Nieustannie wyskakujące okienka

Dudzix · 18 Lipiec 2006 12:18

Logfile of HijackThis v1.99.1

Scan saved at 14:10:01, on 2006-07-18

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\xxx\Pulpit\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O4 - HKLM…\RunServices: [winlog] winlog.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab O17 - HKLM\System\CCS\Services\Tcpip…{6C796DB7-5CFF-4EB6-889A-50EB2A8938C3}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CS1\Services\Tcpip…{6C796DB7-5CFF-4EB6-889A-50EB2A8938C3}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CS2\Services\Tcpip…{6C796DB7-5CFF-4EB6-889A-50EB2A8938C3}: NameServer = 194.204.152.34,194.204.159.1 O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\jt2m07f1e.dll

Co jest nie tak?

Cały czas wyskakują mi okienka, w mozilli otwierane, cos tam piszą, “poznaj 20 osob samotnych ze swojego regionu” zeskanowałem w trybie awaryjnym spybot - Search & Destroy i mksem nie idzie usunąć pliku: C:\WINDOWS\system32\sbrvdeps.dll_tobedeleted

Prosiłbym o szybką odpowiedz bo zaraz mnie szlag trafi

kuz5 · 18 Lipiec 2006 12:25

Widziałeś ten komunikat Ważny komunikat dotyczący tytułowania tematów zastosuj sie do niego => inaczej temat poleci do śmietnika :evil:

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jezeli któryś z nich bedzie na żółto to go zostaw)

Pliki i foldery na czerwono usuń ręcznie z dysku a wpisy w HijackThis (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Użyj Look2Me-Destroyer a następnie daj log nr 1 z narzedzia L2Mfix

Dudzix · 18 Lipiec 2006 13:16

wpisy usunełem a a jak mam te czerwone usunąć?

Myszak · 18 Lipiec 2006 13:19

C:\Program Files\RXToolBar\sfcont.dll - udaj się do tej lokalizacji i skasuj ten folder --> RXTTolllBar.

Znajdź ten plik --> winlog.exe i go skasuj (może być w C:\Windows\System32)

Robiszt to rzecz jasna - w trybie awaryjnym z wyłączonym przywracaniem systemu.

No i daj log z

Dudzix · 18 Lipiec 2006 13:41

C:\Program Files\ RXToolBar \sfcont.dll

tego tam nie ma,

winlog.exe

tego nigdzie nie ma :/.(jest tylko winlogon.exe)

Look2Me-Destroyer - to nie działa, nie uruchamia sie po 1 min, ani nie ma tego w zaplanowanych zadaniach.

L2Mfix - a tego nie czaje :(?

Dodam, że okienka ciagle wyskakują…

kuz5 · 18 Lipiec 2006 13:58

Powoli najpierw ubijemy VX2

Pozamykaj wszystkie aktywne okna i dopiero spróbuj , zrób to w trybie awaryjnym

Odpalasz narzędzie wklepujesz 1 i klikasz enter , zostanie wygenerowany log który wklejasz na forum

Dudzix · 18 Lipiec 2006 14:11

tak robilem i nie udało sie.

adam9870 · 18 Lipiec 2006 14:16

Spośród plików uruchom l2mfix.bat ;]

Nie możliwe

kuz5 · 18 Lipiec 2006 14:22

A dla ułatwienia jest to plik zaznaczony na czerwono

Dudzix · 18 Lipiec 2006 14:22

ha!

a co to tego look2me to nie dziala cos

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony] “Asynchronous”=dword:00000000 “DllName”=“C:\WINDOWS\system32\fplq0335e.dll” “Impersonate”=dword:00000000 “Logon”=“WinLogon” “Logoff”=“WinLogoff” “Shutdown”=“WinShutdown” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “{ED99D9BC-3A2C-2897-4211-985010C3449A}”="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{73B24247-042E-4EF5-ADC2-42F62E6FD654}”=“ICQ Lite Shell Extension” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}”=“PhoneBrowser” “{12030EAE-7FF6-4637-90E7-6CC0CDD2C6ED}”="" “{8EFED3F0-A584-49AD-A3DF-B6212D6E8E53}”="" “{2EEDBBC5-B6CE-456A-BD93-7F3ED533D757}”="" “{1A71BCE7-F861-44CA-9DC4-E8EDD0D78033}”="" “{D2A3FE7B-CB38-4334-A12A-059770BDC025}”="" “{CD3106BC-D753-4F47-BA10-986201708897}”="" “{84FB08C7-48BA-4667-A82F-6E30E06BC793}”="" “{9795CF13-98CB-4E05-A2B9-D603FF2B626F}”="" “{3DD0404B-577A-4071-AE4E-785D12BD2DE7}”="" “{4CF9534B-E738-4383-9D5E-6129FEB6AF8C}”="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{12030EAE-7FF6-4637-90E7-6CC0CDD2C6ED}] @="" “IDEx”=“ADDR” [HKEY_CLASSES_ROOT\CLSID{12030EAE-7FF6-4637-90E7-6CC0CDD2C6ED}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{12030EAE-7FF6-4637-90E7-6CC0CDD2C6ED}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{12030EAE-7FF6-4637-90E7-6CC0CDD2C6ED}\InprocServer32] @=“C:\WINDOWS\system32\iXssdo.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{8EFED3F0-A584-49AD-A3DF-B6212D6E8E53}] @="" “IDEx”=“ADDR” [HKEY_CLASSES_ROOT\CLSID{8EFED3F0-A584-49AD-A3DF-B6212D6E8E53}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{8EFED3F0-A584-49AD-A3DF-B6212D6E8E53}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{8EFED3F0-A584-49AD-A3DF-B6212D6E8E53}\InprocServer32] @=“C:\WINDOWS\system32\mbupgrd.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{2EEDBBC5-B6CE-456A-BD93-7F3ED533D757}] @="" “IDEx”=“ADDR” [HKEY_CLASSES_ROOT\CLSID{2EEDBBC5-B6CE-456A-BD93-7F3ED533D757}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{2EEDBBC5-B6CE-456A-BD93-7F3ED533D757}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{2EEDBBC5-B6CE-456A-BD93-7F3ED533D757}\InprocServer32] @=“C:\WINDOWS\system32\mncpx32r.dLL” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{1A71BCE7-F861-44CA-9DC4-E8EDD0D78033}] @="" [HKEY_CLASSES_ROOT\CLSID{1A71BCE7-F861-44CA-9DC4-E8EDD0D78033}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{1A71BCE7-F861-44CA-9DC4-E8EDD0D78033}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{1A71BCE7-F861-44CA-9DC4-E8EDD0D78033}\InprocServer32] @=“C:\WINDOWS\system32\guard.tmp” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{D2A3FE7B-CB38-4334-A12A-059770BDC025}] @="" [HKEY_CLASSES_ROOT\CLSID{D2A3FE7B-CB38-4334-A12A-059770BDC025}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{D2A3FE7B-CB38-4334-A12A-059770BDC025}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{D2A3FE7B-CB38-4334-A12A-059770BDC025}\InprocServer32] @=“C:\WINDOWS\system32\guard.tmp” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{CD3106BC-D753-4F47-BA10-986201708897}] @="" [HKEY_CLASSES_ROOT\CLSID{CD3106BC-D753-4F47-BA10-986201708897}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{CD3106BC-D753-4F47-BA10-986201708897}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{CD3106BC-D753-4F47-BA10-986201708897}\InprocServer32] @=“C:\WINDOWS\system32\drsrslvr.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{84FB08C7-48BA-4667-A82F-6E30E06BC793}] @="" [HKEY_CLASSES_ROOT\CLSID{84FB08C7-48BA-4667-A82F-6E30E06BC793}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{84FB08C7-48BA-4667-A82F-6E30E06BC793}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{84FB08C7-48BA-4667-A82F-6E30E06BC793}\InprocServer32] @=“C:\WINDOWS\system32\guard.tmp” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{9795CF13-98CB-4E05-A2B9-D603FF2B626F}] @="" [HKEY_CLASSES_ROOT\CLSID{9795CF13-98CB-4E05-A2B9-D603FF2B626F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{9795CF13-98CB-4E05-A2B9-D603FF2B626F}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{9795CF13-98CB-4E05-A2B9-D603FF2B626F}\InprocServer32] @=“C:\WINDOWS\system32\guard.tmp” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{3DD0404B-577A-4071-AE4E-785D12BD2DE7}] @="" [HKEY_CLASSES_ROOT\CLSID{3DD0404B-577A-4071-AE4E-785D12BD2DE7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{3DD0404B-577A-4071-AE4E-785D12BD2DE7}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{3DD0404B-577A-4071-AE4E-785D12BD2DE7}\InprocServer32] @=“C:\WINDOWS\system32\alcups.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{4CF9534B-E738-4383-9D5E-6129FEB6AF8C}] @="" [HKEY_CLASSES_ROOT\CLSID{4CF9534B-E738-4383-9D5E-6129FEB6AF8C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{4CF9534B-E738-4383-9D5E-6129FEB6AF8C}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{4CF9534B-E738-4383-9D5E-6129FEB6AF8C}\InprocServer32] @=“C:\WINDOWS\system32\guard.tmp” “ThreadingModel”=“Apartment” ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ alcups.dll Tue 2006-07-18 14:30:44 …S.R 235 533 230,01 K bszip.dll Tue 2006-07-18 0:44:56 A… 62 464 61,00 K connapi.dll Thu 2006-04-27 10:03:08 A… 243 712 238,00 K daapi.dll Thu 2006-04-27 10:33:10 A… 207 872 203,00 K fplq03~1.dll Tue 2006-07-18 14:30:44 … 236 066 230,53 K hrpo05~1.dll Tue 2006-07-18 14:33:24 …S.R 236 597 231,05 K l28mlc~1.dll Tue 2006-07-18 0:50:12 …S.R 235 115 229,60 K l6n40g~1.dll Tue 2006-07-18 15:03:00 …S.R 236 066 230,53 K m6julg~1.dll Tue 2006-07-18 0:55:20 …S.R 236 188 230,65 K m8poli~1.dll Tue 2006-07-18 14:30:50 …S.R 237 220 231,66 K ncltools.dll Thu 2006-04-27 10:02:52 A… 60 416 59,00 K salgntfy.dll Tue 2006-07-18 15:05:14 … 236 066 230,53 K sbrvde~1.dll Tue 2006-07-18 13:53:24 … 234 272 228,78 K skaner~1.dll Thu 2006-07-13 10:51:20 A… 700 184 683,77 K 14 items found: 14 files (6 H/S), 0 directories. Total of file sizes: 3 397 771 bytes 3,24 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Tue 2006-07-18 15:06:14 …S.R 236 066 230,53 K setupe~1.tmp Tue 2006-07-18 0:45:36 A… 32 768 32,00 K 2 items found: 2 files (1 H/S), 0 directories. Total of file sizes: 268 834 bytes 262,53 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 08B1-FA24 Katalog: C:\WINDOWS\System32 2006-07-18 16:20 2006-07-18 16:20 2006-07-18 15:06 236˙066 guard.tmp 2006-07-18 15:02 236˙066 l6n40g5qe6.dll 2006-07-18 14:33 236˙597 hrpo0573e.dll 2006-07-18 14:30 237˙220 m8poli7318.dll 2006-07-18 14:30 235˙533 alcups.dll 2006-07-18 00:55 236˙188 m6julg1916.dll 2006-07-18 00:50 235˙115 l28mlcl11fq.dll 2006-07-18 00:48 2006-06-30 20:13 2˙516 KGyGaAvL.sys 2005-12-03 13:34 2001-10-26 19:29 175˙104 winlog.exe 9 plik(˘w) 1˙830˙405 bajt˘w 4 katalog(˘w) 27˙616˙591˙872 bajt˘w wolnych

kuz5 · 18 Lipiec 2006 14:37

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “{ED99D9BC-3A2C-2897-4211-985010C3449A}”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{12030EAE-7FF6-4637-90E7-6CC0CDD2C6ED}”=- “{8EFED3F0-A584-49AD-A3DF-B6212D6E8E53}”=- “{2EEDBBC5-B6CE-456A-BD93-7F3ED533D757}”=- “{1A71BCE7-F861-44CA-9DC4-E8EDD0D78033}”=- “{D2A3FE7B-CB38-4334-A12A-059770BDC025}”=- “{CD3106BC-D753-4F47-BA10-986201708897}”=- “{84FB08C7-48BA-4667-A82F-6E30E06BC793}”=- “{9795CF13-98CB-4E05-A2B9-D603FF2B626F}”=- “{3DD0404B-577A-4071-AE4E-785D12BD2DE7}”=- “{4CF9534B-E738-4383-9D5E-6129FEB6AF8C}”=- [-HKEY_CLASSES_ROOT\CLSID{12030EAE-7FF6-4637-90E7-6CC0CDD2C6ED}] [-HKEY_CLASSES_ROOT\CLSID{8EFED3F0-A584-49AD-A3DF-B6212D6E8E53}] [-HKEY_CLASSES_ROOT\CLSID{2EEDBBC5-B6CE-456A-BD93-7F3ED533D757}] [-HKEY_CLASSES_ROOT\CLSID{1A71BCE7-F861-44CA-9DC4-E8EDD0D78033}] [-HKEY_CLASSES_ROOT\CLSID{D2A3FE7B-CB38-4334-A12A-059770BDC025}] [-HKEY_CLASSES_ROOT\CLSID{CD3106BC-D753-4F47-BA10-986201708897}] [-HKEY_CLASSES_ROOT\CLSID{84FB08C7-48BA-4667-A82F-6E30E06BC793}] [-HKEY_CLASSES_ROOT\CLSID{9795CF13-98CB-4E05-A2B9-D603FF2B626F}] [-HKEY_CLASSES_ROOT\CLSID{3DD0404B-577A-4071-AE4E-785D12BD2DE7}] [-HKEY_CLASSES_ROOT\CLSID{4CF9534B-E738-4383-9D5E-6129FEB6AF8C}]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H drsrslvr.dll

ATTRIB -R-S-H mncpx32r.dLL

ATTRIB -R-S-H mbupgrd.dll

ATTRIB -R-S-H iXssdo.dll

ATTRIB -R-S-H fplq0335e.dll

ATTRIB -R-S-H l6n40g5qe6.dll

ATTRIB -R-S-H hrpo0573e.dll

ATTRIB -R-S-H m8poli7318.dll

ATTRIB -R-S-H alcups.dll

ATTRIB -R-S-H m6julg1916.dll

ATTRIB -R-S-H l28mlcl11fq.dll

DEL drsrslvr.dll

DEL mncpx32r.dLL

DEL mbupgrd.dll

DEL iXssdo.dll

DEL fplq0335e.dll

DEL guard.tmp

DEL l6n40g5qe6.dll

DEL hrpo0573e.dll

DEL m8poli7318.dll

DEL alcups.dll

DEL m6julg1916.dll

DEL l28mlcl11fq.dll

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz nowego loga L2MFix robionego z opcji 1.