Problem z pop-upami

Holy_Sinner · 10 Lipiec 2006 09:04

Witam, jakos wczoraj dziwne rzeczy zaczely sie dziac z moim kompem mianowicie antywir [Avira] zaczal wykrywac pliki zainfekowane jakims wormem, ktore tworzyly sie automatycznie na nowo zaraz po usunieciu, po calkowitym skanie systemu jakos sie z nimi uporalem, Avira pokazuje mi ze mam czysto jesli chodzi o viry. Jednak dalej cos jest nei tak - mianowicie w pewnych [raczej nieregularnych ale nie mierzylem] odstepach czazsu wyskakuja mi popupy z reklamami, i nie wiem jak sie tego pozbyc [moze to problem prosty do rozwiazania, ale mam problem wiec prosze o pomoc :)] w msconfigu wszystko wyglada w porzadku, w menedzerze zadan tez niczego dziwnego nei zauwazylem, wiec postanowilem sprawdzic system za pomoca HijackThis, a ze boje sie samemu wprowadzac zmiany, daje go do sprawdzenia tutaj.

Logfile of HijackThis v1.99.1 Scan saved at 11:06:01, on 2006-07-10 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\mssvcc.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Downloads\Firefox\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.7wolf.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [msconfig38] mssvcc.exe O4 - HKLM…\RunServices: [Run Service Vxdrun] vxddirectx32.exe O4 - HKLM…\RunServices: [MS Config] msdconfig.exe O4 - HKLM…\RunServices: [msconfig38] mssvcc.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [secures23] lat.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\RunServices: [Run Service Vxdrun] vxddirectx32.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_EN_XP.cab O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} (CO2Player Class) - http://www.lemontv.pl/lmctrlp.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://81.190.193.145/activex/AMC.cab O17 - HKLM\System\CCS\Services\Tcpip…{1A0FB286-3F75-427B-99EA-0CAFFD335E5C}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{1A0FB286-3F75-427B-99EA-0CAFFD335E5C}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\o8luli3918.dll O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

adam9870 · 10 Lipiec 2006 09:08

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jezeli któryś z nich bedzie na żółto to go zostaw).

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Pliki i foldery zaznaczone usuwasz ręcznie z dysku natomiast wpisy w HijackThis.

Pobierz program Ewido zrób update i przeskanuj.

Użyj Look2Me-Destroyer a następnie daj log nr 1 z narzedzia L2Mfix

Holy_Sinner · 10 Lipiec 2006 13:17

No wiec:

Uzylem WWDC i zrobilem tak jak napisales. Nastepnie odpalilem kompa w trybie awaryjnym, wzialem sie za usuwanie wskazanych plikow, jednak nie moglem znalezc vxddirectx32.exe oraz msdconfig.exe; wpisy w HijackThis poszly bez problemu. Reset, po chwili pojawil sie taki oto komunikat:

Odpalilem Ewido, update i scan, troche tego znalazl, wszystko usuniete badz w kwarantannie oprocz

i usunalem z autosrartu vxddirectx32.exe oraz msdconfig.exe za jego pomoca.

Wzialem sie za Look2me-Destroyer, przy odpalaniu [po kliknieciu na Run this program as a task] pojawil mi sie komunikat o nastepujacej tresci:

oraz komunikat o uruchomieniu programu za minute. Prog sie nei uruchamia, w panel sterowania - zaplanowane zadania nic nie ma oprocz “dodaj zaplanowane zadanie”; probujac uruchomic usluge harmonogramu klikam zaawansowane - Rozpocznij prace… co nic nie daje. W Narzedzia Admonistracyjne - Uslugi znajduje odpowiednia pozycje, wchodze w wlasciwosci, klikam uruchom, chwile czekam i pojawia sie komunikat:

Logu za pomoca L2Mfix zrobie po zresetowaniu kompa.

Gutek · 10 Lipiec 2006 13:22

Daj log z L2Mfix

Holy_Sinner · 10 Lipiec 2006 13:26

Oto i log. Popupy dalej wyskakuja, oraz blad po odpaleniu sie powtorzyl [ten z rundll]

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] “DLLName”=“Ati2evxx.dll” “Asynchronous”=dword:00000000 “Impersonate”=dword:00000001 “Lock”=“AtiLockEvent” “Logoff”=“AtiLogoffEvent” “Logon”=“AtiLogonEvent” “Disconnect”=“AtiDisConnectEvent” “Reconnect”=“AtiReConnectEvent” “Safe”=dword:00000000 “Shutdown”=“AtiShutdownEvent” “StartScreenSaver”=“AtiStartScreenSaverEvent” “StartShell”=“AtiStartShellEvent” “Startup”=“AtiStartupEvent” “StopScreenSaver”=“AtiStopScreenSaverEvent” “Unlock”=“AtiUnLockEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager] “Asynchronous”=dword:00000000 “DllName”=“C:\WINDOWS\system32\s088lalu1dq8.dll” “Impersonate”=dword:00000000 “Logon”=“WinLogon” “Logoff”=“WinLogoff” “Shutdown”=“WinShutdown” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “{D78ED26F-EE3C-5EF4-17DC-14B93957A0DF}”="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”=“Shell Extension for Malware scanning” “{B327765E-D724-4347-8B16-78AE18552FC3}”=“NeroDigitalIconHandler” “{7F1CF152-04F8-453A-B34C-E609530A9DC8}”=“NeroDigitalPropSheetHandler” “{9168446F-099C-4C49-9931-20BDB0512B5E}”="" “{930762D2-EC3F-4B6F-BF9D-2CC8A32DBA9A}”="" “{C897B251-E983-41EC-B081-47E7BF28F84E}”="" “{B0152EF6-E552-4E05-9D75-4AD7804D186F}”="" “{C16AD251-9852-4A54-A649-72838E607273}”="" “{7F0C40D0-86EE-4DAA-8A66-EB2817F96979}”="" “{21219286-6E0B-401C-BADE-1FFC37FBF6E7}”="" “{17689B60-68EE-42A6-8E10-1D3156B0C1BC}”="" “{C29C860C-CAED-4B35-AFFE-A34C9F589E13}”="" “{81A28B16-8A66-4F04-959F-3D89D464F56A}”="" “{07F932A3-7BF8-44F8-91F9-473C07CCA047}”="" “{AE084750-74F5-4D57-8153-96156C0C3587}”="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{9168446F-099C-4C49-9931-20BDB0512B5E}] @="" “IDEx”=“AD” [HKEY_CLASSES_ROOT\CLSID{9168446F-099C-4C49-9931-20BDB0512B5E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{9168446F-099C-4C49-9931-20BDB0512B5E}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{9168446F-099C-4C49-9931-20BDB0512B5E}\InprocServer32] @=“C:\WINDOWS\system32\WihRm.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{930762D2-EC3F-4B6F-BF9D-2CC8A32DBA9A}] @="" “IDEx”=“AD” [HKEY_CLASSES_ROOT\CLSID{930762D2-EC3F-4B6F-BF9D-2CC8A32DBA9A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{930762D2-EC3F-4B6F-BF9D-2CC8A32DBA9A}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{930762D2-EC3F-4B6F-BF9D-2CC8A32DBA9A}\InprocServer32] @=“C:\WINDOWS\system32\ciusapi.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{C897B251-E983-41EC-B081-47E7BF28F84E}] @="" “IDEx”=“AD” [HKEY_CLASSES_ROOT\CLSID{C897B251-E983-41EC-B081-47E7BF28F84E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{C897B251-E983-41EC-B081-47E7BF28F84E}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{C897B251-E983-41EC-B081-47E7BF28F84E}\InprocServer32] @=“C:\WINDOWS\system32\cIbinet.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{B0152EF6-E552-4E05-9D75-4AD7804D186F}] @="" [HKEY_CLASSES_ROOT\CLSID{B0152EF6-E552-4E05-9D75-4AD7804D186F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{B0152EF6-E552-4E05-9D75-4AD7804D186F}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{B0152EF6-E552-4E05-9D75-4AD7804D186F}\InprocServer32] @=“C:\WINDOWS\system32\snlwapi.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{C16AD251-9852-4A54-A649-72838E607273}] @="" “IDEx”=“AD” [HKEY_CLASSES_ROOT\CLSID{C16AD251-9852-4A54-A649-72838E607273}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{C16AD251-9852-4A54-A649-72838E607273}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{C16AD251-9852-4A54-A649-72838E607273}\InprocServer32] @=“C:\WINDOWS\system32\kadlv.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{7F0C40D0-86EE-4DAA-8A66-EB2817F96979}] @="" “IDEx”=“AD” [HKEY_CLASSES_ROOT\CLSID{7F0C40D0-86EE-4DAA-8A66-EB2817F96979}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{7F0C40D0-86EE-4DAA-8A66-EB2817F96979}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{7F0C40D0-86EE-4DAA-8A66-EB2817F96979}\InprocServer32] @=“C:\WINDOWS\system32\kadlv1.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{21219286-6E0B-401C-BADE-1FFC37FBF6E7}] @="" “IDEx”=“AD” [HKEY_CLASSES_ROOT\CLSID{21219286-6E0B-401C-BADE-1FFC37FBF6E7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{21219286-6E0B-401C-BADE-1FFC37FBF6E7}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{21219286-6E0B-401C-BADE-1FFC37FBF6E7}\InprocServer32] @=“C:\WINDOWS\system32\josh400.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{17689B60-68EE-42A6-8E10-1D3156B0C1BC}] @="" “IDEx”=“AD” [HKEY_CLASSES_ROOT\CLSID{17689B60-68EE-42A6-8E10-1D3156B0C1BC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{17689B60-68EE-42A6-8E10-1D3156B0C1BC}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{17689B60-68EE-42A6-8E10-1D3156B0C1BC}\InprocServer32] @=“C:\WINDOWS\system32\kjdcz.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{C29C860C-CAED-4B35-AFFE-A34C9F589E13}] @="" “IDEx”=“AD” [HKEY_CLASSES_ROOT\CLSID{C29C860C-CAED-4B35-AFFE-A34C9F589E13}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{C29C860C-CAED-4B35-AFFE-A34C9F589E13}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{C29C860C-CAED-4B35-AFFE-A34C9F589E13}\InprocServer32] @=“C:\WINDOWS\system32\afphelp.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{81A28B16-8A66-4F04-959F-3D89D464F56A}] @="" “IDEx”=“AD” [HKEY_CLASSES_ROOT\CLSID{81A28B16-8A66-4F04-959F-3D89D464F56A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{81A28B16-8A66-4F04-959F-3D89D464F56A}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{81A28B16-8A66-4F04-959F-3D89D464F56A}\InprocServer32] @=“C:\WINDOWS\system32\awippaxx.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{07F932A3-7BF8-44F8-91F9-473C07CCA047}] @="" [HKEY_CLASSES_ROOT\CLSID{07F932A3-7BF8-44F8-91F9-473C07CCA047}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{07F932A3-7BF8-44F8-91F9-473C07CCA047}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{07F932A3-7BF8-44F8-91F9-473C07CCA047}\InprocServer32] @=“C:\WINDOWS\system32\rdm.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{AE084750-74F5-4D57-8153-96156C0C3587}] @="" [HKEY_CLASSES_ROOT\CLSID{AE084750-74F5-4D57-8153-96156C0C3587}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{AE084750-74F5-4D57-8153-96156C0C3587}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{AE084750-74F5-4D57-8153-96156C0C3587}\InprocServer32] @=“C:\WINDOWS\system32\kvdcz.dll” “ThreadingModel”=“Apartment” ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ ati2cqag.dll Wed 2006-05-03 18:09:20 A… 282 624 276,00 K ati2dvag.dll Wed 2006-05-03 18:51:00 A… 258 048 252,00 K ati2edxx.dll Wed 2006-05-03 18:45:08 A… 41 984 41,00 K ati2evxx.dll Wed 2006-05-03 18:44:56 A… 61 440 60,00 K ati3duag.dll Wed 2006-05-03 18:35:26 A… 2 693 280 2,57 M atiddc.dll Wed 2006-05-03 18:43:14 A… 53 248 52,00 K atidemgr.dll Wed 2006-05-03 18:12:26 A… 286 720 280,00 K atiiiexx.dll Wed 2006-05-03 18:54:10 A… 307 200 300,00 K atikvmag.dll Wed 2006-05-03 18:15:58 A… 151 552 148,00 K atioglx1.dll Wed 2006-05-03 18:21:20 A… 6 684 672 6,38 M atioglxx.dll Wed 2006-05-03 18:18:04 A… 5 033 984 4,80 M atipdlxx.dll Wed 2006-05-03 18:45:36 A… 114 688 112,00 K atitvo32.dll Wed 2006-05-03 18:15:10 A… 17 408 17,00 K ativvaxx.dll Wed 2006-05-03 18:29:14 A… 1 408 000 1,34 M ff_vfw.dll Mon 2006-05-22 13:47:24 A… 8 704 8,50 K m8640i~1.dll Mon 2006-07-10 15:26:08 …S.R 234 740 229,24 K msvbvm60.dll Mon 2006-06-26 16:37:24 A… 1 385 744 1,32 M oemdspif.dll Wed 2006-05-03 18:45:22 A… 77 824 76,00 K s088la~1.dll Mon 2006-07-10 14:11:14 …S.R 234 272 228,78 K snlwapi.dll Mon 2006-07-10 15:26:08 … 234 272 228,78 K 20 items found: 20 files (2 H/S), 0 directories. Total of file sizes: 19 570 404 bytes 18,66 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Mon 2006-07-10 15:28:08 …S.R 234 272 228,78 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 234 272 bytes 228,78 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 984F-B107 Katalog: C:\WINDOWS\System32 2006-07-10 15:28 234˙272 guard.tmp 2006-07-10 15:26 234˙740 m8640ijqe8oe0.dll 2006-07-10 14:11 234˙272 s088lalu1dq8.dll 2006-06-26 16:40 2006-06-18 01:26 2˙048 helperll2.exe 2006-06-18 01:26 75˙332 ll2.exe 5 plik(˘w) 780˙664 bajt˘w 1 katalog(˘w) 1˙863˙221˙248 bajt˘w wolnych

Gutek · 10 Lipiec 2006 13:41

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “{D78ED26F-EE3C-5EF4-17DC-14B93957A0DF}”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{9168446F-099C-4C49-9931-20BDB0512B5E}”=- “{930762D2-EC3F-4B6F-BF9D-2CC8A32DBA9A}”=- “{C897B251-E983-41EC-B081-47E7BF28F84E}”=- “{B0152EF6-E552-4E05-9D75-4AD7804D186F}”=- “{C16AD251-9852-4A54-A649-72838E607273}”=- “{7F0C40D0-86EE-4DAA-8A66-EB2817F96979}”=- “{21219286-6E0B-401C-BADE-1FFC37FBF6E7}”=- “{17689B60-68EE-42A6-8E10-1D3156B0C1BC}”=- “{C29C860C-CAED-4B35-AFFE-A34C9F589E13}”=- “{81A28B16-8A66-4F04-959F-3D89D464F56A}”=- “{07F932A3-7BF8-44F8-91F9-473C07CCA047}”=- “{AE084750-74F5-4D57-8153-96156C0C3587}”=- [-HKEY_CLASSES_ROOT\CLSID{9168446F-099C-4C49-9931-20BDB0512B5E}] [-HKEY_CLASSES_ROOT\CLSID{930762D2-EC3F-4B6F-BF9D-2CC8A32DBA9A}] [-HKEY_CLASSES_ROOT\CLSID{C897B251-E983-41EC-B081-47E7BF28F84E}] [-HKEY_CLASSES_ROOT\CLSID{7F0C40D0-86EE-4DAA-8A66-EB2817F96979}] [-HKEY_CLASSES_ROOT\CLSID{21219286-6E0B-401C-BADE-1FFC37FBF6E7}] [-HKEY_CLASSES_ROOT\CLSID{17689B60-68EE-42A6-8E10-1D3156B0C1BC}] [-HKEY_CLASSES_ROOT\CLSID{C29C860C-CAED-4B35-AFFE-A34C9F589E13}] [-HKEY_CLASSES_ROOT\CLSID{81A28B16-8A66-4F04-959F-3D89D464F56A}] [-HKEY_CLASSES_ROOT\CLSID{07F932A3-7BF8-44F8-91F9-473C07CCA047}] [-HKEY_CLASSES_ROOT\CLSID{AE084750-74F5-4D57-8153-96156C0C3587}]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H m8640ijqe8oe0.dll

ATTRIB -R-S-H helperll2.exe

ATTRIB -R-S-H ll2.exe

ATTRIB -R-S-H kvdcz.dll

ATTRIB -R-S-H rdm.dll

ATTRIB -R-S-H awippaxx.dll

ATTRIB -R-S-H afphelp.dll

ATTRIB -R-S-H kjdcz.dll

ATTRIB -R-S-H josh400.dll

ATTRIB -R-S-H kadlv1.dll

ATTRIB -R-S-H kadlv.dl

ATTRIB -R-S-H snlwapi.dll

ATTRIB -R-S-H cIbinet.dll

ATTRIB -R-S-H ciusapi.dll

ATTRIB -R-S-H WihRm.dll

ATTRIB -R-S-H guard.tmp

DEL m8640ijqe8oe0.dll

DEL s088lalu1dq8.dll

DEL helperll2.exe

DEL ll2.exe

DEL kvdcz.dll

DEL guard.tmp

DEL rdm.dll

DEL awippaxx.dll

DEL afphelp.dll

DEL kjdcz.dll

DEL josh400.dll

DEL kadlv1.dll

DEL kadlv.dl

DEL snlwapi.dll

DEL cIbinet.dll

DEL ciusapi.dll

DEL WihRm.dll

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz mi nowego loga L2MFix robionego z opcji 1.

Holy_Sinner · 10 Lipiec 2006 18:22

W konsoli nie odnalazl nastepujacych plikow:

m8640ijqe8oe0.dll

kvdcz.dll

rdm.dll

awippaxx.dll

afphelp.dll

kjdcz.dll

josh400.dll

kadlv1.dll

kadlv.dl

cIbinet.dll

ciusapi.dll

WihRm.dll

Reg poszedl w trybie awaryjnym, wyskakujacy komunikat po zalogowaniu dalej jest, popupy dalej mecza.

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] “DLLName”=“Ati2evxx.dll” “Asynchronous”=dword:00000000 “Impersonate”=dword:00000001 “Lock”=“AtiLockEvent” “Logoff”=“AtiLogoffEvent” “Logon”=“AtiLogonEvent” “Disconnect”=“AtiDisConnectEvent” “Reconnect”=“AtiReConnectEvent” “Safe”=dword:00000000 “Shutdown”=“AtiShutdownEvent” “StartScreenSaver”=“AtiStartScreenSaverEvent” “StartShell”=“AtiStartShellEvent” “Startup”=“AtiStartupEvent” “StopScreenSaver”=“AtiStopScreenSaverEvent” “Unlock”=“AtiUnLockEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage] “Asynchronous”=dword:00000000 “DllName”=“C:\WINDOWS\system32\i4nm0e51eh.dll” “Impersonate”=dword:00000000 “Logon”=“WinLogon” “Logoff”=“WinLogoff” “Shutdown”=“WinShutdown” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “{D78ED26F-EE3C-5EF4-17DC-14B93957A0DF}”="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”=“Shell Extension for Malware scanning” “{B327765E-D724-4347-8B16-78AE18552FC3}”=“NeroDigitalIconHandler” “{7F1CF152-04F8-453A-B34C-E609530A9DC8}”=“NeroDigitalPropSheetHandler” “{B0152EF6-E552-4E05-9D75-4AD7804D186F}”="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{B0152EF6-E552-4E05-9D75-4AD7804D186F}] @="" [HKEY_CLASSES_ROOT\CLSID{B0152EF6-E552-4E05-9D75-4AD7804D186F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{B0152EF6-E552-4E05-9D75-4AD7804D186F}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{B0152EF6-E552-4E05-9D75-4AD7804D186F}\InprocServer32] @=“C:\WINDOWS\system32\iDssam.dll” “ThreadingModel”=“Apartment” ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ ati2cqag.dll Wed 2006-05-03 18:09:20 A… 282 624 276,00 K ati2dvag.dll Wed 2006-05-03 18:51:00 A… 258 048 252,00 K ati2edxx.dll Wed 2006-05-03 18:45:08 A… 41 984 41,00 K ati2evxx.dll Wed 2006-05-03 18:44:56 A… 61 440 60,00 K ati3duag.dll Wed 2006-05-03 18:35:26 A… 2 693 280 2,57 M atiddc.dll Wed 2006-05-03 18:43:14 A… 53 248 52,00 K atidemgr.dll Wed 2006-05-03 18:12:26 A… 286 720 280,00 K atiiiexx.dll Wed 2006-05-03 18:54:10 A… 307 200 300,00 K atikvmag.dll Wed 2006-05-03 18:15:58 A… 151 552 148,00 K atioglx1.dll Wed 2006-05-03 18:21:20 A… 6 684 672 6,38 M atioglxx.dll Wed 2006-05-03 18:18:04 A… 5 033 984 4,80 M atipdlxx.dll Wed 2006-05-03 18:45:36 A… 114 688 112,00 K atitvo32.dll Wed 2006-05-03 18:15:10 A… 17 408 17,00 K ativvaxx.dll Wed 2006-05-03 18:29:14 A… 1 408 000 1,34 M ff_vfw.dll Mon 2006-05-22 13:47:24 A… 8 704 8,50 K gp4ol3~1.dll Mon 2006-07-10 20:17:28 …S.R 234 740 229,24 K i4nm0e~1.dll Mon 2006-07-10 20:16:54 …S.R 234 894 229,39 K idssam.dll Mon 2006-07-10 20:18:46 … 234 894 229,39 K msvbvm60.dll Mon 2006-06-26 16:37:24 A… 1 385 744 1,32 M oemdspif.dll Wed 2006-05-03 18:45:22 A… 77 824 76,00 K wrw32.dll Mon 2006-07-10 20:16:54 …S.R 234 740 229,24 K 21 items found: 21 files (3 H/S), 0 directories. Total of file sizes: 19 806 388 bytes 18,89 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Mon 2006-07-10 20:20:46 …S.R 234 894 229,39 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 234 894 bytes 229,39 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 984F-B107 Katalog: C:\WINDOWS\System32 2006-07-10 20:20 234˙894 guard.tmp 2006-07-10 20:17 234˙740 gp4ol3h31.dll 2006-07-10 20:16 234˙740 wrw32.dll 2006-07-10 20:16 234˙894 i4nm0e51eh.dll 2006-06-26 16:40 4 plik(˘w) 939˙268 bajt˘w 1 katalog(˘w) 1˙860˙132˙864 bajt˘w wolnych

kuz5 · 10 Lipiec 2006 18:43

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H gp4ol3h31.dll

ATTRIB -R-S-H wrw32.dll

ATTRIB -R-S-H i4nm0e51eh.dll

DEL gp4ol3h31.dll

DEL wrw32.dll

DEL i4nm0e51eh.dll

DEL guard.tmp

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz nowego loga L2MFix robionego z opcji 1.

Próbuj go odpalić, pozamykaj wszystkie aktywne okna i odpal go w trybie awaryjnym

Holy_Sinner · 10 Lipiec 2006 19:06

Wszystkie pliki poszly bez problemu [jedynie do guard.tmp musialem najpierw wklepac attrib…], poki co komunikat z dll`em nie wyskoczyl, nie pojawiy sie takze popupy

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] “DLLName”=“Ati2evxx.dll” “Asynchronous”=dword:00000000 “Impersonate”=dword:00000001 “Lock”=“AtiLockEvent” “Logoff”=“AtiLogoffEvent” “Logon”=“AtiLogonEvent” “Disconnect”=“AtiDisConnectEvent” “Reconnect”=“AtiReConnectEvent” “Safe”=dword:00000000 “Shutdown”=“AtiShutdownEvent” “StartScreenSaver”=“AtiStartScreenSaverEvent” “StartShell”=“AtiStartShellEvent” “Startup”=“AtiStartupEvent” “StopScreenSaver”=“AtiStopScreenSaverEvent” “Unlock”=“AtiUnLockEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability] “Asynchronous”=dword:00000000 “DllName”=“C:\WINDOWS\system32\gp4ol3h31.dll” “Impersonate”=dword:00000000 “Logon”=“WinLogon” “Logoff”=“WinLogoff” “Shutdown”=“WinShutdown” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”=“Shell Extension for Malware scanning” “{B327765E-D724-4347-8B16-78AE18552FC3}”=“NeroDigitalIconHandler” “{7F1CF152-04F8-453A-B34C-E609530A9DC8}”=“NeroDigitalPropSheetHandler” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ ati2cqag.dll Wed 2006-05-03 18:09:20 A… 282 624 276,00 K ati2dvag.dll Wed 2006-05-03 18:51:00 A… 258 048 252,00 K ati2edxx.dll Wed 2006-05-03 18:45:08 A… 41 984 41,00 K ati2evxx.dll Wed 2006-05-03 18:44:56 A… 61 440 60,00 K ati3duag.dll Wed 2006-05-03 18:35:26 A… 2 693 280 2,57 M atiddc.dll Wed 2006-05-03 18:43:14 A… 53 248 52,00 K atidemgr.dll Wed 2006-05-03 18:12:26 A… 286 720 280,00 K atiiiexx.dll Wed 2006-05-03 18:54:10 A… 307 200 300,00 K atikvmag.dll Wed 2006-05-03 18:15:58 A… 151 552 148,00 K atioglx1.dll Wed 2006-05-03 18:21:20 A… 6 684 672 6,38 M atioglxx.dll Wed 2006-05-03 18:18:04 A… 5 033 984 4,80 M atipdlxx.dll Wed 2006-05-03 18:45:36 A… 114 688 112,00 K atitvo32.dll Wed 2006-05-03 18:15:10 A… 17 408 17,00 K ativvaxx.dll Wed 2006-05-03 18:29:14 A… 1 408 000 1,34 M ff_vfw.dll Mon 2006-05-22 13:47:24 A… 8 704 8,50 K msvbvm60.dll Mon 2006-06-26 16:37:24 A… 1 385 744 1,32 M oemdspif.dll Wed 2006-05-03 18:45:22 A… 77 824 76,00 K 17 items found: 17 files, 0 directories. Total of file sizes: 18 867 120 bytes 17,99 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 984F-B107 Katalog: C:\WINDOWS\System32 2006-06-26 16:40 0 plik(˘w) 0 bajt˘w 1 katalog(˘w) 1˙859˙268˙608 bajt˘w wolnych

Zaraz wezme sei za Look2me-Destroyer; musiales to dodac do postu, albo ja przeoczylem.

kuz5 · 10 Lipiec 2006 19:31

Bo ubiłes juz dziada vx2

Juz jest wszystko ok

InfinityToJa · 10 Lipiec 2006 20:44

jeszcze został wpis:

Otwórz notatnik i wklej:

Plik>>>zapisz jako>>zmień rozszerzenie z .txt na wszystkie pliki>>>zapisz pod nazwą FIX.REG i uruchom

kuz5 · 11 Lipiec 2006 05:29

Dokładnie

Nie zauważyłem go

Plik jak będzie usuń już KillBoxem

Holy_Sinner · 11 Lipiec 2006 10:07

Nie bylo.

Ok, wszysto cacy jesli chodzi o popupy, thx za pomoc :piwo: ale rzy okazji wyszlo jeszcze kilka rzeczy na wierzch, porusze w tym temacie zeby forum nie zasmiecac; mianowicie

W uslugach, chcialem odpalic Harmonogram zeby uruchomic Look2Me-Destroyer; dalej nie moge uruchomic tej uslugi - ten blad mi wyskakuje

A to przy probie uruchomienia Buforu Wydruku - nie moge drukary zainstalowac; z ta akurat problem sie powtarza, jest to Lexmark X2250; po zainstalowaniu sterow [zaraz po instalacji windy wszystko poszlo cacy] bylo wszystko ok, potem wywalilem z autostartu wszystko zwiazane z ta drukarka [m.in. ikonka w systrayu - nie lubie jak cos mi tam zalega; po jakims czasie zauwazylem ze bufor mam wylaczony bez mozliwosci wlaczenia oraz system twierdzi ze drukary nei instalowalem] nie wiem czy ma to jakis zwiazek, ale pisze tak na wszelki wypadek.

Gutek · 11 Lipiec 2006 11:23

Zainstaluj SP1 albo SP2

Holy_Sinner · 11 Lipiec 2006 20:19

I tutaj jest najsmieszniejsza rzecz z ta windoza - nigdy nie moglem na nim zadnego sp zainstalowac, pomimo iz to oryginal przy instalacji pojawia sie takie cos

adam9870 · 11 Lipiec 2006 20:23

Po komunikacie tak bym nie sądził

Jeżeli jednak masz orginała i taki komunikat masz to skontaktuj się z MS. Tam Ci poradzą odpowiednio