Reklamiarz

szpadlapl · 27 Październik 2006 17:49

avast wykrył u mnie reklamiarza i co 5 minut pojawiają mi się reklamy

Co robić i jak przywrucić komputer do poprzedniego stanu?

błagam o pomoc!

Bieniol · 27 Październik 2006 17:50

Wrzuć zestaw logów - HijackThis + Silent Runners

szpadlapl · 27 Październik 2006 17:51

ok zaraz wrzuce

Złączono Posta : 27.10.2006 (Pią) 19:54

Logfile of HijackThis v1.99.1 Scan saved at 19:54:15, on 2006-10-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Network Monitor\netmon.exe C:\DFNDRF~1.exe C:\PROGRA~1\COMMON~1{54286~1\Update.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\D-LINK~1\AirPlus.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Java\JRE15~1.0_0\bin\jusched.exe C:\NWNMFF~1.exe C:\KYBRDF~1.exe C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE C:\WINDOWS\system32\PPATCH~1\XPLORE~1.EXE C:\DOCUME~1\admin\MOJEDO~1\STEM32~1\explorer.exe C:\PROGRA~1\NetPanel\NetPanel.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MOZILL~1\firefox.exe C:\PROGRA~1\GADU-G~1\gg.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\admin\USTAWI~1\Temp\Rar$EX00.344\HIJACK~1.EXE C:\DOCUME~1\admin\USTAWI~1\Temp\Rar$EX00.188\HIJACK~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll R3 - URLSearchHook: (no name) - {E67E02BB-E953-B0AA-7CE0-B39EFC145F9B} - C:\WINDOWS\system32\tduuja.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system\vmm32\comcat.tcl O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\NetPanel\IEHelper.dll O2 - BHO: (no name) - {E67E02BB-E953-B0AA-7CE0-B39EFC145F9B} - C:\WINDOWS\system32\tduuja.dll O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\BearShare MediaBar\MediaBar.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files{342860A8-0708-1045-1223-040408110030}\MyToolBar.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [NetPanel] “C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel” O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [QuickTime Task] “C:\PROGRA~1\QUICKT~1\qttask.exe” -atboottime O4 - HKLM…\Run: [spik] C:\Program Files\Spik\Spik.exe -autostart O4 - HKLM…\Run: [bearShare] “C:\PROGRA~1\BEARSH~1\BEARSH~1.EXE” /pause O4 - HKLM…\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM…\Run: [winlog] winlog.exe O4 - HKLM…\Run: [ltq6a381] RUNDLL32.EXE w0b05480.dll,n 0066a37b0000000a0b05480 O4 - HKLM…\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKLM…\Run: [defender] C:\DFNDRF~1.exe O4 - HKLM…\Run: [keyboard] C:\KYBRDF~1.exe O4 - HKLM…\Run: [newname] C:\NWNMFF~1.exe O4 - HKLM…\RunServices: [winlog] winlog.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [ares] “C:\PROGRA~1\Ares\Ares.exe” -h O4 - HKCU…\Run: [VoipDiscount] “C:\PROGRA~1\VOIPDI~1.COM\VOIPDI~1\VOIPDI~1.EXE” -nosplash -minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~1\gg.exe” /tray O4 - HKCU…\Run: [Rsth] “C:\DOCUME~1\admin\MOJEDO~1\STEM32~1\explorer.exe” -vt yazb O4 - HKCU…\Run: [Jhitxw] C:\WINDOWS\system32??pPatch??xplore.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\oyeaccrc.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\b2Vt\command.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

Złączono Posta : 27.10.2006 (Pią) 19:58

nie wiem o co z tym chodzi proszę o pomoc

Bieniol · 27 Październik 2006 18:00

Użyj narzędzia -> SmitFraudFix (w trybie awaryjnym z opcji 2 )

Użyj narzędzia Look2Me-Destroyer

Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe Command Service i Network Monitor

Otwórz hijackthis --> open misc tools section --> delete a NT service --> wpisz cmdService i ok

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: (no name) - {E67E02BB-E953-B0AA-7CE0-B39EFC145F9B} - C:\WINDOWS\system32\tduuja.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system\vmm32\comcat.tcl O2 - BHO: (no name) - {E67E02BB-E953-B0AA-7CE0-B39EFC145F9B} - C:\WINDOWS\system32\tduuja.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files{342860A8-0708-1045-1223-040408110030}\MyToolBar.dll O4 - HKLM…\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM…\Run: [winlog] winlog.exe O4 - HKLM…\Run: [ltq6a381] RUNDLL32.EXE w0b05480.dll,n 0066a37b0000000a0b05480 O4 - HKLM…\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKLM…\Run: [defender] C:\DFNDRF~1.exe O4 - HKLM…\Run: [keyboard] C:\KYBRDF~1.exe O4 - HKLM…\Run: [newname] C:\NWNMFF~1.exe O4 - HKLM…\RunServices: [winlog] winlog.exe O4 - HKCU…\Run: [Rsth] “C:\DOCUME~1\admin\MOJEDO~1\STEM32~1\explorer.exe” -vt yazb O4 - HKCU…\Run: [Jhitxw] C:\WINDOWS\system32??pPatch??xplore.exe O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\oyeaccrc.dll (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\b2Vt\command.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

Po zabiegach nowy log z Hijacka + log z Silent Runners + raport ze SmitFraudFix + KONIECZNIE log z l2mfix (wybierasz opcje 1)

szpadlapl · 27 Październik 2006 18:39

Logfile of HijackThis v1.99.1 Scan saved at 20:39:20, on 2006-10-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\QUICKT~1\qttask.exe C:\PROGRA~1\COMMON~1{54286~1\Update.exe C:\PROGRA~1\D-LINK~1\AirPlus.exe C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE C:\PROGRA~1\Java\JRE15~1.0_0\bin\jusched.exe C:\PROGRA~1\GADU-G~1\gg.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\NetPanel\NetPanel.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\admin\USTAWI~1\Temp\Rar$EX00.141\HIJACK~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\NetPanel\IEHelper.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files{342860A8-0708-1045-1223-040408110030}\MyToolBar.dll (file missing) O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [NetPanel] “C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel” O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [QuickTime Task] “C:\PROGRA~1\QUICKT~1\qttask.exe” -atboottime O4 - HKLM…\Run: [spik] C:\Program Files\Spik\Spik.exe -autostart O4 - HKLM…\Run: [bearShare] “C:\PROGRA~1\BEARSH~1\BEARSH~1.EXE” /pause O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [ares] “C:\PROGRA~1\Ares\Ares.exe” -h O4 - HKCU…\Run: [VoipDiscount] “C:\PROGRA~1\VOIPDI~1.COM\VOIPDI~1\VOIPDI~1.EXE” -nosplash -minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~1\gg.exe” /tray O4 - Global Startup: D-Link AirPlus.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\b2Vt\command.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Złączono Posta : 27.10.2006 (Pią) 20:46

12mfix L2MFIX find log 032106 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] “DLLName”=“Ati2evxx.dll” “Asynchronous”=dword:00000000 “Impersonate”=dword:00000001 “Lock”=“AtiLockEvent” “Logoff”=“AtiLogoffEvent” “Logon”=“AtiLogonEvent” “Disconnect”=“AtiDisConnectEvent” “Reconnect”=“AtiReConnectEvent” “Safe”=dword:00000000 “Shutdown”=“AtiShutdownEvent” “StartScreenSaver”=“AtiStartScreenSaverEvent” “StartShell”=“AtiStartShellEvent” “Startup”=“AtiStartupEvent” “StopScreenSaver”=“AtiStopScreenSaverEvent” “Unlock”=“AtiUnLockEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “{A942D052-E279-CE60-38C0-46053C8F8F08}”="" “501348E6-F1E0-FFF5-59D4-CC83ED1BC2CA”="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Strona waciwoci Poprzednie wersje” “{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Poprzednie wersje” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}”=“Autoplay for SlideShow” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{21569614-B795-46b1-85F4-E737A8DC09AD}”=“Shell Search Band” “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}”=“Shell Extensions for RealOne Player” “{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices” “{cc86590a-b60a-48e6-996b-41d25ed39a1e}”=“Portable Media Devices Menu” “{B4B924A2-EBDA-11DA-95DA-00E08161165F}”=“Dodatki Spika” “{343F0174-7AF1-4A20-BA7E-4824028FACC3}”="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{343F0174-7AF1-4A20-BA7E-4824028FACC3}] @="" “IDEx”=“ADDR” [HKEY_CLASSES_ROOT\CLSID{343F0174-7AF1-4A20-BA7E-4824028FACC3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{343F0174-7AF1-4A20-BA7E-4824028FACC3}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{343F0174-7AF1-4A20-BA7E-4824028FACC3}\InprocServer32] @=“C:\WINDOWS\system32\khdhela3.dll” “ThreadingModel”=“Apartment” ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ 6to4svc.dll Wed 2006-08-16 13:59:44 A… 100 352 98,00 K atmtd.dll Fri 2006-10-27 19:03:22 A… 687 592 671,48 K bszip.dll Fri 2006-10-27 18:59:38 A… 62 464 61,00 K cmdlin~1.dll Sun 2006-10-01 7:16:08 A… 98 304 96,00 K comctl32.dll Fri 2006-08-25 17:51:16 A… 617 472 603,00 K divx.dll Mon 2006-10-02 21:04:40 A… 635 486 620,59 K divx_x~1.dll Mon 2006-10-02 21:04:42 A… 806 912 788,00 K divx_x~2.dll Mon 2006-10-02 21:04:42 A… 806 912 788,00 K divx_x~3.dll Mon 2006-10-02 21:04:42 A… 790 528 772,00 K dpl100.dll Fri 2006-08-11 1:04:00 A… 73 728 72,00 K dtu100.dll Fri 2006-08-11 1:03:58 A… 196 608 192,00 K fltlib.dll Mon 2006-08-21 14:28:22 A… 16 896 16,50 K h@tkey~1.dll Fri 2006-10-13 13:22:14 A… 20 480 20,00 K ltq6a381.dll Fri 2006-10-27 19:05:48 A… 61 952 60,50 K lv4m09~1.dll Fri 2006-10-27 19:00:48 …S.R 234 468 228,97 K m4nq0e~1.dll Fri 2006-10-27 19:05:36 …S.R 235 136 229,63 K mlcorier.dll Fri 2006-10-27 19:18:12 …S.R 234 272 228,78 K msxml3.dll Wed 2006-09-13 7:07:12 A… 1 084 416 1,03 M pncrt.dll Sun 2006-09-17 8:36:08 A… 278 528 272,00 K pndx5016.dll Sun 2006-09-17 8:36:08 A… 6 656 6,50 K pndx5032.dll Sun 2006-09-17 8:36:08 A… 5 632 5,50 K rmoc3260.dll Sun 2006-09-17 8:36:14 A… 181 736 177,48 K shdocvw.dll Mon 2006-09-04 8:13:26 A… 1 494 016 1,42 M w0b05480.dll Fri 2006-10-27 19:01:16 A… 29 696 29,00 K 24 items found: 24 files (3 H/S), 0 directories. Total of file sizes: 8 760 242 bytes 8,35 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Fri 2006-10-27 19:18:18 A… 234 870 229,36 K 1 item found: 1 file, 0 directories. Total of file sizes: 234 870 bytes 229,36 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 5428-60A8 Katalog: C:\WINDOWS\System32 2006-10-27 20:46 2006-10-27 20:46 2006-10-27 19:18 234˙272 mlcorier.dll 2006-10-27 19:05 235˙136 m4nq0e55eh.dll 2006-10-27 19:00 234˙468 lv4m09h1e.dll 2006-10-26 03:00 2006-09-04 14:59 2004-08-04 00:44 175˙104 winlog.exe 4 plik(˘w) 878˙980 bajt˘w 4 katalog(˘w) 381˙804˙544 bajt˘w wolnych

Bieniol · 27 Październik 2006 18:46

Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe Command Service

Otwórz hijackthis --> open misc tools section --> delete a NT service --> wpisz cmdService i ok

Usuwasz ręcznie z dysku foldery:

C:\Program Files\ Deskbar

C:\WINDOWS\ b2Vt

Odpalasz Hijacka --> do a system scan only i zaznaczasz wpisy:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files{342860A8-0708-1045-1223-040408110030}\MyToolBar.dll (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\b2Vt\command.exe (file missing)

I klikasz na dole Fix Checked

Ten wpis z kreseczką “_” usuniesz edytorem rejestru Registrar Lite

Uruchom edytor w pole Address wklej ścieżke

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks i kliknij Go poczym zostaniesz przeniesiony do tego klucza. Po prawej stronie będzie widoczny wpis _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} wszystkie inne wpisy z taką samą kreseczką także kasujesz i z prawokliku kasujesz wpisy.

Po tych zabiegach wklejasz wszystkie logi o której prosiłem w poprzednim poście

szpadlapl · 27 Październik 2006 18:47

zaraz to wykonam

Bieniol · 27 Październik 2006 18:50

Masz jeszcze syf :!:

Zrob to co napisałem wyżej… i po tych zabiegach daj pełen zestaw logów (nie wklejaj ich na raty)

szpadlapl · 27 Październik 2006 18:52

Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe Command Service tam jest tylko opcja uruchom

C:\WINDOWS\b2Vt i jeszcze nie mogę znaleśc tego folderu mogę do niego wejść wpisując na górze C:\WINDOWS\b2Vt a w folderze windows go nie widzę

adam9870 · 27 Październik 2006 18:56

Czyli jest zatrzymana.

ALbo zrób to nieco prościej: start => uruchom => cmd => wpisz:

(co prawda prawdopodobnie jest zatrzymana więc pierwszą komendę można ominąć ale na wszelki wypadek nie zaszkodzi wydać)

szpadlapl · 27 Październik 2006 19:00

aha i jeszcze jedno jak uruchamiam hijackthis to mam go uruchomić w trybie awaryjnym czy normalnie z windowsa zeby skasowac rejestr bo wtedy uruchamiałem w systemie awaryjnym

adam9870 · 27 Październik 2006 19:03

Zatrzymanie i usunięcie usługi oraz użycie Registrar Lite - możesz pod normalnym.

Natomiast reszta - w awaryjnym.

szpadlapl · 27 Październik 2006 19:41

Logfile of HijackThis v1.99.1 Scan saved at 21:38:06, on 2006-10-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE C:\PROGRA~1\D-LINK~1\AirPlus.exe C:\PROGRA~1\COMMON~1{54286~1\Update.exe C:\PROGRA~1\Java\JRE15~1.0_0\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\NetPanel\NetPanel.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\admin\USTAWI~1\Temp\Rar$EX00.922\HIJACK~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\NetPanel\IEHelper.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files{342860A8-0708-1045-1223-040408110030}\MyToolBar.dll (file missing) O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [NetPanel] “C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel” O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [QuickTime Task] “C:\PROGRA~1\QUICKT~1\qttask.exe” -atboottime O4 - HKLM…\Run: [spik] C:\Program Files\Spik\Spik.exe -autostart O4 - HKLM…\Run: [bearShare] “C:\PROGRA~1\BEARSH~1\BEARSH~1.EXE” /pause O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [ares] “C:\PROGRA~1\Ares\Ares.exe” -h O4 - HKCU…\Run: [VoipDiscount] “C:\PROGRA~1\VOIPDI~1.COM\VOIPDI~1\VOIPDI~1.EXE” -nosplash -minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~1\gg.exe” /tray O4 - Global Startup: D-Link AirPlus.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\b2Vt\command.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe L2MFIX find log 032106 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] “DLLName”=“Ati2evxx.dll” “Asynchronous”=dword:00000000 “Impersonate”=dword:00000001 “Lock”=“AtiLockEvent” “Logoff”=“AtiLogoffEvent” “Logon”=“AtiLogonEvent” “Disconnect”=“AtiDisConnectEvent” “Reconnect”=“AtiReConnectEvent” “Safe”=dword:00000000 “Shutdown”=“AtiShutdownEvent” “StartScreenSaver”=“AtiStartScreenSaverEvent” “StartShell”=“AtiStartShellEvent” “Startup”=“AtiStartupEvent” “StopScreenSaver”=“AtiStopScreenSaverEvent” “Unlock”=“AtiUnLockEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “{A942D052-E279-CE60-38C0-46053C8F8F08}”="" “CF22A1A6-DB3A-FA32-CF3D-CDB7EA29889B”="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Strona waciwoci Poprzednie wersje” “{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Poprzednie wersje” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}”=“Autoplay for SlideShow” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{21569614-B795-46b1-85F4-E737A8DC09AD}”=“Shell Search Band” “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}”=“Shell Extensions for RealOne Player” “{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices” “{cc86590a-b60a-48e6-996b-41d25ed39a1e}”=“Portable Media Devices Menu” “{B4B924A2-EBDA-11DA-95DA-00E08161165F}”=“Dodatki Spika” “{343F0174-7AF1-4A20-BA7E-4824028FACC3}”="" “{CCA60260-A2C9-11D2-BA62-0020188191B2}”=“Registrar Registry Manager SHell Extension” ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{343F0174-7AF1-4A20-BA7E-4824028FACC3}] @="" “IDEx”=“ADDR” [HKEY_CLASSES_ROOT\CLSID{343F0174-7AF1-4A20-BA7E-4824028FACC3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{343F0174-7AF1-4A20-BA7E-4824028FACC3}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{343F0174-7AF1-4A20-BA7E-4824028FACC3}\InprocServer32] @=“C:\WINDOWS\system32\khdhela3.dll” “ThreadingModel”=“Apartment” ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ 6to4svc.dll Wed 2006-08-16 13:59:44 A… 100 352 98,00 K atmtd.dll Fri 2006-10-27 19:03:22 A… 687 592 671,48 K bszip.dll Fri 2006-10-27 18:59:38 A… 62 464 61,00 K cmdlin~1.dll Sun 2006-10-01 7:16:08 A… 98 304 96,00 K comctl32.dll Fri 2006-08-25 17:51:16 A… 617 472 603,00 K divx.dll Mon 2006-10-02 21:04:40 A… 635 486 620,59 K divx_x~1.dll Mon 2006-10-02 21:04:42 A… 806 912 788,00 K divx_x~2.dll Mon 2006-10-02 21:04:42 A… 806 912 788,00 K divx_x~3.dll Mon 2006-10-02 21:04:42 A… 790 528 772,00 K dpl100.dll Fri 2006-08-11 1:04:00 A… 73 728 72,00 K dtu100.dll Fri 2006-08-11 1:03:58 A… 196 608 192,00 K fltlib.dll Mon 2006-08-21 14:28:22 A… 16 896 16,50 K h@tkey~1.dll Fri 2006-10-13 13:22:14 A… 20 480 20,00 K ltq6a381.dll Fri 2006-10-27 19:05:48 A… 61 952 60,50 K lv4m09~1.dll Fri 2006-10-27 19:00:48 …S.R 234 468 228,97 K m4nq0e~1.dll Fri 2006-10-27 19:05:36 …S.R 235 136 229,63 K mlcorier.dll Fri 2006-10-27 19:18:12 …S.R 234 272 228,78 K msxml3.dll Wed 2006-09-13 7:07:12 A… 1 084 416 1,03 M pncrt.dll Sun 2006-09-17 8:36:08 A… 278 528 272,00 K pndx5016.dll Sun 2006-09-17 8:36:08 A… 6 656 6,50 K pndx5032.dll Sun 2006-09-17 8:36:08 A… 5 632 5,50 K rmoc3260.dll Sun 2006-09-17 8:36:14 A… 181 736 177,48 K shdocvw.dll Mon 2006-09-04 8:13:26 A… 1 494 016 1,42 M w0b05480.dll Fri 2006-10-27 19:01:16 A… 29 696 29,00 K 24 items found: 24 files (3 H/S), 0 directories. Total of file sizes: 8 760 242 bytes 8,35 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Fri 2006-10-27 19:18:18 A… 234 870 229,36 K 1 item found: 1 file, 0 directories. Total of file sizes: 234 870 bytes 229,36 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 5428-60A8 Katalog: C:\WINDOWS\System32 2006-10-27 21:39 2006-10-27 21:39 2006-10-27 19:18 234˙272 mlcorier.dll 2006-10-27 19:05 235˙136 m4nq0e55eh.dll 2006-10-27 19:00 234˙468 lv4m09h1e.dll 2006-10-26 03:00 2006-09-04 14:59 2004-08-04 00:44 175˙104 winlog.exe 4 plik(˘w) 878˙980 bajt˘w 4 katalog(˘w) 365˙641˙728 bajt˘w wolnych HAXFIX logfile - by Marckie ______________ version 4.28 2006-10-27 21:39:20,34 checking for haxdoor -------------------- checking for a3d files… a3d files not found checking for matching notify keys… no matching notify keys found checking for matching services… no matching services found checking for matching safeboot services… no matching safeboot services found checking for other haxdoorfiles… Checking for goldun ------------------- checking for SSODL keys… no ssodl keys found checking for notify keys… no notify keys found checking for services… no services found checking for other goldunfiles… Finished “Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ “{542860A8-0708-1045-1223-040408110030}” = ““C:\Program Files\Common Files{542860A8-0708-1045-1223-040408110030}\Update.exe” mc-110-12-0000137” [null data] HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “ares” = ““C:\PROGRA~1\Ares\Ares.exe” -h” [“Ares Development Group”] “VoipDiscount” = ““C:\PROGRA~1\VOIPDI~1.COM\VOIPDI~1\VOIPDI~1.EXE” -nosplash -minimized” [file not found] “Gadu-Gadu” = ““C:\PROGRA~1\GADU-G~1\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “Google Desktop Search” = ““C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup” [null data] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “NetPanel” = ““C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel”” [null data] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [null data] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [file not found] “QuickTime Task” = ““C:\PROGRA~1\QUICKT~1\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “Spik” = “C:\Program Files\Spik\Spik.exe -autostart” [null data] “BearShare” = ““C:\PROGRA~1\BEARSH~1\BEARSH~1.EXE” /pause” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {CE7C3CF0-4B15-11D1-ABED-709549C10000}(Default) = (no title provided) -> {HKLM…CLSID} = “IEHlprObj Class” \InProcServer32(Default) = “C:\PROGRA~1\NetPanel\IEHelper.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

Złączono Posta : 27.10.2006 (Pią) 21:48

reklamy już się nie wyświetlaja ale jak jeszcze sa jakieś syfy to piszcie jakie i jak je zlikwidować

Bieniol · 27 Październik 2006 19:55

Otwórz notatnik i wklej w nim to:

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG

Otwórz notatnik i wklej w nim to:

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.BAT

W trybie awaryjnym odpal pliki FIX.BAT i FIX.REG i restart kompa

Odpalasz Hijacka --> do a system scan only i zaznaczasz wpisy:

I klikasz na dole Fix Checked

Po zabiegach raz jeszcze wszystkie logi

szpadlapl · 27 Październik 2006 20:11

Logfile of HijackThis v1.99.1 Scan saved at 22:12:18, on 2006-10-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Ares\Ares.exe C:\PROGRA~1\Java\JRE15~1.0_0\bin\jusched.exe C:\PROGRA~1\D-LINK~1\AirPlus.exe C:\PROGRA~1\NetPanel\NetPanel.exe C:\PROGRA~1\MOZILL~1\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\admin\USTAWI~1\Temp\Rar$EX00.422\HIJACK~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\NetPanel\IEHelper.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files{342860A8-0708-1045-1223-040408110030}\MyToolBar.dll (file missing) O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [NetPanel] “C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel” O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [QuickTime Task] “C:\PROGRA~1\QUICKT~1\qttask.exe” -atboottime O4 - HKLM…\Run: [spik] C:\Program Files\Spik\Spik.exe -autostart O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [ares] “C:\PROGRA~1\Ares\Ares.exe” -h O4 - HKCU…\Run: [VoipDiscount] “C:\PROGRA~1\VOIPDI~1.COM\VOIPDI~1\VOIPDI~1.EXE” -nosplash -minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~1\gg.exe” /tray O4 - Global Startup: D-Link AirPlus.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

jak narazie tylko ten log zmęczony już tym jestem jótro się tym zajmę dzięki za pomoc (nie wiem czy to zrobiłem dobrze)

adam9870 · 27 Październik 2006 20:15

Na obecną chwilę, na podstawie ostatniego loga z hjt do usunięcia poniższy wpis:

więc jest już o wiele, wiele lepiej.

Hm, jak już będziesz mógł to wklej nowe logi z l2mfix, silenta i ewentualnie z hjt.

szpadlapl · 27 Październik 2006 21:03

Logfile of HijackThis v1.99.1 Scan saved at 23:02:55, on 2006-10-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Java\JRE15~1.0_0\bin\jusched.exe C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\D-LINK~1\AirPlus.exe C:\PROGRA~1\NetPanel\NetPanel.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\admin\USTAWI~1\Temp\Rar$EX00.125\HIJACK~1.EXE C:\PROGRA~1\MOZILL~1\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\NetPanel\IEHelper.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files{342860A8-0708-1045-1223-040408110030}\MyToolBar.dll (file missing) O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [NetPanel] “C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel” O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [QuickTime Task] “C:\PROGRA~1\QUICKT~1\qttask.exe” -atboottime O4 - HKLM…\Run: [spik] C:\Program Files\Spik\Spik.exe -autostart O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [ares] “C:\PROGRA~1\Ares\Ares.exe” -h O4 - HKCU…\Run: [VoipDiscount] “C:\PROGRA~1\VOIPDI~1.COM\VOIPDI~1\VOIPDI~1.EXE” -nosplash -minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~1\gg.exe” /tray O4 - Global Startup: D-Link AirPlus.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe L2MFIX find log 032106 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] “DLLName”=“Ati2evxx.dll” “Asynchronous”=dword:00000000 “Impersonate”=dword:00000001 “Lock”=“AtiLockEvent” “Logoff”=“AtiLogoffEvent” “Logon”=“AtiLogonEvent” “Disconnect”=“AtiDisConnectEvent” “Reconnect”=“AtiReConnectEvent” “Safe”=dword:00000000 “Shutdown”=“AtiShutdownEvent” “StartScreenSaver”=“AtiStartScreenSaverEvent” “StartShell”=“AtiStartShellEvent” “Startup”=“AtiStartupEvent” “StopScreenSaver”=“AtiStopScreenSaverEvent” “Unlock”=“AtiUnLockEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “A6CFE353-729F-D7E9-C8E6-A101D9D38E3A”="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta wˆa˜ciwo˜ci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona wˆa˜ciwo˜ci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powˆoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wy˜wietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wy˜wietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usˆugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodno˜ci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsˆugi danych wycinkowych powˆoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powˆoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powˆoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powˆoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoˆĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoˆĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsˆuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsˆuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Strona wˆa˜ciwo˜ci Poprzednie wersje” “{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Poprzednie wersje” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powˆoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powˆoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupeˆnianie Microsoft” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeˆniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeˆniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ˜ledzenia” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeˆniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeˆniania folderu powˆoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeˆniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powˆoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powˆoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powˆoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}”=“Autoplay for SlideShow” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powˆoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usˆugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanaˆu” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanaˆu” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsˆugi kanaˆu” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{21569614-B795-46b1-85F4-E737A8DC09AD}”=“Shell Search Band” “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}”=“Shell Extensions for RealOne Player” “{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices” “{cc86590a-b60a-48e6-996b-41d25ed39a1e}”=“Portable Media Devices Menu” “{B4B924A2-EBDA-11DA-95DA-00E08161165F}”=“Dodatki Spika” “{CCA60260-A2C9-11D2-BA62-0020188191B2}”=“Registrar Registry Manager SHell Extension” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ 6to4svc.dll Wed 2006-08-16 13:59:44 A… 100 352 98,00 K cmdlin~1.dll Sun 2006-10-01 7:16:08 A… 98 304 96,00 K comctl32.dll Fri 2006-08-25 17:51:16 A… 617 472 603,00 K divx.dll Mon 2006-10-02 21:04:40 A… 635 486 620,59 K divx_x~1.dll Mon 2006-10-02 21:04:42 A… 806 912 788,00 K divx_x~2.dll Mon 2006-10-02 21:04:42 A… 806 912 788,00 K divx_x~3.dll Mon 2006-10-02 21:04:42 A… 790 528 772,00 K dpl100.dll Fri 2006-08-11 1:04:00 A… 73 728 72,00 K dtu100.dll Fri 2006-08-11 1:03:58 A… 196 608 192,00 K fltlib.dll Mon 2006-08-21 14:28:22 A… 16 896 16,50 K h@tkey~1.dll Fri 2006-10-13 13:22:14 A… 20 480 20,00 K lv4m09~1.dll Fri 2006-10-27 19:00:48 …S.R 234 468 228,97 K m4nq0e~1.dll Fri 2006-10-27 19:05:36 …S.R 235 136 229,63 K mlcorier.dll Fri 2006-10-27 19:18:12 …S.R 234 272 228,78 K msxml3.dll Wed 2006-09-13 7:07:12 A… 1 084 416 1,03 M pncrt.dll Sun 2006-09-17 8:36:08 A… 278 528 272,00 K pndx5016.dll Sun 2006-09-17 8:36:08 A… 6 656 6,50 K pndx5032.dll Sun 2006-09-17 8:36:08 A… 5 632 5,50 K rmoc3260.dll Sun 2006-09-17 8:36:14 A… 181 736 177,48 K shdocvw.dll Mon 2006-09-04 8:13:26 A… 1 494 016 1,42 M 20 items found: 20 files (3 H/S), 0 directories. Total of file sizes: 7 918 538 bytes 7,55 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 5428-60A8 Katalog: C:\WINDOWS\System32 2006-10-27 22:03 2006-10-27 22:03 2006-10-27 19:18 234˙272 mlcorier.dll “Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “ares” = ““C:\PROGRA~1\Ares\Ares.exe” -h” [“Ares Development Group”] “VoipDiscount” = ““C:\PROGRA~1\VOIPDI~1.COM\VOIPDI~1\VOIPDI~1.EXE” -nosplash -minimized” [file not found] “Gadu-Gadu” = ““C:\PROGRA~1\GADU-G~1\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “Google Desktop Search” = ““C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup” [null data] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “NetPanel” = ““C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel”” [null data] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [null data] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [file not found] “QuickTime Task” = ““C:\PROGRA~1\QUICKT~1\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “Spik” = “C:\Program Files\Spik\Spik.exe -autostart” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {CE7C3CF0-4B15-11D1-ABED-709549C10000}(Default) = (no title provided) -> {HKLM…CLSID} = “IEHlprObj Class” \InProcServer32(Default) = “C:\PROGRA~1\NetPanel\IEHelper.dll” [null data] HAXFIX logfile - by Marckie ______________ version 4.28 2006-10-27 23:05:14,62 checking for haxdoor -------------------- checking for a3d files… a3d files not found checking for matching notify keys… no matching notify keys found checking for matching services… no matching services found checking for matching safeboot services… no matching safeboot services found checking for other haxdoorfiles… Checking for goldun ------------------- checking for SSODL keys… no ssodl keys found checking for notify keys… no notify keys found checking for services… no services found checking for other goldunfiles… Finished 2006-10-27 19:05 235˙136 m4nq0e55eh.dll 2006-10-27 19:00 234˙468 lv4m09h1e.dll 2006-10-26 03:00 2006-09-04 14:59 2004-08-04 00:44 175˙104 winlog.exe 4 plik(˘w) 878˙980 bajt˘w 4 katalog(˘w) 358˙891˙520 bajt˘w wolnych Złączono Posta: 27.10.2006 (Pią) 23:04 2006-10-27 19:05 235˙136 m4nq0e55eh.dll 2006-10-27 19:00 234˙468 lv4m09h1e.dll 2006-10-26 03:00 2006-09-04 14:59 2004-08-04 00:44 175˙104 winlog.exe 4 plik(˘w) 878˙980 bajt˘w 4 katalog(˘w) 358˙891˙520 bajt˘w wolnych

Bieniol · 27 Październik 2006 21:12

Uruchamiasz narzędzie KillBox, zaznaczasz Delete on reboot i All Files , w polu full path of file wklej ścieżkę:

C:\WINDOWS\SYSTEM32\lv4m09h1e.dll

C:\WINDOWS\SYSTEM32\m4nq0e55eh.dll

C:\WINDOWS\SYSTEM32mlcorier.dll

C:\WINDOWS\SYSTEM32\winlog.exe

Klikasz X i restart kompa

Otwórz notatnik i wklej w nim to:

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa

Po zabiegach jeszcze raz logi (w przypadku Silenta cierpliwie czekaj na komunikat, że log skończony bo jest urwany)

szpadlapl · 28 Październik 2006 05:27

Logfile of HijackThis v1.99.1 Scan saved at 07:25:06, on 2006-10-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE C:\PROGRA~1\Ares\Ares.exe C:\PROGRA~1\GADU-G~1\gg.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\D-LINK~1\AirPlus.exe C:\PROGRA~1\Java\JRE15~1.0_0\bin\jusched.exe C:\PROGRA~1\NetPanel\NetPanel.exe C:\PROGRA~1\MOZILL~1\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\admin\USTAWI~1\Temp\Rar$EX00.719\HIJACK~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\NetPanel\IEHelper.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files{342860A8-0708-1045-1223-040408110030}\MyToolBar.dll (file missing) O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [NetPanel] “C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel” O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [QuickTime Task] “C:\PROGRA~1\QUICKT~1\qttask.exe” -atboottime O4 - HKLM…\Run: [spik] C:\Program Files\Spik\Spik.exe -autostart O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [ares] “C:\PROGRA~1\Ares\Ares.exe” -h O4 - HKCU…\Run: [VoipDiscount] “C:\PROGRA~1\VOIPDI~1.COM\VOIPDI~1\VOIPDI~1.EXE” -nosplash -minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~1\gg.exe” /tray O4 - Global Startup: D-Link AirPlus.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe L2MFIX find log 032106 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] “DLLName”=“Ati2evxx.dll” “Asynchronous”=dword:00000000 “Impersonate”=dword:00000001 “Lock”=“AtiLockEvent” “Logoff”=“AtiLogoffEvent” “Logon”=“AtiLogonEvent” “Disconnect”=“AtiDisConnectEvent” “Reconnect”=“AtiReConnectEvent” “Safe”=dword:00000000 “Shutdown”=“AtiShutdownEvent” “StartScreenSaver”=“AtiStartScreenSaverEvent” “StartShell”=“AtiStartShellEvent” “Startup”=“AtiStartupEvent” “StopScreenSaver”=“AtiStopScreenSaverEvent” “Unlock”=“AtiUnLockEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “803D1723-4EE5-2518-EE02-24988996506F”="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Strona waciwoci Poprzednie wersje” “{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Poprzednie wersje” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}”=“Autoplay for SlideShow” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{21569614-B795-46b1-85F4-E737A8DC09AD}”=“Shell Search Band” “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}”=“Shell Extensions for RealOne Player” “{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices” “{cc86590a-b60a-48e6-996b-41d25ed39a1e}”=“Portable Media Devices Menu” “{B4B924A2-EBDA-11DA-95DA-00E08161165F}”=“Dodatki Spika” “{CCA60260-A2C9-11D2-BA62-0020188191B2}”=“Registrar Registry Manager SHell Extension” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ 6to4svc.dll Wed 2006-08-16 13:59:44 A… 100 352 98,00 K cmdlin~1.dll Sun 2006-10-01 7:16:08 A… 98 304 96,00 K comctl32.dll Fri 2006-08-25 17:51:16 A… 617 472 603,00 K divx.dll Mon 2006-10-02 21:04:40 A… 635 486 620,59 K divx_x~1.dll Mon 2006-10-02 21:04:42 A… 806 912 788,00 K divx_x~2.dll Mon 2006-10-02 21:04:42 A… 806 912 788,00 K divx_x~3.dll Mon 2006-10-02 21:04:42 A… 790 528 772,00 K dpl100.dll Fri 2006-08-11 1:04:00 A… 73 728 72,00 K dtu100.dll Fri 2006-08-11 1:03:58 A… 196 608 192,00 K fltlib.dll Mon 2006-08-21 14:28:22 A… 16 896 16,50 K h@tkey~1.dll Fri 2006-10-13 13:22:14 A… 20 480 20,00 K mlcorier.dll Fri 2006-10-27 19:18:12 …S.R 234 272 228,78 K msxml3.dll Wed 2006-09-13 7:07:12 A… 1 084 416 1,03 M pncrt.dll Sun 2006-09-17 8:36:08 A… 278 528 272,00 K pndx5016.dll Sun 2006-09-17 8:36:08 A… 6 656 6,50 K pndx5032.dll Sun 2006-09-17 8:36:08 A… 5 632 5,50 K rmoc3260.dll Sun 2006-09-17 8:36:14 A… 181 736 177,48 K shdocvw.dll Mon 2006-09-04 8:13:26 A… 1 494 016 1,42 M 18 items found: 18 files (1 H/S), 0 directories. Total of file sizes: 7 448 934 bytes 7,10 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 5428-60A8 Katalog: C:\WINDOWS\System32 2006-10-28 07:17 2006-10-28 07:17 2006-10-27 19:18 234˙272 mlcorier.dll 2006-10-26 03:00 2006-09-04 14:59 1 plik(˘w) 234˙272 bajt˘w 4 katalog(˘w) 363˙597˙824 bajt˘w wolnych “Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “ares” = ““C:\PROGRA~1\Ares\Ares.exe” -h” [“Ares Development Group”] “VoipDiscount” = ““C:\PROGRA~1\VOIPDI~1.COM\VOIPDI~1\VOIPDI~1.EXE” -nosplash -minimized” [file not found] “Gadu-Gadu” = ““C:\PROGRA~1\GADU-G~1\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “Google Desktop Search” = ““C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup” [null data] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “NetPanel” = ““C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel”” [null data] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [null data] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [file not found] “QuickTime Task” = ““C:\PROGRA~1\QUICKT~1\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “Spik” = “C:\Program Files\Spik\Spik.exe -autostart” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {CE7C3CF0-4B15-11D1-ABED-709549C10000}(Default) = (no title provided) -> {HKLM…CLSID} = “IEHlprObj Class” \InProcServer32(Default) = “C:\PROGRA~1\NetPanel\IEHelper.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “ares” = ““C:\PROGRA~1\Ares\Ares.exe” -h” [“Ares Development Group”] “VoipDiscount” = ““C:\PROGRA~1\VOIPDI~1.COM\VOIPDI~1\VOIPDI~1.EXE” -nosplash -minimized” [file not found] “Gadu-Gadu” = ““C:\PROGRA~1\GADU-G~1\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “Google Desktop Search” = ““C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup” [null data] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “NetPanel” = ““C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel”” [null data] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [null data] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [file not found] “QuickTime Task” = ““C:\PROGRA~1\QUICKT~1\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “Spik” = “C:\Program Files\Spik\Spik.exe -autostart” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {CE7C3CF0-4B15-11D1-ABED-709549C10000}(Default) = (no title provided) -> {HKLM…CLSID} = “IEHlprObj Class” \InProcServer32(Default) = “C:\PROGRA~1\NetPanel\IEHelper.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{32714800-2E5F-11d0-8B85-00AA0044F941}” = “&Do osób…” -> {HKLM…CLSID} = “&Do osób…” \InProcServer32(Default) = “C:\Program Files\Outlook Express\wabfind.dll” [file not found] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” = “Dodatki Spika” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\Spik\shellext_wpmsg.dll” [“Wirtualna Polska”] “{CCA60260-A2C9-11D2-BA62-0020188191B2}” = “Registrar Registry Manager SHell Extension” -> {HKLM…CLSID} = “Registrar Registry Manager SHell Extension” \InProcServer32(Default) = “rrShellX.dll” [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL” [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Spik(Default) = “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\Spik\shellext_wpmsg.dll” [“Wirtualna Polska”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Spik(Default) = “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\Spik\shellext_wpmsg.dll” [“Wirtualna Polska”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Default executables: -------------------- <> HKLM\Software\Classes\exefile\shell\open\command(Default) = “C:\WINDOWS\system\vmm32\comcat.tcl “%1” %*” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Active Desktop web content (hidden if disabled): HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ “FriendlyName” = “” “Source” = “C:\Program Files\Windows Media Player\pojox.html” “SubscribedURL” = “” HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\ “FriendlyName” = “” “Source” = “C:\Program Files\MSN Gaming Zone\megevul.html” “SubscribedURL” = “” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\SPIDER~1.SCR” (Spider-Man 3 Screensaver.scr) [“ScreenTime Media”] Startup items in “admin” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “D-Link AirPlus” -> shortcut to: “C:\Program Files\D-Link AirPlus\AirPlus.exe” [“D-Link”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{B7D3E479-CC68-42B5-A338-938ECE35F419}” -> {HKLM…CLSID} = “BearShare MediaBar” \InProcServer32(Default) = “C:\Program Files\BearShare MediaBar\MediaBar.dll” [file not found] “{C004DEC2-2623-438E-9CA2-C9043AB28508}” -> {HKLM…CLSID} = “ToolBar888” \InProcServer32(Default) = “C:\Program Files\Common Files{342860A8-0708-1045-1223-040408110030}\MyToolBar.dll” [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{C004DEC2-2623-438E-9CA2-C9043AB28508}” = (no title provided) -> {HKLM…CLSID} = “ToolBar888” \InProcServer32(Default) = “C:\Program Files\Common Files{342860A8-0708-1045-1223-040408110030}\MyToolBar.dll” [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 26 seconds, including 4 seconds for message boxes)

zrobiłem tak jak mówiłeś reklam już nie ma zadnych ale przy odpalaniu systemu wyskakuje jakiś i pisze Generic Host Process for win32 Services i jest wyślij raport o błędach i nie wysyłaj

Złączono Posta : 28.10.2006 (Sob) 8:30

i czasami mam takie dziwne pykanie tiri tiri tiri tiri i mi i mi np. gra wychodiz do windowsa

Bieniol · 28 Październik 2006 07:34

Otwórz notatnik i wklej w nim to:

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG

Uruchamiasz narzędzie KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\WINDOWS\SYSTEM32\mlcorier.dll

Klikasz X i restart kompa

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa

I jeszcze raz nowe logi

Poczytaj -> http://forum.dobreprogramy.pl/viewtopic … ht=generic