Inwazna robaczków


(Timoneq) #1

CO MAM Z TEGO USUNĄĆ??

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5


(Gutek) #2

  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  4. Skasować z dysku pliki i folder, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:

zastosuj Usuwanie tapety SpySheriff

zobacz Usuwanie VX2.BetterInternet i daj log nr 1 z narzędzia L2Mfix


(Timoneq) #3

i co dalej??

L2MFIX find log 010406

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]

"Asynchronous"=dword:00000000

"DllName"="C:\WINDOWS\system32\g204lcdq1f0e.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

"DLLName"="wzcdlg.dll"

"Logon"="WZCEventLogon"

"Logoff"="WZCEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000000

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{DAAACE7D-95A1-76E7-C7FA-E78636B1A085}"=""

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Karta waciwoci pliku multimedialnego"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona waciwoci OLE Docfile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usugi DS"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodnoci"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsugi danych wycinkowych powoki"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powoki dla kompresji plik˘w"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoĄczenia sieciowe"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoĄczenia sieciowe"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powoki dla hosta skrypt˘w systemu Windows"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powoki zwi©kszonej"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powoki zwi©kszonej 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupenianie Microsoft"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeniania MRU"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ledzenia"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeniania historii Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powoki"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powoki"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powoki"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powoki kreatora publikacji"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanau"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanau"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsugi kanau"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"

"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"

"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"

"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"

"{C24568AA-6DA1-49A2-B263-512332C49EC7}"=""

"{2974D59F-C4C0-4C3C-845E-ADDFA872CB84}"=""

**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{C24568AA-6DA1-49A2-B263-512332C49EC7}]

@=""

"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID{C24568AA-6DA1-49A2-B263-512332C49EC7}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{C24568AA-6DA1-49A2-B263-512332C49EC7}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{C24568AA-6DA1-49A2-B263-512332C49EC7}\InprocServer32]

@="C:\WINDOWS\system32\dtskmon.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{2974D59F-C4C0-4C3C-845E-ADDFA872CB84}]

@=""

[HKEY_CLASSES_ROOT\CLSID{2974D59F-C4C0-4C3C-845E-ADDFA872CB84}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{2974D59F-C4C0-4C3C-845E-ADDFA872CB84}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{2974D59F-C4C0-4C3C-845E-ADDFA872CB84}\InprocServer32]

@="C:\WINDOWS\system32\mktext40.dll"

"ThreadingModel"="Apartment"

**********************************************************************************

Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\

azaol7~1.dll Mon 2006-01-09 15:51:10 ..S.R 234 099 228,61 K

browseui.dll Thu 2005-11-24 1:39:20 A.... 1 022 464 998,50 K

cdfview.dll Fri 2005-10-21 4:42:08 A.... 151 552 148,00 K

danim.dll Sat 2005-11-05 4:18:02 A.... 1 055 744 1,00 M

dn0u01~1.dll Mon 2006-01-09 17:01:50 ..S.R 234 858 229,35 K

dxtrans.dll Fri 2005-10-21 4:42:08 A.... 205 312 200,50 K

esent.dll Thu 2005-10-20 23:30:54 A.... 1 092 608 1,04 M

extmgr.dll Fri 2005-10-21 4:42:08 ..... 55 808 54,50 K

g204lc~1.dll Mon 2006-01-09 19:49:14 ..S.R 233 957 228,47 K

gdi32.dll Thu 2005-12-29 3:56:06 A.... 280 064 273,50 K

iepeers.dll Fri 2005-10-21 4:42:08 A.... 251 392 245,50 K

inseng.dll Fri 2005-10-21 4:42:08 A.... 96 768 94,50 K

itagehlp.dll Fri 2006-01-06 15:58:04 ..S.R 236 568 231,02 K

k4no0e~1.dll Mon 2006-01-09 20:32:20 ..S.R 235 562 230,04 K

kt8ol7~1.dll Mon 2006-01-09 15:42:20 ..S.R 233 941 228,46 K

ktl6l7~1.dll Sat 2006-01-07 10:19:14 ..S.R 236 640 231,09 K

l6p20g~1.dll Tue 2006-01-10 16:14:08 ..S.R 233 957 228,47 K

mktext40.dll Tue 2006-01-10 18:21:58 ..... 233 957 228,47 K

mshtml.dll Thu 2005-11-24 1:39:22 A.... 3 013 632 2,87 M

mshtmled.dll Fri 2005-10-21 4:42:10 A.... 448 512 438,00 K

msrating.dll Fri 2005-10-21 4:42:10 A.... 146 432 143,00 K

mstime.dll Fri 2005-10-21 4:42:10 A.... 530 944 518,50 K

nmlanui2.dll Mon 2006-01-09 17:10:56 ..S.R 233 957 228,47 K

nzmsdba.dll Mon 2006-01-09 15:51:10 ..S.R 236 413 230,87 K

pngfilt.dll Fri 2005-10-21 4:42:10 A.... 39 424 38,50 K

shdocvw.dll Thu 2005-12-01 4:34:28 A.... 1 492 480 1,42 M

shlwapi.dll Fri 2005-10-21 4:42:12 A.... 473 600 462,50 K

spmsg.dll Thu 2005-10-13 0:21:28 ..... 16 096 15,72 K

urlmon.dll Sat 2005-11-05 4:18:08 A.... 605 184 591,00 K

wininet.dll Fri 2005-10-21 4:42:12 A.... 660 992 645,50 K

zlbw.dll Thu 2006-01-05 21:05:24 A.... 46 592 45,50 K

31 items found: 31 files (10 H/S), 0 directories.

Total of file sizes: 14 269 509 bytes 13,61 M

Locate .tmp files:

C:\WINDOWS\SYSTEM32\

guard.tmp Tue 2006-01-10 18:25:58 ..S.R 233 957 228,47 K

1 item found: 1 file (1 H/S), 0 directories.

Total of file sizes: 233 957 bytes 228,47 K

**********************************************************************************

Directory Listing of system files:

Wolumin w stacji C to POTEKTO

Numer seryjny woluminu: 5869-20D5

Katalog: C:\WINDOWS\System32

2006-01-10 18:25 233˙957 guard.tmp

2006-01-10 16:14 233˙957 l6p20g7oe6.dll

2006-01-09 20:32 235˙562 k4no0e53eh.dll

2006-01-09 19:49

2006-01-09 19:49 233˙957 g204lcdq1f0e.dll

2006-01-09 17:10 233˙957 nmlanui2.dll

2006-01-09 17:01 234˙858 dn0u01d9e.dll

2006-01-09 15:51 236˙413 nzmsdba.dll

2006-01-09 15:51 234˙099 azaol7l31.dll

2006-01-09 15:42 233˙941 kt8ol7l31.dll

2006-01-07 10:19 236˙640 ktl6l73s1.dll

2006-01-06 15:58 236˙568 itagehlp.dll

2005-04-15 17:15

11 plik(˘w) 2˙583˙909 bajt˘w

2 katalog(˘w) 4˙581˙740˙544 bajt˘w wolnych


(Gutek) #4

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H guard.tmp

ATTRIB -R-S-H l6p20g7oe6.dll

ATTRIB -R-S-H k4no0e53eh.dll

ATTRIB -R-S-H g204lcdq1f0e.dll

ATTRIB -R-S-H nmlanui2.dll

ATTRIB -R-S-H nzmsdba.dll

ATTRIB -R-S-H mktext40.dll

ATTRIB -R-S-H dn0u01d9e.dll

ATTRIB -R-S-H dtskmon.dll

ATTRIB -R-S-H nzmsdba.dll

ATTRIB -R-S-H azaol7l31.dll

ATTRIB -R-S-H kt8ol7l31.dll

ATTRIB -R-S-H ktl6l73s1.dll

ATTRIB -R-S-H itagehlp.dll

ATTRIB -R-S-H zlbw.dll

DEL guard.tmp

DEL l6p20g7oe6.dll

DEL k4no0e53eh.dll

DEL g204lcdq1f0e.dll

DEL nmlanui2.dll

DEL nzmsdba.dll

DEL mktext40.dll

DEL dn0u01d9e.dll

DEL dtskmon.dll

DEL nzmsdba.dll

DEL azaol7l31.dll

DEL kt8ol7l31.dll

DEL ktl6l73s1.dll

DEL itagehlp.dll

DEL zlbw.dll

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz mi nowego loga L2MFix robionego z opcji 1.