Bardzo proszę o sprawdzenie loga


(Wieliczka Marcin) #1

Mam problem z wyskakującym cały czas reklamami i okienkami nawet gdy nie używam komputera wyskakują aa to jest bardzo denerwujące daltego też proszę o sprawdzenie mojego loga z góry dziękówa =]

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5


(Kacz2n) #2

Fix w hijacku i plik usuń.

Usuwanie Look2Me dla WinXP zobacz

TU i wklej log z narzędzia l2mfix z opcji 1.


(Gutek) #3

nowa mutacja wiec prosze o log- i z"

Silenta - Silent opis: http://www.searchengines.pl/phpbb203/in ... opic=15989

oraz:

Find-Qoologic rozpakuj i uruchom Find-Qoologic.bat , pokaze sie taki screen:

qoologic.png

i wpisz w nim z klawiatury 1 i potwierdź za pomocą ENTER-em. I jak będzie log wklej


(Wieliczka Marcin) #4

Wielkie dzięki! !!


(Gutek) #5

O co ja porosiłem????? Gdzie log-i :slight_smile:


(Wieliczka Marcin) #6

Nie zajażyłem =D

Więc pierwszy log zapsisany w pliku "report.txt" ( jeśli o to chodziło :P) to :

L2MFIX find log 010406

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\azaol5h31.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"


**********************************************************************************

useragent:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{AE1CB608-D664-B73A-9F53-23EA27738073}"=""


**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Karta waciwoci pliku multimedialnego"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona waciwoci OLE Docfile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usugi DS"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodnoci"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsugi danych wycinkowych powoki"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powoki dla kompresji plik˘w"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoĄczenia sieciowe"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoĄczenia sieciowe"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powoki dla hosta skrypt˘w systemu Windows"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"

"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"

"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Strona waciwoci Poprzednie wersje"

"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Poprzednie wersje"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powoki zwi©kszonej"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powoki zwi©kszonej 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupenianie Microsoft"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeniania MRU"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ledzenia"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeniania historii Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powoki"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powoki"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powoki"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powoki kreatora publikacji"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanau"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanau"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsugi kanau"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"

"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Eksplorator pulpit˘w"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"

"{571C9F2E-006A-4A70-B495-0B01DA1FFD6F}"=""

"{7804DAFB-9096-4018-A0EA-C34B229A1548}"=""


**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\CLSID\{571C9F2E-006A-4A70-B495-0B01DA1FFD6F}]

@=""


[HKEY_CLASSES_ROOT\CLSID\{571C9F2E-006A-4A70-B495-0B01DA1FFD6F}\Implemented Categories]

@=""


[HKEY_CLASSES_ROOT\CLSID\{571C9F2E-006A-4A70-B495-0B01DA1FFD6F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""


[HKEY_CLASSES_ROOT\CLSID\{571C9F2E-006A-4A70-B495-0B01DA1FFD6F}\InprocServer32]

@="C:\\WINDOWS\\system32\\nisdexts.dll"

"ThreadingModel"="Apartment"


Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\CLSID\{7804DAFB-9096-4018-A0EA-C34B229A1548}]

@=""


[HKEY_CLASSES_ROOT\CLSID\{7804DAFB-9096-4018-A0EA-C34B229A1548}\Implemented Categories]

@=""


[HKEY_CLASSES_ROOT\CLSID\{7804DAFB-9096-4018-A0EA-C34B229A1548}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""


[HKEY_CLASSES_ROOT\CLSID\{7804DAFB-9096-4018-A0EA-C34B229A1548}\InprocServer32]

@="C:\\WINDOWS\\system32\\WWV9VCM.dll"

"ThreadingModel"="Apartment"


**********************************************************************************

Files Found are not all bad files:


C:\WINDOWS\SYSTEM32\

   arcaon~1.dll Fri 2005-12-16 9:43:02 A.... 630 784 616,00 K

   azaol5~1.dll Sat 2006-01-21 13:51:40 ..S.R 235 560 230,04 K

   bassmod.dll Mon 2005-12-26 21:25:26 A.... 34 308 33,50 K

   browseui.dll Thu 2005-11-24 1:39:20 A.... 1 022 464 998,50 K

   cpuinf32.dll Thu 2006-01-12 14:06:06 A.... 9 216 9,00 K

   danim.dll Sat 2005-11-05 4:18:02 A.... 1 055 744 1,00 M

   divx.dll Thu 2006-01-12 14:04:52 A.... 609 280 595,00 K

   dlband.dll Tue 2006-01-03 14:51:50 ..S.R 235 944 230,41 K

   dqwsock.dll Tue 2006-01-10 11:44:14 ..S.R 236 108 230,57 K

   en00l1~1.dll Sat 2006-01-21 19:31:46 ..S.R 236 561 231,02 K

   en68l1~1.dll Fri 2006-01-13 21:25:10 ..S.R 234 178 228,69 K

   enjml1~1.dll Sat 2006-01-07 17:29:36 ..S.R 233 803 228,32 K

   fvcfg.dll Tue 2006-01-17 13:10:08 ..S.R 237 322 231,76 K

   g4jo0e~1.dll Thu 2006-01-05 12:30:58 ..S.R 235 555 230,03 K

   gdi32.dll Thu 2005-12-29 3:56:06 A.... 280 064 273,50 K

   gp82l3~1.dll Sat 2006-01-14 11:04:46 ..S.R 234 061 228,57 K

   hr0205~1.dll Sat 2006-01-07 12:03:02 ..S.R 236 033 230,50 K

   hr8405~1.dll Sun 2006-01-08 14:25:52 ..S.R 234 640 229,14 K

   ihsecsnp.dll Sat 2006-01-14 13:20:12 ..S.R 236 299 230,76 K

   ir4ol5~1.dll Thu 2006-01-12 9:58:54 ..S.R 233 920 228,44 K

   ir50_32.dll Fri 2006-01-20 15:43:56 A.... 755 200 737,50 K

   irrql5~1.dll Sun 2006-01-15 10:53:50 ..S.R 234 976 229,47 K

   jtnm07~1.dll Mon 2006-01-16 18:40:28 ..S.R 233 326 227,86 K

   k2pmlc~1.dll Tue 2006-01-10 11:44:14 ..S.R 237 280 231,72 K

   kqmfg.dll Tue 2006-01-03 12:36:04 A.... 24 064 23,50 K

   kt6sl7~1.dll Mon 2006-01-16 15:14:26 ..S.R 234 131 228,64 K

   ktlsl7~1.dll Tue 2006-01-03 13:41:14 ..S.R 236 009 230,48 K

   ktp8l7~1.dll Tue 2006-01-17 22:00:08 ..S.R 237 322 231,76 K

   l4r00e~1.dll Sun 2006-01-08 13:45:56 ..S.R 234 249 228,76 K

   l88m0i~1.dll Sat 2006-01-21 19:15:02 ..S.R 235 748 230,22 K

   lv6u09~1.dll Wed 2006-01-18 9:59:50 ..S.R 237 196 231,64 K

   mplvpx.dll Thu 2006-01-12 14:06:46 A.... 245 760 240,00 K

   mqftedit.dll Wed 2006-01-04 15:40:22 ..S.R 237 088 231,53 K

   mshtml.dll Thu 2005-11-24 1:39:22 A.... 3 013 632 2,87 M

   mv8ml9~1.dll Sat 2006-01-21 15:29:14 ..S.R 236 749 231,20 K

   n46qle~1.dll Tue 2006-01-10 21:13:38 ..S.R 234 030 228,54 K

   ncwrsel.dll Tue 2006-01-03 13:52:14 ..S.R 236 009 230,48 K

   nisdexts.dll Fri 2006-01-20 15:30:36 ..S.R 237 196 231,64 K

   o4480e~1.dll Thu 2006-01-12 23:21:46 ..S.R 236 518 230,97 K

   o6840g~1.dll Tue 2006-01-10 16:54:52 ..S.R 236 594 231,05 K

   ogg.dll Thu 2006-01-12 14:09:04 A.... 45 056 44,00 K

   oggds.dll Thu 2006-01-12 14:10:42 A.... 237 568 232,00 K

   q068la~1.dll Tue 2006-01-03 19:40:14 ..S.R 234 178 228,69 K

   shdocvw.dll Thu 2005-12-01 4:34:28 A.... 1 492 480 1,42 M

   stfolder.dll Tue 2006-01-03 21:38:44 ..S.R 234 178 228,69 K

   svardssp.dll Tue 2006-01-03 19:40:14 ..S.R 235 944 230,41 K

   t2r80c~1.dll Fri 2006-01-20 22:39:36 ..S.R 237 196 231,64 K

   t2r8lc~1.dll Sat 2006-01-21 19:24:38 ..S.R 234 194 228,70 K

   t68u0g~1.dll Tue 2006-01-10 16:59:52 ..S.R 236 108 230,57 K

   urlmon.dll Sat 2005-11-05 4:18:08 A.... 605 184 591,00 K

   vorbis.dll Thu 2006-01-12 14:09:16 A.... 188 416 184,00 K

   vorbis~1.dll Thu 2006-01-12 14:10:24 A.... 921 600 900,00 K

   wmv9vcm.dll Thu 2006-01-12 14:08:58 A.... 1 415 680 1,35 M

   wsp.dll Fri 2006-01-13 21:25:10 ..S.R 236 299 230,76 K

   wwv9vcm.dll Sat 2006-01-21 19:31:46 ..S.R 235 560 230,04 K

   xvid.dll Thu 2006-01-12 14:01:36 A.... 626 688 612,00 K

   xvidcore.dll Thu 2006-01-12 14:03:02 A.... 675 840 660,00 K

   xvidvfw.dll Thu 2006-01-12 14:03:28 A.... 155 648 152,00 K


58 items found: 58 files (37 H/S), 0 directories.

   Total of file sizes: 22 762 738 bytes 21,71 M

Locate .tmp files:


No matches found.

**********************************************************************************

Directory Listing of system files:

 Wolumin w stacji C nie ma etykiety.

 Numer seryjny woluminu: E887-EE8F


 Katalog: C:\WINDOWS\System32


2006-01-21 20:22    




A drugi zapisany w "log.txt" to:

[code]L2mfix 010406 Creating Account. Polecenie zostao wykonane pomylnie. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 484 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 584 'winlogon.exe' Killing PID 584 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1676 'explorer.exe' Killing PID 1676 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1324 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administratorzy ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Liczba skopiowanych plik˘w: 1. Deleting: C:\WINDOWS\system32\azaol5h31.dll Successfully Deleted: C:\WINDOWS\system32\azaol5h31.dll Deleting: C:\WINDOWS\system32\dlband.dll Successfully Deleted: C:\WINDOWS\system32\dlband.dll Deleting: C:\WINDOWS\system32\dqwsock.dll Successfully Deleted: C:\WINDOWS\system32\dqwsock.dll Deleting: C:\WINDOWS\system32\en00l1dm1.dll Successfully Deleted: C:\WINDOWS\system32\en00l1dm1.dll Deleting: C:\WINDOWS\system32\en68l1ju1.dll Successfully Deleted: C:\WINDOWS\system32\en68l1ju1.dll Deleting: C:\WINDOWS\system32\enjml1111.dll Successfully Deleted: C:\WINDOWS\system32\enjml1111.dll Deleting: C:\WINDOWS\system32\fvcfg.dll Successfully Deleted: C:\WINDOWS\system32\fvcfg.dll Deleting: C:\WINDOWS\system32\g4jo0e13eh.dll Successfully Deleted: C:\WINDOWS\system32\g4jo0e13eh.dll Deleting: C:\WINDOWS\system32\gp82l3lo1.dll Successfully Deleted: C:\WINDOWS\system32\gp82l3lo1.dll Deleting: C:\WINDOWS\system32\hr0205doe.dll Successfully Deleted: C:\WINDOWS\system32\hr0205doe.dll Deleting: C:\WINDOWS\system32\hr8405lqe.dll Successfully Deleted: C:\WINDOWS\system32\hr8405lqe.dll Deleting: C:\WINDOWS\system32\ihsecsnp.dll Successfully Deleted: C:\WINDOWS\system32\ihsecsnp.dll Deleting: C:\WINDOWS\system32\ir4ol5h31.dll Successfully Deleted: C:\WINDOWS\system32\ir4ol5h31.dll Deleting: C:\WINDOWS\system32\irrql5951.dll Successfully Deleted: C:\WINDOWS\system32\irrql5951.dll Deleting: C:\WINDOWS\system32\jtnm0751e.dll Successfully Deleted: C:\WINDOWS\system32\jtnm0751e.dll Deleting: C:\WINDOWS\system32\k2pmlc711f.dll Successfully Deleted: C:\WINDOWS\system32\k2pmlc711f.dll Deleting: C:\WINDOWS\system32\kt6sl7j71.dll Successfully Deleted: C:\WINDOWS\system32\kt6sl7j71.dll Deleting: C:\WINDOWS\system32\ktlsl7371.dll Successfully Deleted: C:\WINDOWS\system32\ktlsl7371.dll Deleting: C:\WINDOWS\system32\ktp8l77u1.dll Successfully Deleted: C:\WINDOWS\system32\ktp8l77u1.dll Deleting: C:\WINDOWS\system32\l4r00e9meh.dll Successfully Deleted: C:\WINDOWS\system32\l4r00e9meh.dll Deleting: C:\WINDOWS\system32\l88m0il1e8q.dll Successfully Deleted: C:\WINDOWS\system32\l88m0il1e8q.dll Deleting: C:\WINDOWS\system32\lv6u09j9e.dll Successfully Deleted: C:\WINDOWS\system32\lv6u09j9e.dll Deleting: C:\WINDOWS\system32\mqftedit.dll Successfully Deleted: C:\WINDOWS\system32\mqftedit.dll Deleting: C:\WINDOWS\system32\mv8ml9l11.dll Successfully Deleted: C:\WINDOWS\system32\mv8ml9l11.dll Deleting: C:\WINDOWS\system32\n46qlej51ho.dll Successfully Deleted: C:\WINDOWS\system32\n46qlej51ho.dll Deleting: C:\WINDOWS\system32\ncwrsel.dll Successfully Deleted: C:\WINDOWS\system32\ncwrsel.dll Deleting: C:\WINDOWS\system32\nisdexts.dll Successfully Deleted: C:\WINDOWS\system32\nisdexts.dll Deleting: C:\WINDOWS\system32\o4480ehueh480.dll Successfully Deleted: C:\WINDOWS\system32\o4480ehueh480.dll Deleting: C:\WINDOWS\system32\o6840glqe6qe0.dll Successfully Deleted: C:\WINDOWS\system32\o6840glqe6qe0.dll Deleting: C:\WINDOWS\system32\q068laju1do8.dll Successfully Deleted: C:\WINDOWS\system32\q068laju1do8.dll Deleting: C:\WINDOWS\system32\stfolder.dll Successfully Deleted: C:\WINDOWS\system32\stfolder.dll Deleting: C:\WINDOWS\system32\svardssp.dll Successfully Deleted: C:\WINDOWS\system32\svardssp.dll Deleting: C:\WINDOWS\system32\t2r80c9uef.dll Successfully Deleted: C:\WINDOWS\system32\t2r80c9uef.dll Deleting: C:\WINDOWS\system32\t2r8lc9u1f.dll Successfully Deleted: C:\WINDOWS\system32\t2r8lc9u1f.dll Deleting: C:\WINDOWS\system32\t68u0gl9e6q.dll Successfully Deleted: C:\WINDOWS\system32\t68u0gl9e6q.dll Deleting: C:\WINDOWS\system32\wsp.dll Successfully Deleted: C:\WINDOWS\system32\wsp.dll Deleting: C:\WINDOWS\system32\WWV9VCM.dll Successfully Deleted: C:\WINDOWS\system32\WWV9VCM.dll msg11?.dll Liczba skopiowanych plik˘w: 0. Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY\_LOCAL\_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY\_LOCAL\_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup] "Asynchronous"=dword:00000000 "DllName"="C:\WINDOWS\system32\azaol5h31.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\azaol5h31.dll C:\WINDOWS\system32\dlband.dll C:\WINDOWS\system32\dqwsock.dll C:\WINDOWS\system32\en00l1dm1.dll C:\WINDOWS\system32\en68l1ju1.dll C:\WINDOWS\system32\enjml1111.dll C:\WINDOWS\system32\fvcfg.dll C:\WINDOWS\system32\g4jo0e13eh.dll C:\WINDOWS\system32\gp82l3lo1.dll C:\WINDOWS\system32\hr0205doe.dll C:\WINDOWS\system32\hr8405lqe.dll C:\WINDOWS\system32\ihsecsnp.dll C:\WINDOWS\system32\ir4ol5h31.dll C:\WINDOWS\system32\irrql5951.dll C:\WINDOWS\system32\jtnm0751e.dll C:\WINDOWS\system32\k2pmlc711f.dll C:\WINDOWS\system32\kt6sl7j71.dll C:\WINDOWS\system32\ktlsl7371.dll C:\WINDOWS\system32\ktp8l77u1.dll C:\WINDOWS\system32\l4r00e9meh.dll C:\WINDOWS\system32\l88m0il1e8q.dll C:\WINDOWS\system32\lv6u09j9e.dll C:\WINDOWS\system32\mqftedit.dll C:\WINDOWS\system32\mv8ml9l11.dll C:\WINDOWS\system32\n46qlej51ho.dll C:\WINDOWS\system32\ncwrsel.dll C:\WINDOWS\system32\nisdexts.dll C:\WINDOWS\system32\o4480ehueh480.dll C:\WINDOWS\system32\o6840glqe6qe0.dll C:\WINDOWS\system32\q068laju1do8.dll C:\WINDOWS\system32\stfolder.dll C:\WINDOWS\system32\svardssp.dll C:\WINDOWS\system32\t2r80c9uef.dll C:\WINDOWS\system32\t2r8lc9u1f.dll C:\WINDOWS\system32\t68u0gl9e6q.dll C:\WINDOWS\system32\wsp.dll C:\WINDOWS\system32\WWV9VCM.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{571C9F2E-006A-4A70-B495-0B01DA1FFD6F}] @="" [HKEY_CLASSES_ROOT\CLSID{571C9F2E-006A-4A70-B495-0B01DA1FFD6F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{571C9F2E-006A-4A70-B495-0B01DA1FFD6F}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{571C9F2E-006A-4A70-B495-0B01DA1FFD6F}\InprocServer32] @="C:\WINDOWS\system32\nisdexts.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{7804DAFB-9096-4018-A0EA-C34B229A1548}] @="" [HKEY_CLASSES_ROOT\CLSID{7804DAFB-9096-4018-A0EA-C34B229A1548}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{7804DAFB-9096-4018-A0EA-C34B229A1548}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{7804DAFB-9096-4018-A0EA-C34B229A1548}\InprocServer32] @="C:\WINDOWS\system32\WWV9VCM.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{571C9F2E-006A-4A70-B495-0B01DA1FFD6F}"=- "{7804DAFB-9096-4018-A0EA-C34B229A1548}"=- [-HKEY\_CLASSES\_ROOT\CLSID\{571C9F2E-006A-4A70-B495-0B01DA1FFD6F}] [-HKEY\_CLASSES\_ROOT\CLSID\{7804DAFB-9096-4018-A0EA-C34B229A1548}] REGEDIT4 [-HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/azaol5h31.dll (164 bytes security) (deflated 5%) adding: dlls/dlband.dll (164 bytes security) (deflated 5%) adding: dlls/dqwsock.dll (164 bytes security) (deflated 5%) adding: dlls/en00l1dm1.dll (164 bytes security) (deflated 6%) adding: dlls/en68l1ju1.dll (164 bytes security) (deflated 5%) adding: dlls/enjml1111.dll (164 bytes security) (deflated 4%) adding: dlls/fvcfg.dll (164 bytes security) (deflated 6%) adding: dlls/g4jo0e13eh.dll (164 bytes security) (deflated 5%) adding: dlls/gp82l3lo1.dll (164 bytes security) (deflated 5%) adding: dlls/hr0205doe.dll (164 bytes security) (deflated 5%) adding: dlls/hr8405lqe.dll (164 bytes security) (deflated 5%) adding: dlls/ihsecsnp.dll (164 bytes security) (deflated 5%) adding: dlls/ir4ol5h31.dll (164 bytes security) (deflated 4%) adding: dlls/irrql5951.dll (164 bytes security) (deflated 5%) adding: dlls/jtnm0751e.dll (164 bytes security) (deflated 4%) adding: dlls/k2pmlc711f.dll (164 bytes security) (deflated 6%) adding: dlls/kt6sl7j71.dll (164 bytes security) (deflated 5%) adding: dlls/ktlsl7371.dll (164 bytes security) (deflated 5%) adding: dlls/ktp8l77u1.dll (164 bytes security) (deflated 6%) adding: dlls/l4r00e9meh.dll (164 bytes security) (deflated 5%) adding: dlls/l88m0il1e8q.dll (164 bytes security) (deflated 5%) adding: dlls/lv6u09j9e.dll (164 bytes security) (deflated 6%) adding: dlls/mqftedit.dll (164 bytes security) (deflated 5%) adding: dlls/mv8ml9l11.dll (164 bytes security) (deflated 6%) adding: dlls/n46qlej51ho.dll (164 bytes security) (deflated 5%) adding: dlls/ncwrsel.dll (164 bytes security) (deflated 5%) adding: dlls/nisdexts.dll (164 bytes security) (deflated 6%) adding: dlls/o4480ehueh480.dll (164 bytes security) (deflated 5%) adding: dlls/o6840glqe6qe0.dll (164 bytes security) (deflated 6%) adding: dlls/q068laju1do8.dll (164 bytes security) (deflated 4%) adding: dlls/stfolder.dll (164 bytes security) (deflated 4%) adding: dlls/svardssp.dll (164 bytes security) (deflated 5%) adding: dlls/t2r80c9uef.dll (164 bytes security) (deflated 6%) adding: dlls/t2r8lc9u1f.dll (164 bytes security) (deflated 5%) adding: dlls/t68u0gl9e6q.dll (164 bytes security) (deflated 5%) adding: dlls/wsp.dll (164 bytes security) (deflated 5%) adding: dlls/WWV9VCM.dll (164 bytes security) (deflated 5%) adding: backregs/571C9F2E-006A-4A70-B495-0B01DA1FFD6F.reg (188 bytes security) (deflated 70%) adding: backregs/7804DAFB-9096-4018-A0EA-C34B229A1548.reg (188 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 63%) adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Jakbym coś pokręcił to napisz =] pozdro


(Gutek) #7

Daj log nr 1 z narzędzia L2Mfix oraz log z Find-Qoologic rozpakuj i uruchom Find-Qoologic.bat , pokaze sie taki screen:

qoologic.png

i wpisz w nim z klawiatury 1 tak jak w L2Mfix i potwierdź za pomocą ENTER-a. I jak będzie log wklej c\yli 2 log-i oraz 3 log z Silenta - Silent opis: http://www.searchengines.pl/phpbb203/in ... opic=15989


(Wieliczka Marcin) #8

Włanczam narzędzie l2mfix l2mfix.png

L2MFIX find log 010406

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

  6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

  6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

  6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

  6c,00,6c,00,00,00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\azaol5h31.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

  6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001


**********************************************************************************

useragent:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"SV1"=""

"Neostrada TP 6.1"="IEAKFT"


**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Karta waciwoci pliku multimedialnego"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona waciwoci OLE Docfile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usugi DS"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodnoci"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsugi danych wycinkowych powoki"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powoki dla kompresji plik˘w"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoĄczenia sieciowe"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoĄczenia sieciowe"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skanery i aparaty fotograficzne"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skanery i aparaty fotograficzne"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skanery i aparaty fotograficzne"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skanery i aparaty fotograficzne"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skanery i aparaty fotograficzne"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powoki dla hosta skrypt˘w systemu Windows"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"

"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"

"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Strona waciwoci Poprzednie wersje"

"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Poprzednie wersje"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powoki zwi©kszonej"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powoki zwi©kszonej 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="Adres"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupenianie Microsoft"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeniania MRU"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ledzenia"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeniania historii Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powoki"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powoki"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powoki"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powoki kreatora publikacji"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanau"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanau"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsugi kanau"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Do os˘b..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"

"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Eksplorator pulpit˘w"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"


**********************************************************************************

HKEY ROOT CLASSIDS:

**********************************************************************************

Files Found are not all bad files:


C:\WINDOWS\SYSTEM32\

   arcaon~1.dll Fri 2005-12-16 9:43:02 A.... 630 784 616,00 K

   bassmod.dll Mon 2005-12-26 21:25:26 A.... 34 308 33,50 K

   browseui.dll Thu 2005-11-24 1:39:20 A.... 1 022 464 998,50 K

   cpuinf32.dll Thu 2006-01-12 14:06:06 A.... 9 216 9,00 K

   danim.dll Sat 2005-11-05 4:18:02 A.... 1 055 744 1,00 M

   divx.dll Thu 2006-01-12 14:04:52 A.... 609 280 595,00 K

   gdi32.dll Thu 2005-12-29 3:56:06 A.... 280 064 273,50 K

   ir50_32.dll Fri 2006-01-20 15:43:56 A.... 755 200 737,50 K

   kqmfg.dll Tue 2006-01-03 12:36:04 A.... 24 064 23,50 K

   mplvpx.dll Thu 2006-01-12 14:06:46 A.... 245 760 240,00 K

   mshtml.dll Thu 2005-11-24 1:39:22 A.... 3 013 632 2,87 M

   ogg.dll Thu 2006-01-12 14:09:04 A.... 45 056 44,00 K

   oggds.dll Thu 2006-01-12 14:10:42 A.... 237 568 232,00 K

   shdocvw.dll Thu 2005-12-01 4:34:28 A.... 1 492 480 1,42 M

   urlmon.dll Sat 2005-11-05 4:18:08 A.... 605 184 591,00 K

   vorbis.dll Thu 2006-01-12 14:09:16 A.... 188 416 184,00 K

   vorbis~1.dll Thu 2006-01-12 14:10:24 A.... 921 600 900,00 K

   wmv9vcm.dll Thu 2006-01-12 14:08:58 A.... 1 415 680 1,35 M

   xvid.dll Thu 2006-01-12 14:01:36 A.... 626 688 612,00 K

   xvidcore.dll Thu 2006-01-12 14:03:02 A.... 675 840 660,00 K

   xvidvfw.dll Thu 2006-01-12 14:03:28 A.... 155 648 152,00 K


21 items found: 21 files, 0 directories.

   Total of file sizes: 14 044 676 bytes 13,39 M

Locate .tmp files:


No matches found.

**********************************************************************************

Directory Listing of system files:

 Wolumin w stacji C nie ma etykiety.

 Numer seryjny woluminu: E887-EE8F


 Katalog: C:\WINDOWS\System32


2006-01-21 20:22    






Aaa w narzędziu Find-Qooligic robie praktycznie to samo czyli też opcje 1 ii wyskakuje

[code]Find Qoologic last edited 01/08/2006 Running from C:\Documents and Settings\Top_One\Moje dokumenty\suski.feniks@neostrada.pl\Find-Qoologic\Find-Qoologic PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»»»»»»»»»»»»»»» Search by size and name»»»»»»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\SYSTEM32\KQMFG.DLL C:\WINDOWS\NECVBB.DAT »»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»» ..... ..... SteelWerX Registry Console Tool RC-2 Written by Bobbi Flekman ..... [HKEY_CLASSES_ROOT*\shellex\ContextMenuHandlers\msyfgggt] @="{123fc6d7-908a-49d7-bb65-ceb14addeb5c}" [-HKEY\_CLASSES\_ROOT\CLSID\{incert csdl here}] [-HKEY\_CLASSES\_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}] [-HKEY\_CLASSES\_ROOT\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}] [-HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebNexus] ..... ..... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ..... [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions{9E248641-0E24-4DDB-9A1F-705087832AD6}]

Jakby coś było nie tak to znowu napisz aaaa odpowiem juttro bo lece =] Pozdro i dzęki wielkie =]


(Gutek) #9

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Startujecie do trybu awaryjnego i Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki

C:\WINDOWS\System32\azaol5h31.dll

C:\WINDOWS\SYSTEM32\KQMFG.DLL

C:\WINDOWS\NECVBB.DAT i naciskasz X czerwony. Program poprosi o reset kompa ... Zatwierdzacie i resetujecie komputer wybierając ponownie tryb awaryjny.

Uruchamiacie plik FIX.REG poprzez druklik na plik i potwierdzenie padającego pytania.

Nie znam tylko pliku: kqmfg.dll nie wiem od jakiego kodeka, albo syf?

Po wszystkim log z SILENTA! !!


(Wieliczka Marcin) #10

aa w jakim celu mam to zrobić? prosze o odpowiedz =]

Złączono Posta : 22.01.2006 (Nie) 0:01

Zrobiłem wszystko jak pisało aa oto log tylko nie wiem czy go dobrze zrobiłem bo podany link coś nie chodzi :

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]

"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" ["Free Peers, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Top_One\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Startup items in "Top_One" & "All Users" startup folders:

---------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 16

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{215940F1-E7E0-4801-BEE3-44D045534106}\

"ButtonText" = "Wyslij SMS'a"

"Script" = "C:\Program Files\Common Files\moje.js" [null data]



Miscellaneous IE Hijack Points

------------------------------


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\


Missing lines (compared with English-language version):

"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 21 seconds, including 3 seconds for message boxes)

pozdro


(Gutek) #11

No juz Ok