Prosze o sprawdzenie loga


(Grze Cho) #1

zmienila mi sie tapeta, otwieraja sie okna, ktore nie powinny sie pojawiac, i wyskakuje komunikat: your computer is infected. oto moj logfile:

Logfile of HijackThis v1.99.1

Scan saved at 23:48:24, on 2005-12-11

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

E:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE

E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

E:\WINDOWS\System32\nvsvc32.exe

E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

E:\WINDOWS\system32\rundll32.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

E:\Program Files\Common Files\Symantec Shared\ccApp.exe

E:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

E:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

D:\Gadu-Gadu\Gg.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Program Files\Skype\Phone\Skype.exe

E:\WINDOWS\system32\LSASS.EXE

C:\winstall.exe

E:\WINDOWS\system32\wscntfy.exe

E:\WINDOWS\system32\sywsvcs.exe

E:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

E:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

E:\Program Files\Messenger\msmsgs.exe

E:\Program Files\WinRAR\WinRAR.exe

E:\DOCUME~1\gosia\USTAWI~1\Temp\Rar$EX00.625\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bizonio.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [service] E:\WINDOWS\system32\services.exe -serv

O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] E:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [WheelMouse] E:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [Checkdisk] E:\WINDOWS\system32\mscas.exe

O4 - HKLM\..\Run: [PayTime] E:\WINDOWS\system32\paytime.exe

O4 - HKLM\..\Run: [winsync] E:\WINDOWS\system32\kqkkao.exe reg_run

O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe

O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\Gg.exe" /tray

O4 - HKCU\..\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [eMuleAutoStart] E:\Program Files\eMule\emule.exe -AutoStart

O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [kmof] C:\stub_113_4_0_4_0.exe

O4 - HKCU\..\Run: [PayTime] E:\WINDOWS\system32\paytime.exe

O4 - HKCU\..\Run: [aupd] E:\WINDOWS\system32\sywsvcs.exe

O4 - HKCU\..\Run: [CU1] E:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] E:\Program Files\Common Files\VCClient\VCMain.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - file://E:\WINDOWS\SexDownloader.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GINWORDS Class) - http://gryonline.wp.pl/files/words_2_0_0_18.cab

O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/dll/gxbplug.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GINBILLARD8 Class) - http://66.98.132.156/g_bin_eng/billard8_2_0_0_12.cab

O20 - Winlogon Notify: ShellCompatibility - E:\WINDOWS\system32\mtnetobj.dll

O20 - Winlogon Notify: Syncmgr - E:\WINDOWS\system32\mv2ol9f31.dll (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: GhostStartService - Symantec Corporation - E:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE

O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

czerwone koleczko przy zegarze:). teraz lepiej?


(Asterisk) #2

Proszę zmienić tytuł i wyjaśnić coś więcej - inaczej zostanie skasowany :mrgreen:


(Kuz5) #3

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Pliki na czerwono usun ręcznie z dysku

Poczytaj Usuwanie VX2.BetterInternet i daj log nr 1 z narzędzia L2Mfix

Dodatkowo POCZYTAJ o usuwaniu fałszywej tapety


(Grze Cho) #4

zrobilem, tak jak mowiles, ale teraz xp sie nie odpala

Złączono Posta : 12.12.2005 (Pon) 14:34

przywrocilem je i dziala. log wyglada tak:

Logfile of HijackThis v1.99.1

Scan saved at 14:35:45, on 2005-12-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\system32\rundll32.exe

E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

E:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE

E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

E:\WINDOWS\System32\nvsvc32.exe

E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\wscntfy.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

E:\Program Files\Common Files\Symantec Shared\ccApp.exe

E:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

E:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

E:\WINDOWS\system32\wuauclt.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\Messenger\msmsgs.exe

E:\Program Files\WinRAR\WinRAR.exe

E:\DOCUME~1\gosia\USTAWI~1\Temp\Rar$EX00.609\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] E:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [WheelMouse] E:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\Gg.exe" /tray

O4 - HKCU\..\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [eMuleAutoStart] E:\Program Files\eMule\emule.exe -AutoStart

O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GINWORDS Class) - http://gryonline.wp.pl/files/words_2_0_0_18.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GINBILLARD8 Class) - http://66.98.132.156/g_bin_eng/billard8_2_0_0_12.cab

O20 - Winlogon Notify: WebCheck - E:\WINDOWS\system32\n42ulef91h2.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: GhostStartService - Symantec Corporation - E:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE

O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

(Gutek) #5

poczytaj Usuwanie VX2.BetterInternet i daj log nr 1 z narzędzia L2Mfix


(Grze Cho) #6

log1 z l2mfix

L2MFIX find log 120905

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

“Asynchronous”=dword:00000000

“Impersonate”=dword:00000000

“DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

“Logoff”=“ChainWlxLogoffEvent”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

“Asynchronous”=dword:00000000

“Impersonate”=dword:00000000

“DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Logoff”=“CryptnetWlxLogoffEvent”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

“DLLName”=“cscdll.dll”

“Logon”=“WinlogonLogonEvent”

“Logoff”=“WinlogonLogoffEvent”

“ScreenSaver”=“WinlogonScreenSaverEvent”

“Startup”=“WinlogonStartupEvent”

“Shutdown”=“WinlogonShutdownEvent”

“StartShell”=“WinlogonStartShellEvent”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation]

“Asynchronous”=dword:00000000

“DllName”=“E:\WINDOWS\system32\ktlsl7371.dll”

“Impersonate”=dword:00000000

“Logon”=“WinLogon”

“Logoff”=“WinLogoff”

“Shutdown”=“WinShutdown”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

“DLLName”=“wlnotify.dll”

“Logon”=“SCardStartCertProp”

“Logoff”=“SCardStopCertProp”

“Lock”=“SCardSuspendCertProp”

“Unlock”=“SCardResumeCertProp”

“Enabled”=dword:00000001

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

“Asynchronous”=dword:00000000

“DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Impersonate”=dword:00000000

“StartShell”=“SchedStartShell”

“Logoff”=“SchedEventLogOff”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

“Logoff”=“WLEventLogoff”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000001

“DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

“DLLName”=“WlNotify.dll”

“Lock”=“SensLockEvent”

“Logon”=“SensLogonEvent”

“Logoff”=“SensLogoffEvent”

“Safe”=dword:00000001

“MaxWait”=dword:00000258

“StartScreenSaver”=“SensStartScreenSaverEvent”

“StopScreenSaver”=“SensStopScreenSaverEvent”

“Startup”=“SensStartupEvent”

“Shutdown”=“SensShutdownEvent”

“StartShell”=“SensStartShellEvent”

“PostShell”=“SensPostShellEvent”

“Disconnect”=“SensDisconnectEvent”

“Reconnect”=“SensReconnectEvent”

“Unlock”=“SensUnlockEvent”

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

“Asynchronous”=dword:00000000

“DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Impersonate”=dword:00000000

“Logoff”=“TSEventLogoff”

“Logon”=“TSEventLogon”

“PostShell”=“TSEventPostShell”

“Shutdown”=“TSEventShutdown”

“StartShell”=“TSEventStartShell”

“Startup”=“TSEventStartup”

“MaxWait”=dword:00000258

“Reconnect”=“TSEventReconnect”

“Disconnect”=“TSEventDisconnect”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

“DLLName”=“wlnotify.dll”

“Logon”=“RegisterTicketExpiredNotificationEvent”

“Logoff”=“UnregisterTicketExpiredNotificationEvent”

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

“DLLName”=“wzcdlg.dll”

“Logon”=“WZCEventLogon”

“Logoff”=“WZCEventLogoff”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000000

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

“{D5DD4D87-4424-A870-7255-EAD04C40204D}”=""

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

“{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego”

“{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM”

“{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS”

“{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile”

“{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w”

“{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension”

“{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej”

“{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania”

“{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania”

“{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS”

“{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci”

“{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki”

“{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy”

“{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network”

“{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM”

“{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM”

“{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w”

“{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web”

“{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI”

“{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania”

“{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka”

“{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu”

“{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts”

“{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC”

“{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek”

“{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w”

“{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension”

“{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO”

“{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign”

“{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe”

“{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe”

“{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne"

“{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne"

“{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne"

“{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne"

“{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne"

“{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension”

“{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows”

“{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link”

“{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler”

“{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension”

“{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania”

“{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start”

“{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj”

“{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna”

“{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna”

“{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…”

“{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet”

“{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail”

“{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki”

“{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne”

“{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler”

“{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler”

“{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler”

“{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler”

“{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler”

“{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor”

“{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet”

“{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania”

“{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej”

“{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2”

“{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy”

“{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft”

“{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania”

“{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w”

“{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku”

“{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web”

“{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru”

“{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres"

“{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu”

“{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft”

“{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident”

“{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU”

“{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU”

“{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny”

“{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia”

“{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu”

“{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft”

“{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft”

“{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft”

“{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki”

“{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp”

“{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki”

“{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite”

“{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika”

“{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w”

“{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band”

“{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service”

“{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer”

“{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture”

“{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut”

“{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service”

“{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia”

“{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe”

“{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe”

“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook”

“{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4”

“{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook”

“{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC”

“{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC”

“{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet”

“{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space”

“{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora”

“{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service”

“{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service”

“{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX”

“{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck”

“{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr”

“{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji”

“{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler”

“{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent”

“{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent”

“{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent”

“{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent”

“{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent”

“{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler”

“{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki”

“{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji”

“{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin”

“{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs”

“{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory”

“{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w”

“{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)”

“{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML”

“{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler”

“{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web”

“{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web”

“{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji”

“{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport”

“{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w”

“{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler”

“{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target”

“{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau”

“{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau”

“{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau”

“{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu”

“{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties”

“{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview”

“{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext”

“{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control”

“{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control”

“{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control”

“{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control”

“{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control”

“{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI”

“{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object”

“{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find”

“{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find”

“{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI”

“{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs”

“{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook”

“{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target”

“{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties”

“{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu”

“{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options”

“{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline”

“{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler”

“{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell”

“{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%"

“{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler”

“{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer"

“{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…"

“{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler”

“{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler”

“{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler”

“{0006F045-0000-0000-C000-000000000046}”=“Microsoft Outlook Custom Icon Handler”

“{57C51AF9-DEF7-11D3-A801-00C04F163490}”=“Ghost Shell Extension”

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension”

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}”=“Play on my TV helper”

“{A70C977A-BF00-412C-90B7-034C51DA2439}”=“NvCpl DesktopContext Class”

“{1CDB2949-8F65-4355-8456-263E7C208A5D}”=“Desktop Explorer”

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}”=“Desktop Explorer Menu”

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}”=“nView Desktop Context Menu”

“{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension”

“{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults”

“{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Previous Versions Property Page”

“{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Previous Versions”

“{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder”

“{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices”

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}”=“Portable Media Devices Menu”

“{BE9A7994-B602-41CB-8A32-55D93F4584AC}”=""

“{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}”=""

**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\InprocServer32]

@=“E:\WINDOWS\system32\ucrvpa.dll”

“ThreadingModel”=“Apartment”

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\InprocServer32]

@=“E:\WINDOWS\system32\guard.tmp”

“ThreadingModel”=“Apartment”

**********************************************************************************

Files Found are not all bad files:

E:\WINDOWS\SYSTEM32\

zlbw.dll Sun 2005-12-11 18:01:50 A… 46 592 45,50 K

dsnwsock.dll Sun 2005-12-11 21:36:12 …S.R 235 288 229,77 K

gpdef.dll Mon 2005-12-12 12:37:42 …S.R 234 170 228,68 K

jpcript.dll Mon 2005-12-12 13:53:48 …S.R 236 520 230,98 K

mdc42plk.dll Mon 2005-12-12 14:53:32 …S.R 237 167 231,61 K

iqagx5.dll Mon 2005-12-12 15:00:48 …S.R 237 167 231,61 K

kt84l7~1.dll Mon 2005-12-12 12:08:42 …S.R 236 835 231,28 K

kt08l7~1.dll Mon 2005-12-12 13:38:22 …S.R 235 063 229,55 K

ucrvpa.dll Mon 2005-12-12 15:14:16 …S.R 234 116 228,63 K

l88m0i~1.dll Sun 2005-12-11 19:19:28 …S.R 234 679 229,18 K

arcaon~1.dll Fri 2005-12-02 9:56:24 A… 561 152 548,00 K

lvj209~1.dll Sun 2005-12-11 18:22:58 …S.R 234 491 228,99 K

mvjsl9~1.dll Sun 2005-12-11 21:04:54 …S.R 237 007 231,45 K

k4nole~1.dll Sun 2005-12-11 22:30:38 …S.R 235 667 230,14 K

o484le~1.dll Sun 2005-12-11 21:36:12 …S.R 236 772 231,22 K

bstmeter.dll Mon 2005-12-12 13:32:22 …S.R 235 063 229,55 K

cfbview.dll Mon 2005-12-12 13:45:32 …S.R 235 182 229,67 K

h0n00a~1.dll Mon 2005-12-12 12:16:00 …S.R 235 398 229,88 K

n48ole~1.dll Mon 2005-12-12 14:26:30 …S.R 236 566 231,02 K

i2420c~1.dll Mon 2005-12-12 15:09:40 …S.R 234 358 228,86 K

lv4q09~1.dll Mon 2005-12-12 14:29:56 …S.R 235 731 230,20 K

mv0ql9~1.dll Mon 2005-12-12 14:53:30 …S.R 234 002 228,52 K

mgg_hook.dll Mon 2005-12-12 14:51:24 …S.R 236 945 231,39 K

i8loli~1.dll Mon 2005-12-12 14:57:18 …S.R 233 917 228,43 K

ktlsl7~1.dll Mon 2005-12-12 15:00:48 …S.R 234 116 228,63 K

n8n6li~1.dll Mon 2005-12-12 15:14:14 …S.R 235 774 230,25 K

26 items found: 26 files (24 H/S), 0 directories.

Total of file sizes: 6 259 738 bytes 5,97 M

Locate .tmp files:

No matches found.

**********************************************************************************

Directory Listing of system files:

Wolumin w stacji E nie ma etykiety.

Numer seryjny woluminu: 1DFB-2D37

Katalog: E:\WINDOWS\System32

2005-12-12 15:14 234˙116 ucrvpa.dll

2005-12-12 15:14 235˙774 n8n6li5s18.dll

2005-12-12 15:09 234˙358 i2420choef4c0.dll

2005-12-12 15:00 234˙116 ktlsl7371.dll

2005-12-12 15:00 237˙167 iqagx5.dll

2005-12-12 14:57 233˙917 i8loli3318.dll

2005-12-12 14:53 237˙167 MDC42PLK.DLL

2005-12-12 14:53 234˙002 mv0ql9d51.dll

2005-12-12 14:51 236˙945 mGg_hook.dll

2005-12-12 14:29 235˙731 lv4q09h5e.dll

2005-12-12 14:26 236˙566 n48olel31hq.dll

2005-12-12 13:53 236˙520 jpcript.dll

2005-12-12 13:45 235˙182 cFbview.dll

2005-12-12 13:38 235˙063 kt08l7du1.dll

2005-12-12 13:32 235˙063 bStmeter.dll

2005-12-12 12:37 234˙170 gpdef.dll

2005-12-12 12:16 235˙398 h0n00a5med.dll

2005-12-12 12:08 236˙835 kt84l7lq1.dll

2005-12-11 22:30 235˙667 k4nole531h.dll

2005-12-11 21:36 235˙288 dsnwsock.dll

2005-12-11 21:36 236˙772 o484lelq1hqe.dll

2005-12-11 21:04 237˙007 mvjsl9171.dll

2005-12-11 19:19 234˙679 l88m0il1e8q.dll

2005-12-11 18:22 234˙491 lvj2091oe.dll

2004-12-12 12:24 10˙752 javamsd.dll

2004-03-06 15:01

2004-03-06 14:59 32 {5ECC0103-1D7D-48EE-A88C-EA2E3B62AB04}.dat

2004-03-06 14:58 32 {19BF4273-44AA-4525-A220-5AA99A8342AA}.dat

2004-03-06 14:57 32 {6A6FD211-E6DC-4635-8665-EEC68492D425}.dat

2004-03-06 14:55 32 {B9BFD46C-59F3-480C-8B14-8833935748FC}.dat

2004-03-06 14:55 32 {61A68C0B-C329-4306-AA9D-3DA3FBE0BFB8}.dat

2004-03-06 14:55 32 {600E3554-7296-4B90-B781-CBBD37E2F343}.dat

2004-03-06 14:53 32 {2340DCCD-0939-4155-901A-A961698FE7E0}.dat

2004-01-30 14:09

32 plik(˘w) 5˙662˙970 bajt˘w

2 katalog(˘w) 26˙552˙958˙976 bajt˘w wolnych


(Gutek) #7

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

FIX.REG = Plik zostaw na Pulpicie

>>>>> Otwórz Notatnik i wklej w nim:

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na Wszystkie pliki >>> Zapisz jako FIX.BAT

FIX.BAT = Plik umieść w ścieżce C:\WINDOWS

Uruchom Konsolę Odzyskiwania i komenda:

BATCH FIX.BAT


(Grze Cho) #8

zanim napisales uruchomilem l2mfix log2:

L2mfix Beta 120905

Creating Account.

Polecenie zostao wykonane pomylnie.

Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX … successful

Running From:

E:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 376 ‘smss.exe’

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 624 ‘winlogon.exe’

Killing PID 624 ‘winlogon.exe’

Killing PID 624 ‘winlogon.exe’

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1024 ‘explorer.exe’

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1484 ‘rundll32.exe’

Granting SeDebugPrivilege to Administrators OpenPolicy:

***Error*** OpenPolicy -1073741790

Granting SeDebugPrivilege to Administrateurs OpenPolicy:

***Error*** OpenPolicy -1073741790

Granting SeDebugPrivilege to Administrat÷rer OpenPolicy:

***Error*** OpenPolicy -1073741790

Granting SeDebugPrivilege to Administradores OpenPolicy:

***Error*** OpenPolicy -1073741790

Granting SeDebugPrivilege to Amministratore OpenPolicy:

***Error*** OpenPolicy -1073741790

Granting SeDebugPrivilege to Administratoren OpenPolicy:

***Error*** OpenPolicy -1073741790

Scanning First Pass. Please Wait!

Running From:

E:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 376 ‘smss.exe’

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 616 ‘winlogon.exe’

Killing PID 616 ‘winlogon.exe’

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1276 ‘explorer.exe’

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1368 ‘rundll32.exe’

Granting SeDebugPrivilege to Administrators OpenPolicy:

***Error*** OpenPolicy -1073741790

Granting SeDebugPrivilege to Administrateurs OpenPolicy:

***Error*** OpenPolicy -1073741790

Granting SeDebugPrivilege to Administrat÷rer OpenPolicy:

***Error*** OpenPolicy -1073741790

Granting SeDebugPrivilege to Administradores OpenPolicy:

***Error*** OpenPolicy -1073741790

Granting SeDebugPrivilege to Amministratore OpenPolicy:

***Error*** OpenPolicy -1073741790

Granting SeDebugPrivilege to Administratoren OpenPolicy:

***Error*** OpenPolicy -1073741790

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Backing Up: E:\WINDOWS\system32\bStmeter.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\cFbview.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\dsnwsock.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\gpdef.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\gpj0l31m1.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\h0n00a5med.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\hr4o05h3e.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\i2420choef4c0.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\i8loli3318.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\iqagx5.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\JJAR500.DLL

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\jpcript.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\k4nole531h.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\kt08l7du1.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\kt84l7lq1.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\l88m0il1e8q.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\lv4q09h5e.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\lvj2091oe.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\MDC42PLK.DLL

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\mGg_hook.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\mv0ql9d51.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\mvjsl9171.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\n48olel31hq.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\o484lelq1hqe.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\p88qlil518q.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\uceg.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\ucrvpa.dll

Liczba skopiowanych plik˘w: 1.

Backing Up: E:\WINDOWS\system32\vhrsion.dll

Liczba skopiowanych plik˘w: 1.

deleting: E:\WINDOWS\system32\bStmeter.dll

Successfully Deleted: E:\WINDOWS\system32\bStmeter.dll

deleting: E:\WINDOWS\system32\cFbview.dll

Successfully Deleted: E:\WINDOWS\system32\cFbview.dll

deleting: E:\WINDOWS\system32\dsnwsock.dll

Successfully Deleted: E:\WINDOWS\system32\dsnwsock.dll

deleting: E:\WINDOWS\system32\gpdef.dll

Successfully Deleted: E:\WINDOWS\system32\gpdef.dll

deleting: E:\WINDOWS\system32\gpj0l31m1.dll

Successfully Deleted: E:\WINDOWS\system32\gpj0l31m1.dll

deleting: E:\WINDOWS\system32\h0n00a5med.dll

Successfully Deleted: E:\WINDOWS\system32\h0n00a5med.dll

deleting: E:\WINDOWS\system32\hr4o05h3e.dll

Successfully Deleted: E:\WINDOWS\system32\hr4o05h3e.dll

deleting: E:\WINDOWS\system32\i2420choef4c0.dll

Successfully Deleted: E:\WINDOWS\system32\i2420choef4c0.dll

deleting: E:\WINDOWS\system32\i8loli3318.dll

Successfully Deleted: E:\WINDOWS\system32\i8loli3318.dll

deleting: E:\WINDOWS\system32\iqagx5.dll

Successfully Deleted: E:\WINDOWS\system32\iqagx5.dll

deleting: E:\WINDOWS\system32\JJAR500.DLL

Successfully Deleted: E:\WINDOWS\system32\JJAR500.DLL

deleting: E:\WINDOWS\system32\jpcript.dll

Successfully Deleted: E:\WINDOWS\system32\jpcript.dll

deleting: E:\WINDOWS\system32\k4nole531h.dll

Successfully Deleted: E:\WINDOWS\system32\k4nole531h.dll

deleting: E:\WINDOWS\system32\kt08l7du1.dll

Successfully Deleted: E:\WINDOWS\system32\kt08l7du1.dll

deleting: E:\WINDOWS\system32\kt84l7lq1.dll

Successfully Deleted: E:\WINDOWS\system32\kt84l7lq1.dll

deleting: E:\WINDOWS\system32\l88m0il1e8q.dll

Successfully Deleted: E:\WINDOWS\system32\l88m0il1e8q.dll

deleting: E:\WINDOWS\system32\lv4q09h5e.dll

Successfully Deleted: E:\WINDOWS\system32\lv4q09h5e.dll

deleting: E:\WINDOWS\system32\lvj2091oe.dll

Successfully Deleted: E:\WINDOWS\system32\lvj2091oe.dll

deleting: E:\WINDOWS\system32\MDC42PLK.DLL

Successfully Deleted: E:\WINDOWS\system32\MDC42PLK.DLL

deleting: E:\WINDOWS\system32\mGg_hook.dll

Successfully Deleted: E:\WINDOWS\system32\mGg_hook.dll

deleting: E:\WINDOWS\system32\mv0ql9d51.dll

Successfully Deleted: E:\WINDOWS\system32\mv0ql9d51.dll

deleting: E:\WINDOWS\system32\mvjsl9171.dll

Successfully Deleted: E:\WINDOWS\system32\mvjsl9171.dll

deleting: E:\WINDOWS\system32\n48olel31hq.dll

Successfully Deleted: E:\WINDOWS\system32\n48olel31hq.dll

deleting: E:\WINDOWS\system32\o484lelq1hqe.dll

Successfully Deleted: E:\WINDOWS\system32\o484lelq1hqe.dll

deleting: E:\WINDOWS\system32\p88qlil518q.dll

Successfully Deleted: E:\WINDOWS\system32\p88qlil518q.dll

deleting: E:\WINDOWS\system32\uceg.dll

Successfully Deleted: E:\WINDOWS\system32\uceg.dll

deleting: E:\WINDOWS\system32\ucrvpa.dll

Successfully Deleted: E:\WINDOWS\system32\ucrvpa.dll

deleting: E:\WINDOWS\system32\vhrsion.dll

Successfully Deleted: E:\WINDOWS\system32\vhrsion.dll

Desktop.ini sucessfully removed

Zipping up files for submission:

zip warning: name not matched: guard.tmp

zip error: Nothing to do! (backup.zip)

adding: l2mfix/backregs/notibac.reg (deflated 87%)

adding: l2mfix/backregs/shell.reg (deflated 73%)

Restoring Sedebugprivilege:

Restoring Windows Update Certificates.:

deleting local copy: bStmeter.dll

deleting local copy: cFbview.dll

deleting local copy: dsnwsock.dll

deleting local copy: gpdef.dll

deleting local copy: gpj0l31m1.dll

deleting local copy: h0n00a5med.dll

deleting local copy: hr4o05h3e.dll

deleting local copy: i2420choef4c0.dll

deleting local copy: i8loli3318.dll

deleting local copy: iqagx5.dll

deleting local copy: JJAR500.DLL

deleting local copy: jpcript.dll

deleting local copy: k4nole531h.dll

deleting local copy: kt08l7du1.dll

deleting local copy: kt84l7lq1.dll

deleting local copy: l88m0il1e8q.dll

deleting local copy: lv4q09h5e.dll

deleting local copy: lvj2091oe.dll

deleting local copy: MDC42PLK.DLL

deleting local copy: mGg_hook.dll

deleting local copy: mv0ql9d51.dll

deleting local copy: mvjsl9171.dll

deleting local copy: n48olel31hq.dll

deleting local copy: o484lelq1hqe.dll

deleting local copy: p88qlil518q.dll

deleting local copy: uceg.dll

deleting local copy: ucrvpa.dll

deleting local copy: vhrsion.dll

The following Is the Current Export of the Winlogon notify key:

****************************************************************************

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

“Asynchronous”=dword:00000000

“Impersonate”=dword:00000000

“DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

“Logoff”=“ChainWlxLogoffEvent”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

“Asynchronous”=dword:00000000

“Impersonate”=dword:00000000

“DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Logoff”=“CryptnetWlxLogoffEvent”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

“DLLName”=“cscdll.dll”

“Logon”=“WinlogonLogonEvent”

“Logoff”=“WinlogonLogoffEvent”

“ScreenSaver”=“WinlogonScreenSaverEvent”

“Startup”=“WinlogonStartupEvent”

“Shutdown”=“WinlogonShutdownEvent”

“StartShell”=“WinlogonStartShellEvent”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]

“Asynchronous”=dword:00000000

“DllName”=“E:\WINDOWS\system32\gpj0l31m1.dll”

“Impersonate”=dword:00000000

“Logon”=“WinLogon”

“Logoff”=“WinLogoff”

“Shutdown”=“WinShutdown”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

“DLLName”=“wlnotify.dll”

“Logon”=“SCardStartCertProp”

“Logoff”=“SCardStopCertProp”

“Lock”=“SCardSuspendCertProp”

“Unlock”=“SCardResumeCertProp”

“Enabled”=dword:00000001

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

“Asynchronous”=dword:00000000

“DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Impersonate”=dword:00000000

“StartShell”=“SchedStartShell”

“Logoff”=“SchedEventLogOff”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

“Logoff”=“WLEventLogoff”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000001

“DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

“DLLName”=“WlNotify.dll”

“Lock”=“SensLockEvent”

“Logon”=“SensLogonEvent”

“Logoff”=“SensLogoffEvent”

“Safe”=dword:00000001

“MaxWait”=dword:00000258

“StartScreenSaver”=“SensStartScreenSaverEvent”

“StopScreenSaver”=“SensStopScreenSaverEvent”

“Startup”=“SensStartupEvent”

“Shutdown”=“SensShutdownEvent”

“StartShell”=“SensStartShellEvent”

“PostShell”=“SensPostShellEvent”

“Disconnect”=“SensDisconnectEvent”

“Reconnect”=“SensReconnectEvent”

“Unlock”=“SensUnlockEvent”

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

“Asynchronous”=dword:00000000

“DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Impersonate”=dword:00000000

“Logoff”=“TSEventLogoff”

“Logon”=“TSEventLogon”

“PostShell”=“TSEventPostShell”

“Shutdown”=“TSEventShutdown”

“StartShell”=“TSEventStartShell”

“Startup”=“TSEventStartup”

“MaxWait”=dword:00000258

“Reconnect”=“TSEventReconnect”

“Disconnect”=“TSEventDisconnect”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

“DLLName”=“wlnotify.dll”

“Logon”=“RegisterTicketExpiredNotificationEvent”

“Logoff”=“UnregisterTicketExpiredNotificationEvent”

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

“DLLName”=“wzcdlg.dll”

“Logon”=“WZCEventLogon”

“Logoff”=“WZCEventLogoff”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000000

The following are the files found:

****************************************************************************

E:\WINDOWS\system32\bStmeter.dll

E:\WINDOWS\system32\cFbview.dll

E:\WINDOWS\system32\dsnwsock.dll

E:\WINDOWS\system32\gpdef.dll

E:\WINDOWS\system32\gpj0l31m1.dll

E:\WINDOWS\system32\h0n00a5med.dll

E:\WINDOWS\system32\hr4o05h3e.dll

E:\WINDOWS\system32\i2420choef4c0.dll

E:\WINDOWS\system32\i8loli3318.dll

E:\WINDOWS\system32\iqagx5.dll

E:\WINDOWS\system32\JJAR500.DLL

E:\WINDOWS\system32\jpcript.dll

E:\WINDOWS\system32\k4nole531h.dll

E:\WINDOWS\system32\kt08l7du1.dll

E:\WINDOWS\system32\kt84l7lq1.dll

E:\WINDOWS\system32\l88m0il1e8q.dll

E:\WINDOWS\system32\lv4q09h5e.dll

E:\WINDOWS\system32\lvj2091oe.dll

E:\WINDOWS\system32\MDC42PLK.DLL

E:\WINDOWS\system32\mGg_hook.dll

E:\WINDOWS\system32\mv0ql9d51.dll

E:\WINDOWS\system32\mvjsl9171.dll

E:\WINDOWS\system32\n48olel31hq.dll

E:\WINDOWS\system32\o484lelq1hqe.dll

E:\WINDOWS\system32\p88qlil518q.dll

E:\WINDOWS\system32\uceg.dll

E:\WINDOWS\system32\ucrvpa.dll

E:\WINDOWS\system32\vhrsion.dll

Registry Entries that were Deleted:

Please verify that the listing looks ok.

If there was something deleted wrongly there are backups in the backreg folder.

****************************************************************************

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\InprocServer32]

@=“E:\WINDOWS\system32\smlwoa.dll”

“ThreadingModel”=“Apartment”

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\InprocServer32]

@=“E:\WINDOWS\system32\guard.tmp”

“ThreadingModel”=“Apartment”

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\InprocServer32]

@=“E:\WINDOWS\system32\uceg.dll”

“ThreadingModel”=“Apartment”

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\InprocServer32]

@=“E:\WINDOWS\system32\guard.tmp”

“ThreadingModel”=“Apartment”

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

“{BE9A7994-B602-41CB-8A32-55D93F4584AC}”=

“{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}”=

[-HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}]

[-HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}]

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

“SV1”=""

****************************************************************************

Desktop.ini Contents:

****************************************************************************

127.0.0.1 localhost

Start of entries inserted by Spybot - Sear****************************************************************************

E:\WINDOWS\System32\BE9A7994-B602-41CB-8A32-55D93F4584AC.reg

E:\WINDOWS\System32\0B6D20F7-9A29-4844-9B1C-E1D5BA48720A.reg

Checking for L2MFix account(0=no 1=yes):

0

adding: dlls/lvj2091oe.dll (deflated 4%)

adding: dlls/mGg_hook.dll (deflated 5%)

adding: dlls/mv0ql9d51.dll (deflated 4%)

adding: dlls/mvjsl9171.dll (deflated 5%)

adding: dlls/n48olel31hq.dll (deflated 5%)

adding: dlls/o484lelq1hqe.dll (deflated 5%)

adding: dlls/p88qlil518q.dll (deflated 4%)

adding: dlls/uceg.dll (deflated 5%)

adding: dlls/ucrvpa.dll (deflated 4%)

adding: dlls/vhrsion.dll (deflated 5%)

adding: dlls/bStmeter.dll (deflated 5%)

adding: dlls/cFbview.dll (deflated 5%)

adding: dlls/dsnwsock.dll (deflated 5%)

adding: dlls/gpdef.dll (deflated 4%)

adding: dlls/gpj0l31m1.dll (deflated 5%)

adding: dlls/h0n00a5med.dll (deflated 5%)

adding: dlls/hr4o05h3e.dll (deflated 6%)

adding: dlls/i2420choef4c0.dll (deflated 4%)

adding: dlls/i8loli3318.dll (deflated 4%)

adding: dlls/iqagx5.dll (deflated 6%)

adding: dlls/JJAR500.DLL (deflated 5%)

adding: dlls/jpcript.dll (deflated 5%)

adding: dlls/k4nole531h.dll (deflated 5%)

adding: dlls/kt08l7du1.dll (deflated 5%)

adding: dlls/kt84l7lq1.dll (deflated 5%)

adding: dlls/l88m0il1e8q.dll (deflated 4%)

adding: dlls/lv4q09h5e.dll (deflated 5%)

adding: dlls/MDC42PLK.DLL (deflated 6%)

co mam teraz zrobic?

okna juz sie same nie otwieraja. nie usunalem plikow zaznaczonych na czerwono, poniewaz sysstem nie chcial zastartowac, ktorys musi byc potrzebny. bylbym wdzieczny gdybys jeszcze raz je przejrzal.


(Gutek) #9

Daj mi log nr 1 z narzędzia L2Mfix w takim ukałdzie


(Grze Cho) #10

oto on:

L2MFIX find log 120905

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

“Asynchronous”=dword:00000000

“Impersonate”=dword:00000000

“DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

“Logoff”=“ChainWlxLogoffEvent”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

“Asynchronous”=dword:00000000

“Impersonate”=dword:00000000

“DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Logoff”=“CryptnetWlxLogoffEvent”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

“DLLName”=“cscdll.dll”

“Logon”=“WinlogonLogonEvent”

“Logoff”=“WinlogonLogoffEvent”

“ScreenSaver”=“WinlogonScreenSaverEvent”

“Startup”=“WinlogonStartupEvent”

“Shutdown”=“WinlogonShutdownEvent”

“StartShell”=“WinlogonStartShellEvent”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

“DLLName”=“wlnotify.dll”

“Logon”=“SCardStartCertProp”

“Logoff”=“SCardStopCertProp”

“Lock”=“SCardSuspendCertProp”

“Unlock”=“SCardResumeCertProp”

“Enabled”=dword:00000001

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

“Asynchronous”=dword:00000000

“DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Impersonate”=dword:00000000

“StartShell”=“SchedStartShell”

“Logoff”=“SchedEventLogOff”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

“Logoff”=“WLEventLogoff”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000001

“DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

“DLLName”=“WlNotify.dll”

“Lock”=“SensLockEvent”

“Logon”=“SensLogonEvent”

“Logoff”=“SensLogoffEvent”

“Safe”=dword:00000001

“MaxWait”=dword:00000258

“StartScreenSaver”=“SensStartScreenSaverEvent”

“StopScreenSaver”=“SensStopScreenSaverEvent”

“Startup”=“SensStartupEvent”

“Shutdown”=“SensShutdownEvent”

“StartShell”=“SensStartShellEvent”

“PostShell”=“SensPostShellEvent”

“Disconnect”=“SensDisconnectEvent”

“Reconnect”=“SensReconnectEvent”

“Unlock”=“SensUnlockEvent”

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

“Asynchronous”=dword:00000000

“DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Impersonate”=dword:00000000

“Logoff”=“TSEventLogoff”

“Logon”=“TSEventLogon”

“PostShell”=“TSEventPostShell”

“Shutdown”=“TSEventShutdown”

“StartShell”=“TSEventStartShell”

“Startup”=“TSEventStartup”

“MaxWait”=dword:00000258

“Reconnect”=“TSEventReconnect”

“Disconnect”=“TSEventDisconnect”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

“DLLName”=“wlnotify.dll”

“Logon”=“RegisterTicketExpiredNotificationEvent”

“Logoff”=“UnregisterTicketExpiredNotificationEvent”

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

“DLLName”=“wzcdlg.dll”

“Logon”=“WZCEventLogon”

“Logoff”=“WZCEventLogoff”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000000

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

“{D5DD4D87-4424-A870-7255-EAD04C40204D}”=""

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

“{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego”

“{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM”

“{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS”

“{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile”

“{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w”

“{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension”

“{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej”

“{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania”

“{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania”

“{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS”

“{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci”

“{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki”

“{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy”

“{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network”

“{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM”

“{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM”

“{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w”

“{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web”

“{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI”

“{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania”

“{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka”

“{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu”

“{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts”

“{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC”

“{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek”

“{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w”

“{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension”

“{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO”

“{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign”

“{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe”

“{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe”

“{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne"

“{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne"

“{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne"

“{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne"

“{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne"

“{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension”

“{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows”

“{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link”

“{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler”

“{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension”

“{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania”

“{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start”

“{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj”

“{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna”

“{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna”

“{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…”

“{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet”

“{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail”

“{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki”

“{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne”

“{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler”

“{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler”

“{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler”

“{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler”

“{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler”

“{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor”

“{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet”

“{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania”

“{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej”

“{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2”

“{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy”

“{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft”

“{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania”

“{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w”

“{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku”

“{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web”

“{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru”

“{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres"

“{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu”

“{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft”

“{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident”

“{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU”

“{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU”

“{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny”

“{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia”

“{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu”

“{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft”

“{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft”

“{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft”

“{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki”

“{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp”

“{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki”

“{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite”

“{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika”

“{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w”

“{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band”

“{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service”

“{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer”

“{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture”

“{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut”

“{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service”

“{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia”

“{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe”

“{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe”

“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook”

“{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4”

“{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook”

“{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC”

“{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC”

“{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet”

“{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space”

“{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora”

“{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service”

“{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service”

“{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX”

“{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck”

“{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr”

“{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji”

“{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler”

“{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent”

“{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent”

“{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent”

“{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent”

“{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent”

“{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler”

“{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki”

“{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji”

“{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin”

“{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs”

“{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory”

“{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w”

“{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)”

“{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML”

“{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler”

“{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web”

“{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web”

“{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji”

“{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport”

“{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w”

“{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler”

“{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target”

“{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau”

“{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau”

“{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau”

“{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu”

“{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties”

“{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview”

“{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext”

“{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control”

“{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control”

“{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control”

“{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control”

“{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control”

“{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI”

“{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object”

“{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find”

“{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find”

“{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI”

“{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs”

“{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook”

“{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target”

“{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties”

“{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu”

“{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options”

“{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline”

“{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler”

“{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell”

“{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%"

“{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler”

“{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer"

“{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…"

“{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler”

“{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler”

“{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler”

“{0006F045-0000-0000-C000-000000000046}”=“Microsoft Outlook Custom Icon Handler”

“{57C51AF9-DEF7-11D3-A801-00C04F163490}”=“Ghost Shell Extension”

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension”

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}”=“Play on my TV helper”

“{A70C977A-BF00-412C-90B7-034C51DA2439}”=“NvCpl DesktopContext Class”

“{1CDB2949-8F65-4355-8456-263E7C208A5D}”=“Desktop Explorer”

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}”=“Desktop Explorer Menu”

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}”=“nView Desktop Context Menu”

“{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension”

“{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults”

“{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Previous Versions Property Page”

“{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Previous Versions”

“{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder”

“{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices”

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}”=“Portable Media Devices Menu”

“{BE9A7994-B602-41CB-8A32-55D93F4584AC}”=""

“{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}”=""

**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\InprocServer32]

@=“E:\WINDOWS\system32\uceg.dll”

“ThreadingModel”=“Apartment”

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\InprocServer32]

@=“E:\WINDOWS\system32\guard.tmp”

“ThreadingModel”=“Apartment”

**********************************************************************************

Files Found are not all bad files:

E:\WINDOWS\SYSTEM32\

zlbw.dll Sun 2005-12-11 18:01:50 A… 46 592 45,50 K

arcaon~1.dll Fri 2005-12-02 9:56:24 A… 561 152 548,00 K

2 items found: 2 files, 0 directories.

Total of file sizes: 607 744 bytes 593,50 K

Locate .tmp files:

No matches found.

**********************************************************************************

Directory Listing of system files:

Wolumin w stacji E nie ma etykiety.

Numer seryjny woluminu: 1DFB-2D37

Katalog: E:\WINDOWS\System32

2004-12-12 12:24 10˙752 javamsd.dll

2004-03-06 15:01

2004-03-06 14:59 32 {5ECC0103-1D7D-48EE-A88C-EA2E3B62AB04}.dat

2004-03-06 14:58 32 {19BF4273-44AA-4525-A220-5AA99A8342AA}.dat

2004-03-06 14:57 32 {6A6FD211-E6DC-4635-8665-EEC68492D425}.dat

2004-03-06 14:55 32 {B9BFD46C-59F3-480C-8B14-8833935748FC}.dat

2004-03-06 14:55 32 {61A68C0B-C329-4306-AA9D-3DA3FBE0BFB8}.dat

2004-03-06 14:55 32 {600E3554-7296-4B90-B781-CBBD37E2F343}.dat

2004-03-06 14:53 32 {2340DCCD-0939-4155-901A-A961698FE7E0}.dat

2004-01-30 14:09

8 plik(˘w) 10˙976 bajt˘w

2 katalog(˘w) 26˙541˙293˙568 bajt˘w wolnych


(Gutek) #11

No niestetyt

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H guard.tmp

ATTRIB -R-S-H uceg.dll

ATTRIB -R-S-H zlbw.dll

DEL guard.tmp

DEL uceg.dll

DEL zlbw.dll

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz mi nowego loga L2MFix robionego z opcji 1.


(Grze Cho) #12

niestety pozyczylem plytke z xp koledze. duzo mam jeszcze tych smieci?

szczerze mowiac chodzi troche lepiej niz przed infekcja :slight_smile:


(Gutek) #13

C:\WINDOWS\system32\guard.tmp

C:\WINDOWS\system32\uceg.dll

C:\WINDOWS\system32\zlbw.dll te pliki do wywalenia :wink:


(Grze Cho) #14

wywalilem te pliki recznie z drugiego systemu. log wygląda tak:

L2MFIX find log 120905

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

“Asynchronous”=dword:00000000

“Impersonate”=dword:00000000

“DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

“Logoff”=“ChainWlxLogoffEvent”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

“Asynchronous”=dword:00000000

“Impersonate”=dword:00000000

“DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Logoff”=“CryptnetWlxLogoffEvent”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

“DLLName”=“cscdll.dll”

“Logon”=“WinlogonLogonEvent”

“Logoff”=“WinlogonLogoffEvent”

“ScreenSaver”=“WinlogonScreenSaverEvent”

“Startup”=“WinlogonStartupEvent”

“Shutdown”=“WinlogonShutdownEvent”

“StartShell”=“WinlogonStartShellEvent”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

“DLLName”=“wlnotify.dll”

“Logon”=“SCardStartCertProp”

“Logoff”=“SCardStopCertProp”

“Lock”=“SCardSuspendCertProp”

“Unlock”=“SCardResumeCertProp”

“Enabled”=dword:00000001

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

“Asynchronous”=dword:00000000

“DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Impersonate”=dword:00000000

“StartShell”=“SchedStartShell”

“Logoff”=“SchedEventLogOff”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

“Logoff”=“WLEventLogoff”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000001

“DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

“DLLName”=“WlNotify.dll”

“Lock”=“SensLockEvent”

“Logon”=“SensLogonEvent”

“Logoff”=“SensLogoffEvent”

“Safe”=dword:00000001

“MaxWait”=dword:00000258

“StartScreenSaver”=“SensStartScreenSaverEvent”

“StopScreenSaver”=“SensStopScreenSaverEvent”

“Startup”=“SensStartupEvent”

“Shutdown”=“SensShutdownEvent”

“StartShell”=“SensStartShellEvent”

“PostShell”=“SensPostShellEvent”

“Disconnect”=“SensDisconnectEvent”

“Reconnect”=“SensReconnectEvent”

“Unlock”=“SensUnlockEvent”

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

“Asynchronous”=dword:00000000

“DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

“Impersonate”=dword:00000000

“Logoff”=“TSEventLogoff”

“Logon”=“TSEventLogon”

“PostShell”=“TSEventPostShell”

“Shutdown”=“TSEventShutdown”

“StartShell”=“TSEventStartShell”

“Startup”=“TSEventStartup”

“MaxWait”=dword:00000258

“Reconnect”=“TSEventReconnect”

“Disconnect”=“TSEventDisconnect”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

“DLLName”=“wlnotify.dll”

“Logon”=“RegisterTicketExpiredNotificationEvent”

“Logoff”=“UnregisterTicketExpiredNotificationEvent”

“Impersonate”=dword:00000001

“Asynchronous”=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

“DLLName”=“wzcdlg.dll”

“Logon”=“WZCEventLogon”

“Logoff”=“WZCEventLogoff”

“Impersonate”=dword:00000000

“Asynchronous”=dword:00000000

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

“{D5DD4D87-4424-A870-7255-EAD04C40204D}”=""

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

“{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego”

“{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM”

“{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS”

“{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile”

“{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w”

“{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension”

“{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej”

“{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania”

“{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania”

“{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS”

“{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci”

“{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki”

“{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy”

“{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network”

“{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM”

“{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM”

“{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w”

“{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web”

“{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI”

“{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania”

“{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka”

“{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu”

“{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts”

“{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC”

“{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek”

“{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w”

“{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension”

“{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO”

“{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign”

“{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe”

“{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe”

“{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne"

“{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne"

“{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne"

“{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne"

“{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne"

“{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension”

“{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows”

“{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link”

“{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler”

“{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension”

“{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania”

“{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start”

“{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj”

“{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna”

“{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna”

“{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…”

“{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet”

“{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail”

“{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki”

“{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne”

“{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler”

“{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler”

“{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler”

“{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler”

“{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler”

“{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor”

“{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet”

“{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania”

“{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej”

“{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2”

“{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy”

“{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft”

“{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania”

“{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w”

“{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku”

“{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web”

“{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru”

“{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres"

“{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu”

“{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft”

“{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident”

“{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU”

“{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU”

“{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny”

“{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia”

“{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu”

“{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft”

“{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft”

“{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft”

“{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki”

“{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp”

“{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki”

“{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite”

“{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika”

“{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w”

“{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band”

“{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service”

“{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer”

“{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture”

“{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut”

“{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service”

“{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia”

“{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe”

“{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe”

“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook”

“{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4”

“{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook”

“{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC”

“{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC”

“{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet”

“{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space”

“{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora”

“{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service”

“{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service”

“{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX”

“{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck”

“{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr”

“{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji”

“{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler”

“{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent”

“{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent”

“{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent”

“{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent”

“{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent”

“{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler”

“{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki”

“{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji”

“{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin”

“{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs”

“{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory”

“{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w”

“{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)”

“{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML”

“{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler”

“{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web”

“{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web”

“{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji”

“{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport”

“{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w”

“{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler”

“{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target”

“{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau”

“{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau”

“{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau”

“{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu”

“{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties”

“{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview”

“{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext”

“{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control”

“{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control”

“{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control”

“{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control”

“{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control”

“{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI”

“{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object”

“{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find”

“{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find”

“{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI”

“{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs”

“{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook”

“{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target”

“{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties”

“{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu”

“{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options”

“{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline”

“{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler”

“{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell”

“{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%"

“{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler”

“{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer"

“{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…"

“{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler”

“{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler”

“{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler”

“{0006F045-0000-0000-C000-000000000046}”=“Microsoft Outlook Custom Icon Handler”

“{57C51AF9-DEF7-11D3-A801-00C04F163490}”=“Ghost Shell Extension”

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension”

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}”=“Play on my TV helper”

“{A70C977A-BF00-412C-90B7-034C51DA2439}”=“NvCpl DesktopContext Class”

“{1CDB2949-8F65-4355-8456-263E7C208A5D}”=“Desktop Explorer”

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}”=“Desktop Explorer Menu”

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}”=“nView Desktop Context Menu”

“{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension”

“{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults”

“{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Previous Versions Property Page”

“{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Previous Versions”

“{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder”

“{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices”

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}”=“Portable Media Devices Menu”

“{BE9A7994-B602-41CB-8A32-55D93F4584AC}”=""

“{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}”=""

**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{BE9A7994-B602-41CB-8A32-55D93F4584AC}\InprocServer32]

@=“E:\WINDOWS\system32\uceg.dll”

“ThreadingModel”=“Apartment”

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\Implemented Categories{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID{0B6D20F7-9A29-4844-9B1C-E1D5BA48720A}\InprocServer32]

@=“E:\WINDOWS\system32\guard.tmp”

“ThreadingModel”=“Apartment”

**********************************************************************************

Files Found are not all bad files:

E:\WINDOWS\SYSTEM32\

arcaon~1.dll Fri 2005-12-02 9:56:24 A… 561 152 548,00 K

1 item found: 1 file, 0 directories.

Total of file sizes: 561 152 bytes 548,00 K

Locate .tmp files:

No matches found.

**********************************************************************************

Directory Listing of system files:

Wolumin w stacji E nie ma etykiety.

Numer seryjny woluminu: 1DFB-2D37

Katalog: E:\WINDOWS\System32

2004-12-12 12:24 10˙752 javamsd.dll

2004-03-06 15:01

2004-03-06 14:59 32 {5ECC0103-1D7D-48EE-A88C-EA2E3B62AB04}.dat

2004-03-06 14:58 32 {19BF4273-44AA-4525-A220-5AA99A8342AA}.dat

2004-03-06 14:57 32 {6A6FD211-E6DC-4635-8665-EEC68492D425}.dat

2004-03-06 14:55 32 {B9BFD46C-59F3-480C-8B14-8833935748FC}.dat

2004-03-06 14:55 32 {61A68C0B-C329-4306-AA9D-3DA3FBE0BFB8}.dat

2004-03-06 14:55 32 {600E3554-7296-4B90-B781-CBBD37E2F343}.dat

2004-03-06 14:53 32 {2340DCCD-0939-4155-901A-A961698FE7E0}.dat

2004-01-30 14:09

8 plik(˘w) 10˙976 bajt˘w

2 katalog(˘w) 26˙499˙678˙208 bajt˘w wolnych

teraz dobrze?


(Gutek) #15

To nic nie da nadal są pliki, musisz taką instrukcję wykonać:

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Start do z Konsoli Odzyskiwania CD XP i komendy:

CD C:\WINDOWS\system32

ATTRIB -R-S-H guard.tmp

ATTRIB -R-S-H uceg.dll

ATTRIB -R-S-H javamsd.dll

DEL guard.tmp

DEL uceg.dll

DEL javamsd.dll

EXIT

Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG. Dajesz mi nowego loga L2MFix robionego z opcji 1.