F1D–0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa–acd6–11d2–8080–00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603–1008–4f6e–A73A–04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3–b28a–4919–a5aa–73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790–D56E–4445–850E–4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514–6C5E–4d60–8F16–D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5–953B–11CF–8C96–00AA00B8708C}"="Rozszerzenia powoki dla hosta skryptw systemu Windows"
"{2206CDB2–19C1–11D1–89E0–00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0–9EEF–11cf–8D8E–00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90–9EDD–11cf–8D8E–00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990–4C6A–11CF–8D87–00AA0060F5BF}"="Zaplanowane zadania"
"{0DF44EAA–FF21–4412–828E–260A8728E7F1}"="Pasek zada i menu Start"
"{2559a1f0–21d7–11d4–bdaf–00c04f60b9f0}"="Wyszukaj"
"{2559a1f1–21d7–11d4–bdaf–00c04f60b9f0}"="Pomoc i obsuga techniczna"
"{2559a1f2–21d7–11d4–bdaf–00c04f60b9f0}"="Pomoc i obsuga techniczna"
"{2559a1f3–21d7–11d4–bdaf–00c04f60b9f0}"="Uruchom..."
"{2559a1f4–21d7–11d4–bdaf–00c04f60b9f0}"="Internet"
"{2559a1f5–21d7–11d4–bdaf–00c04f60b9f0}"="E–mail"
"{D20EA4E1–3957–11d2–A40B–0C5020524152}"="Czcionki"
"{D20EA4E1–3957–11d2–A40B–0C5020524153}"="Narz©dzia administracyjne"
"{875CB1A1–0F29–45de–A1AE–CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757–D6E4–4b49–BB41–0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D–D390–480b–92FD–7DDB47101D71}"="Wav Properties Handler"
"{87D62D94–71B3–4b9a–9489–5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45–6E44–43f9–8644–08598F5A74D9}"="Midi Properties Handler"
"{c5a40261–cd64–4ccf–84cb–c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780–7743–11CF–A12B–00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"
"{22BF0C20–6DA7–11D0–B373–00A0C9034938}"="Stan pobierania"
"{91EA3F8B–C99B–11d0–9815–00C04FD91972}"="Folder powoki zwi©kszonej"
"{6413BA2C–B461–11d1–A18A–080036B11A03}"="Folder powoki zwi©kszonej 2"
"{F61FFEC1–754F–11d0–80CA–00AA005B4383}"="BandProxy"
"{7BA4C742–9E81–11CF–99D3–00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401–6A81–11d0–8274–00C04FD5AE38}"="Pasek wyszukiwania"
"{32683183–48a0–441b–a342–7c2a440a9478}"="Pasek multimediw"
"{169A0691–8DF9–11d1–A1C4–00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131–AF23–11d1–9111–00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510–F982–11d0–8595–00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"
"{01E04581–4EEE–11d0–BFE9–00AA005B4383}"="&Adres"
"{A08C11D2–A228–11d0–825B–00AA005B4383}"="Pole edycji adresu"
"{00BB2763–6A77–11D0–A535–00C04FD7D062}"="Autouzupenianie Microsoft"
"{7376D660–C583–11d0–A3A5–00C04FD706EC}"="Wyodr©bnianie obrazw Trident"
"{6756A641–DE71–11d0–831B–00AA005B4383}"="Lista autouzupeniania MRU"
"{6935DB93–21E8–4ccc–BEB9–9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"
"{7e653215–fa25–46bd–a339–34a2790f3cb7}"="Dost©pny"
"{acf35015–526e–4230–9596–becbe19f0ac9}"="Pasek podr©czny ledzenia"
"{E0E11A09–5CB8–4B6C–8332–E00720A168F2}"="Analizator paska adresu"
"{00BB2764–6A77–11D0–A535–00C04FD7D062}"="Lista autouzupeniania historii Microsoft"
"{03C036F1–A186–11D0–824A–00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"
"{00BB2765–6A77–11D0–A535–00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"
"{ECD4FC4E–521C–11D0–B792–00A0C90312E1}"="Menu witryny paska powoki"
"{3CCF8A41–5C85–11d0–9796–00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C–521C–11D0–B792–00A0C90312E1}"="Pasek pulpitu powoki"
"{ECD4FC4D–521C–11D0–B792–00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04–FEFF–11d1–8ECD–0000F87A470C}"="Pomoc dla uytkownika"
"{EF8AD2D1–AE36–11D1–B2D2–006097DF8C11}"="Globalne ustawienia folderw"
"{EFA24E61–B078–11d0–89E4–00C04FC9E26E}"="Favorites Band"
"{0A89A860–D7B1–11CE–8350–444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40–E76A–11CE–A9BB–00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A–8849–11D1–9D8C–00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40–E3F0–101B–8488–00AA003E56F8}"="InternetShortcut"
"{3C374A40–BAE4–11CF–BF7D–00AA006946EE}"="Microsoft Url History Service"
"{FF393560–C2A7–11CF–BFF4–444553540000}"="Historia"
"{7BD29E00–76C1–11CF–9DD0–00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01–76C1–11CF–9DD0–00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00–17A6–11D0–99CB–00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40–CC59–11d0–A3A5–00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0–CCEF–11d0–8024–00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951–7F78–11D0–A979–00C04FD705A2}"="ISFBand OC"
"{9461b922–3c5a–11d2–bf8b–00c04fb93661}"="Search Assistant OC"
"{3DC7A020–0ACD–11CF–A9BB–00AA004AE837}"="Internet"
"{871C5380–42A0–1069–A2EA–08002B30309D}"="Internet Name Space"
"{EFA24E64–B078–11d0–89E4–00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60–C50F–11CF–9A2C–00A0C90A90CE}"="Sendmail service"
"{9E56BE61–C50F–11CF–9A2C–00A0C90A90CE}"="Sendmail service"
"{88C6C381–2E85–11D0–94DE–444553540000}"="Folder pami©ci podr©cznej ActiveX"
"{E6FB5E20–DE35–11CF–9C87–00AA005127ED}"="WebCheck"
"{ABBE31D0–6DAE–11D0–BECA–00C04FD940BE}"="Subscription Mgr"
"{F5175861–2688–11d0–9C5E–00AA00A45957}"="Folder subskrypcji"
"{08165EA0–E946–11CF–9C87–00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6–ABCE–11d0–BC4B–00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0–6B4E–11d0–92DB–00A0C90C2BD7}"="TrayAgent"
"{7D559C10–9FE9–11d0–93F7–00AA0059CE02}"="Code Download Agent"
"{E6CC6978–6B6E–11D0–BECA–00C04FD940BE}"="ConnectionAgent"
"{D8BD2030–6FC9–11D0–864F–00AA006809D9}"="PostAgent"
"{7FC0B86E–5FA7–11d1–BC7C–00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7–8B9A–11D1–B8AE–006008059382}"="Meneder aplikacji powoki"
"{0B124F8F–91F0–11D1–B8B5–006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0–A282–11D1–9082–006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c–1d6a–45f6–b725–cb260c236066}"="Shell Image Verbs"
"{66e4e4fb–f385–4dd0–8d74–a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968–480A–4C6C–862D–EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plikw"
"{9DBD2C50–62AD–11d0–B806–00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"
"{EAB841A0–9550–11cf–8C16–00805F1408F3}"="Wyodr©bnianie miniatur HTML"
"{eb9b1153–3b57–4e68–959a–a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB–43F6–46c5–9619–51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8–751a–4579–a266–d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c–76a5–4b6c–bf21–45de9cd503a1}"="Obiekt powoki kreatora publikacji"
"{58f1f272–9240–4f51–b6d4–fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"
"{7A9D77BD–5403–11d2–8785–2E0420524153}"="Konta uytkownikw"
"{BD472F60–27FA–11cf–B8B4–444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60–FC0A–11CF–8F0F–00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0–9cc8–11d0–a599–00c04fd64433}"="Plik kanau"
"{f3aa0dc0–9cc8–11d0–a599–00c04fd64434}"="Skrt kanau"
"{f3ba0dc0–9cc8–11d0–a599–00c04fd64435}"="Obiekt obsugi kanau"
"{f3da0dc0–9cc8–11d0–a599–00c04fd64437}"="Channel Menu"
"{f3ea0dc0–9cc8–11d0–a599–00c04fd64438}"="Channel Properties"
"{63da6ec0–2e98–11cf–8d82–444553540000}"="FTP Folders Webview"
"{883373C3–BF89–11D1–BE35–080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE–901A–4739–A481–E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210–FD1F–4B19–91DA–67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC–4362–4A12–850B–86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57–2567–4A2C–B881–F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC–BBB3–4D9B–B177–82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E–31C2–11d0–891C–00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0–6E0F–11d2–9601–00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20–2ABC–11d0–88F0–00A024AB2DBB}"="Directory Object Find"
"{F020E586–5264–11d1–A532–0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530–764B–11d0–A1CA–00AA00C16E65}"="Directory Property UI"
"{62AE1F9A–126A–11D0–A14B–0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33–103D–11d2–854D–006008059367}"="MyDocs Copy Hook"
"{ECF03A32–103D–11d2–854D–006008059367}"="MyDocs Drop Target"
"{4a7ded0a–ad25–11d0–98a8–0800361b1103}"="MyDocs Properties"
"{750fdf0e–2a26–11d1–a3ea–080036587f03}"="Offline Files Menu"
"{10CFC467–4392–11d2–8DB4–00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70–2A4C–11d2–9039–00C04F8EEB3E}"="Folder plikw trybu offline"
"{143A62C8–C33B–11D1–84FE–00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543–45CC–11CE–B9BF–0080C87CDBA6}"="DfsShell"
"{60fd46de–f830–4894–a628–6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8–8005–11D2–BCF8–00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0–9F37–11CE–AE65–08002B2E1262}"=".CAB file viewer"
"{32714800–2E5F–11d0–8B85–00AA0044F941}"="&Do osb..."
"{8DD448E6–C188–4aed–AF92–44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1–02AE–4a5f–A6E9–D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F–E9DC–4e68–9D7E–42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A–BF00–412C–90B7–034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}"="Play on my TV helper"
"{1CDB2949–8F65–4355–8456–263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}"="WinRAR shell extension"
"{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}"=""
"{006598A4–919A–4BB5–B45C–B6D950FB7E21}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}\Implemented Categories\{00021492–0000–0000–C000–000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{006598A4–919A–4BB5–B45C–B6D950FB7E21}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{006598A4–919A–4BB5–B45C–B6D950FB7E21}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{006598A4–919A–4BB5–B45C–B6D950FB7E21}\Implemented Categories\{00021492–0000–0000–C000–000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{006598A4–919A–4BB5–B45C–B6D950FB7E21}\InprocServer32]
@="C:\\WINDOWS\\system32\\hbetmon.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
chip.dll Mon 2005–11–14 18:42:32 A.... 34 308 33,50 K
cmdlin~1.dll Sun 2005–11–20 18:47:10 A.... 98 304 96,00 K
cmdlin~2.dll Sun 2005–11–20 16:48:56 A.... 43 520 42,50 K
enpsl1~1.dll Tue 2005–11–22 0:15:34 ..S.R 235 516 229,99 K
f6j20g~1.dll Tue 2005–11–22 20:23:42 ..S.R 235 516 229,99 K
gau32.dll Tue 2005–11–22 19:03:42 ..S.R 235 516 229,99 K
hbetmon.dll Tue 2005–11–22 20:26:54 ..S.R 235 516 229,99 K
jt0207~1.dll Tue 2005–11–22 20:25:06 ..S.R 236 743 231,19 K
msssc.dll Sun 2005–11–13 12:38:34 A.... 44 0,04 K
msupda~1.dll Tue 2005–11–22 20:37:22 A.... 33 280 32,50 K
nv4_disp.dll Mon 2005–10–10 21:49:00 A.... 3 921 024 3,74 M
nvapi.dll Mon 2005–10–10 21:49:00 A.... 45 056 44,00 K
nvcod.dll Mon 2005–10–10 21:49:00 A.... 34 304 33,50 K
nvcodins.dll Mon 2005–10–10 21:49:00 A.... 34 304 33,50 K
nvcpl.dll Mon 2005–10–10 21:49:00 A.... 7 286 784 6,95 M
nvhwvid.dll Mon 2005–10–10 21:49:00 A.... 573 440 560,00 K
nview.dll Mon 2005–10–10 21:49:00 A.... 1 466 368 1,40 M
nvmccs.dll Mon 2005–10–10 21:49:00 A.... 229 376 224,00 K
nvmccsrs.dll Mon 2005–10–10 21:49:00 A.... 45 056 44,00 K
nvmctray.dll Mon 2005–10–10 21:49:00 A.... 86 016 84,00 K
nvnt4cpl.dll Mon 2005–10–10 21:49:00 A.... 286 720 280,00 K
nvoglnt.dll Mon 2005–10–10 21:49:00 A.... 5 378 048 5,13 M
nvshell.dll Mon 2005–10–10 21:49:00 A.... 466 944 456,00 K
nvwddi.dll Mon 2005–10–10 21:49:00 A.... 81 920 80,00 K
nvwdmcpl.dll Mon 2005–10–10 21:49:00 A.... 1 662 976 1,59 M
nvwimg.dll Mon 2005–10–10 21:49:00 A.... 1 019 904 996,00 K
rmoc3260.dll Sat 2005–09–10 6:17:44 A.... 176 167 172,04 K
wifbvm50.dll Sun 2005–11–20 21:27:24 A.... 45 056 44,00 K
28 items found: 28 files (5 H/S), 0 directories.
Total of file sizes: 24 227 726 bytes 23,10 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
guard.tmp Tue 2005–11–22 20:27:04 A.... 235 874 230,34 K
1 item found: 1 file, 0 directories.
Total of file sizes: 235 874 bytes 230,34 K
**********************************************************************************
Directory Listing of system files:
Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: 34FA–D056
Katalog: C:\WINDOWS\System32
2005–11–22 20:26 235516 hbetmon.dll
2005–11–22 20:25 236743 jt0207doe.dll
2005–11–22 20:23 235516 f6j20g1oe6.dll
2005–11–22 19:03 235516 gau32.dll
2005–11–22 00:15 235516 enpsl1771.dll
2005–11–19 14:14 dllcache
2005–11–13 13:19 Microsoft
1999–09–30 19:21 166672 mstext35.dll
1999–09–28 21:42 1050896 msjet35.dll
1999–09–09 22:06 252688 msexcl35.dll
1999–09–09 22:06 168720 msltus35.dll
1999–08–25 14:57 415504 msrepl35.dll
1999–06–10 09:34 123664 msjint35.dll
1999–06–10 09:34 24848 msjter35.dll
1999–06–07 18:59 250128 mspdox35.dll
1999–04–25 17:00 287504 Msxbse35.dll
1999–04–25 17:00 368912 Vbar332.dll
1999–04–25 17:00 252176 Msrd2x35.dll
16 plik(w) 4540519 bajtw
2 katalog(w) 30333751296 bajtw wolnych
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate]
"DllName"="msupdate32.dll"
"Startup"="WinlogonStartupEvent"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\f6j20g1oe6.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
RegDACL 5.1 – Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999–2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access ZARZDZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZDZANIE NT\SYSTEM
(NI) ALLOW Full access ZARZDZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–CI) DENY ––C––––––– BUILTIN\Administratorzy
(ID–NI) ALLOW Read BUILTIN\Uytkownicy
(ID–IO) ALLOW Read BUILTIN\Uytkownicy
(ID–NI) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–IO) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–NI) ALLOW Full access BUILTIN\Administratorzy
(ID–IO) ALLOW Full access BUILTIN\Administratorzy
(ID–NI) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access TWRCA–WACICIEL
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D37B5833–146D–25D9–682E–5F7AEB117F26}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613–0000–0000–C000–000000000046}"="Karta waciwoci pliku multimedialnego"
"{176d6597–26d3–11d1–b350–080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40–9550–11CE–99D2–00AA006E086C}"="Strona zabezpiecze NTFS"
"{3EA48300–8CF6–101B–84FB–666CCB9BCD32}"="Strona waciwoci OLE Docfile"
"{40dd6e20–7c17–11ce–a804–00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasobw"
"{41E300E0–78B6–11ce–849B–444553540000}"="PlusPack CPL Extension"
"{42071712–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"
"{42071714–76d4–11d1–8b24–00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"
"{4E40F770–369C–11d0–8922–00A024AB2DBB}"="Strona zabezpiecze usugi DS"
"{513D916F–2A8E–4F51–AEAB–0CBC76FB1AF8}"="Strona zgodnoci"
"{56117100–C0CD–101B–81E2–00AA004AE837}"="Program obsugi danych wycinkowych powoki"
"{59099400–57FF–11CE–BD94–0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990–f85c–11ce–aff7–00aa003ca9f6}"="Rozszerzenia powoki dla obiektw Microsoft Windows Network"
"{5DB2625A–54DF–11D0–B6C4–0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E–4C4D–11D0–B6C1–0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1–F219–11ce–972D–00AA00A14F56}"="Rozszerzenia powoki dla kompresji plikw"
"{77597368–7b15–11d0–a0c2–080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"
"{7988B573–EC89–11cf–9C00–00AA00A14F56}"="Disk Quota UI"
"{853FE2B1–B769–11d0–9C4E–00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920–42A0–1069–A2E4–08002B30309D}"="Aktwka"
"{88895560–9AA2–1069–930E–00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380–8CA2–1069–AB1D–08000948F534}"="Fonts"
"{DBCE2480–C732–101B–BE72–BA78E9AD5B27}"="Profil ICC"
"{F37C5810–4D3F–11d0–B4BF–00AA00BBB723}"="Strona zabezpiecze drukarek"
"{f81e9010–6ea4–11ce–a7ff–00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasobw"
"{f92e8c40–3d33–11d2–b1aa–080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717–39BF–11D1–8CD9–00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719–39BF–11D1–8CD9–00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7–3202–11D1–AAD2–00805FC1270E}"="PoĄczenia sieciowe"
"{992CFFA0–F557–101A–88EC–00DD010CCC48}"="PoĄczenia sieciowe"
"{E211B736–43FD–11D1–9EFB–0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A–6C50–11D1–9F1D–0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa–acd6–11d2–8080–00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603–1008–4f6e–A73A–04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3–b28a–4919–a5aa–73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790–D56E–4445–850E–4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514–6C5E–4d60–8F16–D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5–953B–11CF–8C96–00AA00B8708C}"="Rozszerzenia powoki dla hosta skryptw systemu Windows"
"{2206CDB2–19C1–11D1–89E0–00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0–9EEF–11cf–8D8E–00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90–9EDD–11cf–8D8E–00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990–4C6A–11CF–8D87–00AA0060F5BF}"="Zaplanowane zadania"
"{0DF44EAA–FF21–4412–828E–260A8728E7F1}"="Pasek zada i menu Start"
"{2559a1f0–21d7–11d4–bdaf–00c04f60b9f0}"="Wyszukaj"
"{2559a1f1–21d7–11d4–bdaf–00c04f60b9f0}"="Pomoc i obsuga techniczna"
"{2559a1f2–21d7–11d4–bdaf–00c04f60b9f0}"="Pomoc i obsuga techniczna"
"{2559a1f3–21d7–11d4–bdaf–00c04f60b9f0}"="Uruchom..."
"{2559a1f4–21d7–11d4–bdaf–00c04f60b9f0}"="Internet"
"{2559a1f5–21d7–11d4–bdaf–00c04f60b9f0}"="E–mail"
"{D20EA4E1–3957–11d2–A40B–0C5020524152}"="Czcionki"
"{D20EA4E1–3957–11d2–A40B–0C5020524153}"="Narz©dzia administracyjne"
"{875CB1A1–0F29–45de–A1AE–CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757–D6E4–4b49–BB41–0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D–D390–480b–92FD–7DDB47101D71}"="Wav Properties Handler"
"{87D62D94–71B3–4b9a–9489–5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45–6E44–43f9–8644–08598F5A74D9}"="Midi Properties Handler"
"{c5a40261–cd64–4ccf–84cb–c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780–7743–11CF–A12B–00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"
"{22BF0C20–6DA7–11D0–B373–00A0C9034938}"="Stan pobierania"
"{91EA3F8B–C99B–11d0–9815–00C04FD91972}"="Folder powoki zwi©kszonej"
"{6413BA2C–B461–11d1–A18A–080036B11A03}"="Folder powoki zwi©kszonej 2"
"{F61FFEC1–754F–11d0–80CA–00AA005B4383}"="BandProxy"
"{7BA4C742–9E81–11CF–99D3–00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401–6A81–11d0–8274–00C04FD5AE38}"="Pasek wyszukiwania"
"{32683183–48a0–441b–a342–7c2a440a9478}"="Pasek multimediw"
"{169A0691–8DF9–11d1–A1C4–00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131–AF23–11d1–9111–00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510–F982–11d0–8595–00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"
"{01E04581–4EEE–11d0–BFE9–00AA005B4383}"="&Adres"
"{A08C11D2–A228–11d0–825B–00AA005B4383}"="Pole edycji adresu"
"{00BB2763–6A77–11D0–A535–00C04FD7D062}"="Autouzupenianie Microsoft"
"{7376D660–C583–11d0–A3A5–00C04FD706EC}"="Wyodr©bnianie obrazw Trident"
"{6756A641–DE71–11d0–831B–00AA005B4383}"="Lista autouzupeniania MRU"
"{6935DB93–21E8–4ccc–BEB9–9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"
"{7e653215–fa25–46bd–a339–34a2790f3cb7}"="Dost©pny"
"{acf35015–526e–4230–9596–becbe19f0ac9}"="Pasek podr©czny ledzenia"
"{E0E11A09–5CB8–4B6C–8332–E00720A168F2}"="Analizator paska adresu"
"{00BB2764–6A77–11D0–A535–00C04FD7D062}"="Lista autouzupeniania historii Microsoft"
"{03C036F1–A186–11D0–824A–00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"
"{00BB2765–6A77–11D0–A535–00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"
"{ECD4FC4E–521C–11D0–B792–00A0C90312E1}"="Menu witryny paska powoki"
"{3CCF8A41–5C85–11d0–9796–00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C–521C–11D0–B792–00A0C90312E1}"="Pasek pulpitu powoki"
"{ECD4FC4D–521C–11D0–B792–00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04–FEFF–11d1–8ECD–0000F87A470C}"="Pomoc dla uytkownika"
"{EF8AD2D1–AE36–11D1–B2D2–006097DF8C11}"="Globalne ustawienia folderw"
"{EFA24E61–B078–11d0–89E4–00C04FC9E26E}"="Favorites Band"
"{0A89A860–D7B1–11CE–8350–444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40–E76A–11CE–A9BB–00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A–8849–11D1–9D8C–00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40–E3F0–101B–8488–00AA003E56F8}"="InternetShortcut"
"{3C374A40–BAE4–11CF–BF7D–00AA006946EE}"="Microsoft Url History Service"
"{FF393560–C2A7–11CF–BFF4–444553540000}"="Historia"
"{7BD29E00–76C1–11CF–9DD0–00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01–76C1–11CF–9DD0–00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00–17A6–11D0–99CB–00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40–CC59–11d0–A3A5–00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0–CCEF–11d0–8024–00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951–7F78–11D0–A979–00C04FD705A2}"="ISFBand OC"
"{9461b922–3c5a–11d2–bf8b–00c04fb93661}"="Search Assistant OC"
"{3DC7A020–0ACD–11CF–A9BB–00AA004AE837}"="Internet"
"{871C5380–42A0–1069–A2EA–08002B30309D}"="Internet Name Space"
"{EFA24E64–B078–11d0–89E4–00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60–C50F–11CF–9A2C–00A0C90A90CE}"="Sendmail service"
"{9E56BE61–C50F–11CF–9A2C–00A0C90A90CE}"="Sendmail service"
"{88C6C381–2E85–11D0–94DE–444553540000}"="Folder pami©ci podr©cznej ActiveX"
"{E6FB5E20–DE35–11CF–9C87–00AA005127ED}"="WebCheck"
"{ABBE31D0–6DAE–11D0–BECA–00C04FD940BE}"="Subscription Mgr"
"{F5175861–2688–11d0–9C5E–00AA00A45957}"="Folder subskrypcji"
"{08165EA0–E946–11CF–9C87–00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6–ABCE–11d0–BC4B–00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0–6B4E–11d0–92DB–00A0C90C2BD7}"="TrayAgent"
"{7D559C10–9FE9–11d0–93F7–00AA0059CE02}"="Code Download Agent"
"{E6CC6978–6B6E–11D0–BECA–00C04FD940BE}"="ConnectionAgent"
"{D8BD2030–6FC9–11D0–864F–00AA006809D9}"="PostAgent"
"{7FC0B86E–5FA7–11d1–BC7C–00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7–8B9A–11D1–B8AE–006008059382}"="Meneder aplikacji powoki"
"{0B124F8F–91F0–11D1–B8B5–006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0–A282–11D1–9082–006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c–1d6a–45f6–b725–cb260c236066}"="Shell Image Verbs"
"{66e4e4fb–f385–4dd0–8d74–a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968–480A–4C6C–862D–EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plikw"
"{9DBD2C50–62AD–11d0–B806–00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"
"{EAB841A0–9550–11cf–8C16–00805F1408F3}"="Wyodr©bnianie miniatur HTML"
"{eb9b1153–3b57–4e68–959a–a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB–43F6–46c5–9619–51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8–751a–4579–a266–d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c–76a5–4b6c–bf21–45de9cd503a1}"="Obiekt powoki kreatora publikacji"
"{58f1f272–9240–4f51–b6d4–fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"
"{7A9D77BD–5403–11d2–8785–2E0420524153}"="Konta uytkownikw"
"{BD472F60–27FA–11cf–B8B4–444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60–FC0A–11CF–8F0F–00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0–9cc8–11d0–a599–00c04fd64433}"="Plik kanau"
"{f3aa0dc0–9cc8–11d0–a599–00c04fd64434}"="Skrt kanau"
"{f3ba0dc0–9cc8–11d0–a599–00c04fd64435}"="Obiekt obsugi kanau"
"{f3da0dc0–9cc8–11d0–a599–00c04fd64437}"="Channel Menu"
"{f3ea0dc0–9cc8–11d0–a599–00c04fd64438}"="Channel Properties"
"{63da6ec0–2e98–11cf–8d82–444553540000}"="FTP Folders Webview"
"{883373C3–BF89–11D1–BE35–080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE–901A–4739–A481–E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210–FD1F–4B19–91DA–67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC–4362–4A12–850B–86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57–2567–4A2C–B881–F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC–BBB3–4D9B–B177–82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E–31C2–11d0–891C–00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0–6E0F–11d2–9601–00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20–2ABC–11d0–88F0–00A024AB2DBB}"="Directory Object Find"
"{F020E586–5264–11d1–A532–0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530–764B–11d0–A1CA–00AA00C16E65}"="Directory Property UI"
"{62AE1F9A–126A–11D0–A14B–0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33–103D–11d2–854D–006008059367}"="MyDocs Copy Hook"
"{ECF03A32–103D–11d2–854D–006008059367}"="MyDocs Drop Target"
"{4a7ded0a–ad25–11d0–98a8–0800361b1103}"="MyDocs Properties"
"{750fdf0e–2a26–11d1–a3ea–080036587f03}"="Offline Files Menu"
"{10CFC467–4392–11d2–8DB4–00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70–2A4C–11d2–9039–00C04F8EEB3E}"="Folder plikw trybu offline"
"{143A62C8–C33B–11D1–84FE–00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543–45CC–11CE–B9BF–0080C87CDBA6}"="DfsShell"
"{60fd46de–f830–4894–a628–6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8–8005–11D2–BCF8–00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0–9F37–11CE–AE65–08002B2E1262}"=".CAB file viewer"
"{32714800–2E5F–11d0–8B85–00AA0044F941}"="&Do osb..."
"{8DD448E6–C188–4aed–AF92–44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1–02AE–4a5f–A6E9–D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F–E9DC–4e68–9D7E–42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A–BF00–412C–90B7–034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}"="Play on my TV helper"
"{1CDB2949–8F65–4355–8456–263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}"="WinRAR shell extension"
"{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}"=""
"{006598A4–919A–4BB5–B45C–B6D950FB7E21}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}\Implemented Categories\{00021492–0000–0000–C000–000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F80AAD6B–BA79–442E–80AC–C94CEEBC727A}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{006598A4–919A–4BB5–B45C–B6D950FB7E21}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{006598A4–919A–4BB5–B45C–B6D950FB7E21}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{006598A4–919A–4BB5–B45C–B6D950FB7E21}\Implemented Categories\{00021492–0000–0000–C000–000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{006598A4–919A–4BB5–B45C–B6D950FB7E21}\InprocServer32]
@="C:\\WINDOWS\\system32\\hbetmon.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
chip.dll Mon 2005–11–14 18:42:32 A.... 34 308 33,50 K
cmdlin~1.dll Sun 2005–11–20 18:47:10 A.... 98 304 96,00 K
cmdlin~2.dll Sun 2005–11–20 16:48:56 A.... 43 520 42,50 K
enpsl1~1.dll Tue 2005–11–22 0:15:34 ..S.R 235 516 229,99 K
f6j20g~1.dll Tue 2005–11–22 20:23:42 ..S.R 235 516 229,99 K
gau32.dll Tue 2005–11–22 19:03:42 ..S.R 235 516 229,99 K
hbetmon.dll Tue 2005–11–22 20:26:54 ..S.R 235 516 229,99 K
jt0207~1.dll Tue 2005–11–22 20:25:06 ..S.R 236 743 231,19 K
msssc.dll Sun 2005–11–13 12:38:34 A.... 44 0,04 K
msupda~1.dll Tue 2005–11–22 20:37:22 A.... 33 280 32,50 K
nv4_disp.dll Mon 2005–10–10 21:49:00 A.... 3 921 024 3,74 M
nvapi.dll Mon 2005–10–10 21:49:00 A.... 45 056 44,00 K
nvcod.dll Mon 2005–10–10 21:49:00 A.... 34 304 33,50 K
nvcodins.dll Mon 2005–10–10 21:49:00 A.... 34 304 33,50 K
nvcpl.dll Mon 2005–10–10 21:49:00 A.... 7 286 784 6,95 M
nvhwvid.dll Mon 2005–10–10 21:49:00 A.... 573 440 560,00 K
nview.dll Mon 2005–10–10 21:49:00 A.... 1 466 368 1,40 M
nvmccs.dll Mon 2005–10–10 21:49:00 A.... 229 376 224,00 K
nvmccsrs.dll Mon 2005–10–10 21:49:00 A.... 45 056 44,00 K
nvmctray.dll Mon 2005–10–10 21:49:00 A.... 86 016 84,00 K
nvnt4cpl.dll Mon 2005–10–10 21:49:00 A.... 286 720 280,00 K
nvoglnt.dll Mon 2005–10–10 21:49:00 A.... 5 378 048 5,13 M
nvshell.dll Mon 2005–10–10 21:49:00 A.... 466 944 456,00 K
nvwddi.dll Mon 2005–10–10 21:49:00 A.... 81 920 80,00 K
nvwdmcpl.dll Mon 2005–10–10 21:49:00 A.... 1 662 976 1,59 M
nvwimg.dll Mon 2005–10–10 21:49:00 A.... 1 019 904 996,00 K
rmoc3260.dll Sat 2005–09–10 6:17:44 A.... 176 167 172,04 K
wifbvm50.dll Sun 2005–11–20 21:27:24 A.... 45 056 44,00 K
28 items found: 28 files (5 H/S), 0 directories.
Total of file sizes: 24 227 726 bytes 23,10 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
guard.tmp Tue 2005–11–22 20:27:04 A.... 235 874 230,34 K
1 item found: 1 file, 0 directories.
Total of file sizes: 235 874 bytes 230,34 K
**********************************************************************************
Directory Listing of system files:
Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: 34FA–D056
Katalog: C:\WINDOWS\System32
2005–11–22 20:26 235516 hbetmon.dll
2005–11–22 20:25 236743 jt0207doe.dll
2005–11–22 20:23 235516 f6j20g1oe6.dll
2005–11–22 19:03 235516 gau32.dll
2005–11–22 00:15 235516 enpsl1771.dll
2005–11–19 14:14 dllcache
2005–11–13 13:19 Microsoft
1999–09–30 19:21 166672 mstext35.dll
1999–09–28 21:42 1050896 msjet35.dll
1999–09–09 22:06 252688 msexcl35.dll
1999–09–09 22:06 168720 msltus35.dll
1999–08–25 14:57 415504 msrepl35.dll
1999–06–10 09:34 123664 msjint35.dll
1999–06–10 09:34 24848 msjter35.dll
1999–06–07 18:59 250128 mspdox35.dll
1999–04–25 17:00 287504 Msxbse35.dll
1999–04–25 17:00 368912 Vbar332.dll
1999–04–25 17:00 252176 Msrd2x35.dll
16 plik(w) 4540519 bajtw
2 katalog(w) 30333751296 bajtw wolnych
Strona 1 / 1