Wirusy, trojany i wyskakujące reklamy

Lava · 29 Sierpień 2006 16:35

Zeskanowałam kompa i okazało się zę ma wiele trojanów i tym programem kasowałam je (ArcaMicroScan) ale cały czas pokazują się różne komunikaty i nie wiem czy nie pokasowałam czegoś niepotrzebnie. Komputer długo się otwiera .

ogfile of HijackThis v1.99.1 Scan saved at 19:08:30, on 2006-08-29 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\System32\svchost.exe C:\WINNT\lsass.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\WINNT\Explorer.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://poczta.o2.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=Explorer.exe 34655_netapi.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,34655_netapi.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon O4 - HKCU…\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU…\Run: [ccleaner] “C:\Program Files\CCleaner\ccleaner.exe” /AUTO O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [ntdll.dll] ctfmon.exe O4 - HKCU…\RunServices: [Ms Java for Windows NT] 34655_netapi.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O4 - Global Startup: Skrót do TASKMGR.EXE.lnk = C:\WINNT\system32\TASKMGR.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= … lcid=0x409 O17 - HKLM\System\CCS\Services\Tcpip…{08913F49-A008-4C4C-AB71-34DA4F74D266}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{08913F49-A008-4C4C-AB71-34DA4F74D266}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O20 - Winlogon Notify: Telephony - C:\WINNT\system32\l48mlel11hq.dll O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINNT\system32\msc.cpl O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - C:\WINNT\system32\msp.cpl O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\QkM\command.exe (file missing) O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - (no file) O23 - Service: Remote Procedure Call (RPC) Remote (RpcRemote) - Unknown owner - C:\WINNT\system32\remote.exe (file missing) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINNT\lsass.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Sygate Technologies, Inc. - (no file)

Gutek · 29 Sierpień 2006 16:54

Na poczatek użyj Look2Me-Destroyer.exe

Zastosuj się do tego Tematu inaczej KOSZ

Pozdrawiam Gutek2222

F2 - REG:system.ini: Shell=Explorer.exe 34655_netapi.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,34655_netapi.exe O4 - HKCU…\RunServices: [Ms Java for Windows NT] 34655_netapi.exe O20 - Winlogon Notify: Telephony - C:\WINNT\system32\l48mlel11hq.dll O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINNT\system32\msc.cpl O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - C:\WINNT\system32\msp.cpl O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\QkM\command.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Remote (RpcRemote) - Unknown owner - C:\WINNT\system32\remote.exe (file missing) O23 - Service: (sdk) - Unknown owner - C:\WINNT\lsass.exe

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Command Service, Network Monitor, Remote Procedure Call i Microsoft sdk core , pliki i folder zaznaczone na czerowno usuń ręcznie w trybie awaryjnym

Lava · 30 Sierpień 2006 09:44

Niestey look2me nie działa.

Pojawia się komunikat

Bieniol · 30 Sierpień 2006 09:53

Postępujesz zgodnie z tą instrukcją --> http://forum.dobreprogramy.pl/viewtopic.php?t=36654 :?:

Jeżeli nie uda Ci sie go uruchomić, usuń wszystko co kazał Gutek2222 , następnie ściągnij narzędzie l2mfix, użyj go najpierw z opcji 2, a późńiej wklej na forum log z opcji 1 (po wklejeniu loga nie restartuj komputera :!

Lava · 30 Sierpień 2006 11:54

Niestety mimo zastosowania się do

nie udało mi się uruchomić look2Me

z usunięciem ręcznie mam problemy bo nie mogę znaleźć tych plików.

Podaje logi

Logfile of HijackThis v1.99.1 Scan saved at 14:32:17, on 2006-08-30 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\rundll32.exe C:\WINNT\explorer.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\WINNT\system32\TASKMGR.EXE C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://poczta.o2.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe 34655_netapi.exe F2 - REG:system.ini: UserInit=c:\winnt\system32\userinit.exe,34655_netapi.exe, O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon O4 - HKCU…\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU…\Run: [ccleaner] “C:\Program Files\CCleaner\ccleaner.exe” /AUTO O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [ntdll.dll] ctfmon.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O4 - Global Startup: Skrót do TASKMGR.EXE.lnk = C:\WINNT\system32\TASKMGR.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= … lcid=0x409 O17 - HKLM\System\CCS\Services\Tcpip…{08913F49-A008-4C4C-AB71-34DA4F74D266}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{08913F49-A008-4C4C-AB71-34DA4F74D266}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{08913F49-A008-4C4C-AB71-34DA4F74D266}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\fp2s03f7e.dll O20 - Winlogon Notify: H323TSP - C:\WINNT\system32\jt0o07d3e.dll (file missing) O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O21 - SSODL: Network Connections Tray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - (no file) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Sygate Technologies, Inc. - (no file)

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation] “Asynchronous”=dword:00000000 “DllName”=“C:\WINNT\system32\j8j60i1se8.dll” “Impersonate”=dword:00000000 “Logon”=“WinLogon” “Logoff”=“WinLogoff” “Shutdown”=“WinShutdown” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] “Logoff”=“NavLogoffEvent” “DllName”=“C:\WINNT\system32\NavLogon.dll” “StartShell”=“NavStartShellEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] “DLLName”=“wzcdlg.dll” “Logon”=“WZCEventLogon” “Logoff”=“WZCEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000000 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “{194433C9-5CA1-8F23-BE15-DD80F0BFAC6D}”="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“Rozszerzenie CPL pakietu PlusPack” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenie powloki dla programu Windows Script Host” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe i telefoniczne” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{1A9BA3A0-143A-11CF-8350-444553540000}”=“Folder Ulubione powoki” “{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=“M˘j komputer” “{86747AC0-42A0-1069-A2E6-08002B30309D}”=“Folder Akt˘wka” “{0AFACED1-E828-11D1-9187-B532F1E9575D}”=“Skr˘t folderu” “{12518493-00B2-11d2-9FA5-9E3420524153}”=“Wolumin zainstalowany” “{21B22460-3AEA-1069-A2DC-08002B30309D}”=“Rozszerzenie strony waciwoci pliku” “{B091E540-83E3-11CF-A713-0020AFD79762}”=“Strona typ˘w plik˘w” “{FBF23B41-E3F0-101B-8488-00AA003E56F8}”=“Przechwytywanie plik˘w typu MIME” “{C2FBB630-2971-11d1-A18C-00C04FD75D13}”=“Usuga Microsoft CopyTo” “{C2FBB631-2971-11d1-A18C-00C04FD75D13}”=“Usuga Microsoft MoveTo” “{13709620-C279-11CE-A49E-444553540000}”=“Usuga automatyzacji powoki” “{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}”=“Widok folderu automatyzacji powoki” “{4622AD11-FF23-11d0-8D34-00A0C90F2719}”=“Menu Start” “{7BA4C740-9E81-11CF-99D3-00AA004AE837}”=“Usuga Microsoft SendTo” “{D969A300-E7FF-11d0-A93B-00A0C90F2719}”=“Usuga Microsoft New Object” “{09799AFB-AD67-11d1-ABCD-00C04FC30936}”=“Obsuga menu kontekstowego “Otw˘rz z”” “{3FC0B520-68A9-11D0-8D77-00C04FD70822}”=“Wywietlaj rozszerzenia HTML Panelu sterowania” “{75048700-EF1F-11D0-9888-006097DEACF9}”=“ActiveDesktop” “{6D5313C0-8C62-11D1-B2CD-006097DF8C11}”=“Rozszerzenie strony waciwoci Opcje folder˘w” “{57651662-CE3E-11D0-8D77-00C04FC99D61}”=“CmdFileIcon” “{4657278A-411B-11d2-839A-00C04FD918D0}”=“Pomocnik dla operacji przeciĄgania i upuszczania powoki” “{A470F8CF-A1E8-4f65-8335-227475AA5C46}”=“Dodaj opcj© szyfrowania do menu kontekstowych w Eksploratorze” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{568804CA-CBD7-11d0-9816-00C04FD91972}”=“Folder powoki menu” “{5b4dae26-b807-11d0-9815-00c04fd91972}”=“Pasek menu” “{8278F931-2A3E-11d2-838F-00C04FD918D0}”=“Menu powoki ledzenia” “{E13EF4E4-D2F2-11d0-9816-00C04FD91972}”=“Lokacja menu” “{ECD4FC4F-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu menu” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{D82BE2B0-5764-11D0-A96E-00C04FD705A2}”=“IPasek folder˘w powoki” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{0E5CBF21-D15F-11d0-8301-00AA005B4383}”="&ťĄcza" “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7487cd30-f71a-11d0-9ea7-00805f714772}”=“Obraz miniatury” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}”=“Miniatury” “{EAB841A0-9550-11CF-8C16-00805F1408F3}”=“Rozpakowywacz miniatur HTML” “{1AEB1360-5AFC-11D0-B806-00C04FD706EC}”=“Rozpakowywacz miniatur filtr˘w graficznych Office” “{9DBD2C50-62AD-11D0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{500202A0-731E-11D0-B829-00C04FD706EC}”=“Obsuga interfejsu miniatur plik˘w typu LNK” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8C-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Darwin App Publisher” “{fe1290f0-cfbd-11cf-a330-00aa00c16e65}”=“Directory Namespace” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{450D8FBA-AD25-11D0-98A8-0800361B1103}”=“MyDocs Folder” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Menu plik˘w trybu offline” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Opcje folderu plik˘w trybu offline” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{BDA77241-42F6-11d0-85E2-00AA001FE28C}”=“LDVP Shell Extensions” “{E0D79304-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79305-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79306-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79307-84BE-11CE-9641-444553540000}”=“WinZip” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{BDEADF00-C265-11D0-BCED-00A0C90AB50F}”=“Foldery w sieci Web” “{0006F045-0000-0000-C000-000000000046}”=“Microsoft Outlook Custom Icon Handler” “{42042206-2D85-11D3-8CFF-005004838597}”=“Microsoft Office HTML Icon Handler” “{D653647D-D607-4DF6-A5B8-48D2BA195F7B}”=“BitDefender Antivirus v8” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{D3796116-94D3-4009-96D7-51578411CC7D}”=“Outpost Shell Extension” “{754713E5-4A57-456E-AF4F-907573A61D62}”="" “{2CED22D7-1007-4D95-B901-86B614C32864}”="" “{3DD8A410-72B7-48A0-8A6B-F70583E4F19E}”="" “{e82a2d71-5b2f-43a0-97b8-81be15854de8}”=“ShellLink for Application References” “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}”=“Shell Icon Handler for Application References” “{7C6C134D-8C25-4EF4-8F58-D56BDBC004CC}”="" “{B53AA755-D752-45B4-948C-6275927D9800}”="" “{D292E471-1E1F-4AA0-BCCD-74D117A4A424}”="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{3DD8A410-72B7-48A0-8A6B-F70583E4F19E}] @="" [HKEY_CLASSES_ROOT\CLSID{3DD8A410-72B7-48A0-8A6B-F70583E4F19E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{3DD8A410-72B7-48A0-8A6B-F70583E4F19E}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{3DD8A410-72B7-48A0-8A6B-F70583E4F19E}\InprocServer32] @=“C:\WINNT\system32\guard.tmp” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{7C6C134D-8C25-4EF4-8F58-D56BDBC004CC}] @="" [HKEY_CLASSES_ROOT\CLSID{7C6C134D-8C25-4EF4-8F58-D56BDBC004CC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{7C6C134D-8C25-4EF4-8F58-D56BDBC004CC}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{7C6C134D-8C25-4EF4-8F58-D56BDBC004CC}\InprocServer32] @=“C:\WINNT\system32\xVctsrv.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{B53AA755-D752-45B4-948C-6275927D9800}] @="" [HKEY_CLASSES_ROOT\CLSID{B53AA755-D752-45B4-948C-6275927D9800}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{B53AA755-D752-45B4-948C-6275927D9800}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{B53AA755-D752-45B4-948C-6275927D9800}\InprocServer32] @=“C:\WINNT\system32\mgxml.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{D292E471-1E1F-4AA0-BCCD-74D117A4A424}] @="" [HKEY_CLASSES_ROOT\CLSID{D292E471-1E1F-4AA0-BCCD-74D117A4A424}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{D292E471-1E1F-4AA0-BCCD-74D117A4A424}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{D292E471-1E1F-4AA0-BCCD-74D117A4A424}\InprocServer32] @=“C:\WINNT\system32\wadmlog.dll” “ThreadingModel”=“Apartment” ********************************************************************************** Files Found are not all bad files: C:\WINNT\SYSTEM32\ auvapi32.dll Mon 2006-08-28 22:44:18 …S.R 236 606 231,06 K cmpesnpn.dll Mon 2006-08-28 10:25:16 …S.R 236 606 231,06 K dfeml.dll Tue 2006-08-29 19:59:02 …S.R 234 980 229,47 K dfsenh.dll Tue 2006-08-29 14:54:34 …S.R 233 710 228,23 K dgound.dll Mon 2006-08-28 10:32:00 …S.R 236 606 231,06 K en68l1~1.dll Mon 2006-08-28 10:31:58 …S.R 234 178 228,69 K en88l1~1.dll Mon 2006-08-28 22:54:18 …S.R 234 188 228,70 K enn8l1~1.dll Sun 2006-08-27 20:54:26 …S.R 236 506 230,96 K enp8l1~1.dll Mon 2006-08-28 10:58:24 …S.R 234 183 228,69 K g6402g~1.dll Mon 2006-08-28 10:45:22 …S.R 234 271 228,78 K gp6ol3~1.dll Mon 2006-08-28 10:25:14 …S.R 233 929 228,45 K gpp0l3~1.dll Tue 2006-08-29 12:28:10 …S.R 233 784 228,30 K ir2ml5~1.dll Sun 2006-08-27 20:49:20 …S.R 235 780 230,25 K j8j60i~1.dll Tue 2006-08-29 19:59:02 …S.R 235 598 230,07 K jt0o07~1.dll Tue 2006-08-29 21:02:02 …S.R 234 980 229,47 K kpdla.dll Sun 2006-08-27 22:14:58 …S.R 236 606 231,06 K ljrq09~1.dll Tue 2006-08-29 13:39:18 …S.R 233 710 228,23 K lvrq09~1.dll Mon 2006-08-28 22:44:16 …S.R 237 205 231,64 K mgxml.dll Tue 2006-08-29 18:48:24 …S.R 233 710 228,23 K mtr.dll Mon 2006-08-28 10:45:22 …S.R 236 606 231,06 K ovethk32.dll Mon 2006-08-28 22:54:20 …S.R 236 606 231,06 K pbrfproc.dll Mon 2006-08-28 10:58:26 …S.R 236 606 231,06 K qvap.dll Tue 2006-08-29 15:39:06 …S.R 233 710 228,23 K sbtupdll.dll Mon 2006-08-28 11:16:40 …S.R 236 606 231,06 K sfell32.dll Tue 2006-08-29 12:45:48 …S.R 236 606 231,06 K sldocvw.dll Tue 2006-08-29 14:46:18 …S.R 233 710 228,23 K snlsrv32.dll Tue 2006-08-29 12:28:10 …S.R 236 606 231,06 K wadmlog.dll Wed 2006-08-30 11:22:22 …S.R 235 598 230,07 K xvctsrv.dll Tue 2006-08-29 18:33:06 …S.R 233 793 228,31 K 29 items found: 29 files (29 H/S), 0 directories. Total of file sizes: 6 823 583 bytes 6,50 M Locate .tmp files: C:\WINNT\SYSTEM32\ 8.tmp Tue 2006-08-29 14:43:14 A… 0 0,00 K atmtdd~1.tmp Mon 2006-08-28 11:16:24 A… 0 0,00 K 2 items found: 2 files, 0 directories. Total of file sizes: 0 bytes 0,00 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C: DYSK_C Numer seryjny woluminu: 3C7A-BD16 Katalog: C:\WINNT\System32 2006-08-30 11:22 235˙598 wadmlog.dll 2006-08-29 21:02 234˙980 jt0o07d3e.dll 2006-08-29 19:59 234˙980 dfeml.dll 2006-08-29 19:59 235˙598 j8j60i1se8.dll 2006-08-29 18:48 233˙710 mgxml.dll 2006-08-29 18:33 233˙793 xVctsrv.dll 2006-08-29 16:40 20˙448 net32a.exe 2006-08-29 15:39 233˙710 qvap.dll 2006-08-29 14:54 233˙710 dfsenh.dll 2006-08-29 14:46 233˙710 SLDOCVW.DLL 2006-08-29 13:39 233˙710 ljrq0995e.dll 2006-08-29 12:45 236˙606 SFELL32.DLL 2006-08-29 12:28 236˙606 snlsrv32.dll 2006-08-29 12:28 233˙784 gpp0l37m1.dll 2006-08-28 22:54 236˙606 ovethk32.dll 2006-08-28 22:54 234˙188 en88l1lu1.dll 2006-08-28 22:44 236˙606 AUVAPI32.DLL 2006-08-28 22:44 237˙205 lvrq0995e.dll 2006-08-28 11:16 236˙606 sbtupdll.dll 2006-08-28 10:58 236˙606 pbrfproc.dll 2006-08-28 10:58 234˙183 enp8l17u1.dll 2006-08-28 10:45 236˙606 mtr.dll 2006-08-28 10:45 234˙271 g6402ghmg64a2.dll 2006-08-28 10:31 236˙606 dgound.dll 2006-08-28 10:31 234˙178 en68l1ju1.dll 2006-08-28 10:25 236˙606 cMpesnpn.dll 2006-08-28 10:25 233˙929 gp6ol3j31.dll 2006-08-27 22:14 236˙606 kpdla.dll 2006-08-27 20:54 236˙506 enn8l15u1.dll 2006-08-27 20:49 235˙780 ir2ml5f11.dll 2006-08-18 11:51 30 plik(˘w) 6˙844˙031 bajt˘w 1 katalog(˘w) 2˙458˙374˙144 bajt˘w wolnych

adam9870 · 30 Sierpień 2006 12:00

Czemu nie udało się uruchomić Look2Me-Destroyer ?? Jakiś błąd się pokazywał czy program po 1 minucie? Jeżeli tak to jest tam opisane co należy w takiej sytuacji zrobić.

Albo możesz skorzystać z opcji numer 2 w l2mfix lub alternatywneg autousuwacza F-Look2Me

Bieniol · 30 Sierpień 2006 12:19

Uruchamiasz narzędzie KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\WINNT\SYSTEM32\34655_netapi.exe

Klikasz X i restart kompa

Odpalasz Hijacka --> Do a system scan only i zaznaczasz wpisy:

I klikasz na dole “fix checked”

Następnie użyj opcji 2 programu l2mfix , lub tak jak napisał adam9870 programu F-Look2Me

Oczywiście po zabiegach dajesz nowy log z hijacka i nowy log z l2mfix (opcja 1)

Lava · 30 Sierpień 2006 14:15

Logfile of HijackThis v1.99.1 Scan saved at 16:46:53, on 2006-08-30 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\WINNT\system32\TASKMGR.EXE C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\system32\NOTEPAD.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://poczta.o2.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM…\Run: [!ewido] “C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKCU…\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU…\Run: [ccleaner] “C:\Program Files\CCleaner\ccleaner.exe” /AUTO O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [ntdll.dll] ctfmon.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O4 - Global Startup: Skrót do TASKMGR.EXE.lnk = C:\WINNT\system32\TASKMGR.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= … lcid=0x409 O17 - HKLM\System\CCS\Services\Tcpip…{08913F49-A008-4C4C-AB71-34DA4F74D266}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{08913F49-A008-4C4C-AB71-34DA4F74D266}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{08913F49-A008-4C4C-AB71-34DA4F74D266}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O20 - Winlogon Notify: StillImage - C:\WINNT\system32\fp2o03f3e.dll (file missing) O21 - SSODL: Network Connections Tray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file) O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - C:\WINNT\system32\msp.cpl O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - (no file) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Sygate Technologies, Inc. - (no file)

L2mfix 051206 Creating Account. Wykonywanie polecenia zostao zakoäczone pomylnie. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX … successful Running From: C:\WINNT\system32 Killing Processes! Killing ‘smss.exe’ \SystemRoot\System32\smss.exe (148) Killing ‘winlogon.exe’ winlogon.exe (196) Killing ‘explorer.exe’ C:\WINNT\Explorer.EXE (996) Killing ‘rundll32.exe’ rundll32.exe “C:\WINNT\system32\cdbjmon.dll”,DllGetVersion (828) Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administratorzy … successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Skopiowano 1 plik(˘w). Skopiowano 1 plik(˘w). Skopiowano 1 plik(˘w). Skopiowano 1 plik(˘w). Deleting: C:\WINNT\system32\cdbjmon.dll Successfully Deleted: C:\WINNT\system32\cdbjmon.dll Deleting: C:\WINNT\system32\fp2o03f3e.dll Successfully Deleted: C:\WINNT\system32\fp2o03f3e.dll Deleting: C:\WINNT\system32\g8lm0i31e8.dll Successfully Deleted: C:\WINNT\system32\g8lm0i31e8.dll Deleting: C:\WINNT\system32\nqwdev.dll Successfully Deleted: C:\WINNT\system32\nqwdev.dll msg11?.dll Skopiowano 0 plik(˘w). Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] “Logoff”=“NavLogoffEvent” “DllName”=“C:\WINNT\system32\NavLogon.dll” “StartShell”=“NavStartShellEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage] “Asynchronous”=dword:00000000 “DllName”=“C:\WINNT\system32\fp2o03f3e.dll” “Impersonate”=dword:00000000 “Logon”=“WinLogon” “Logoff”=“WinLogoff” “Shutdown”=“WinShutdown” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] “DLLName”=“wzcdlg.dll” “Logon”=“WZCEventLogon” “Logoff”=“WZCEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000000 The following are the files found: **************************************************************************** C:\WINNT\system32\cdbjmon.dll C:\WINNT\system32\fp2o03f3e.dll C:\WINNT\system32\g8lm0i31e8.dll C:\WINNT\system32\nqwdev.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{3DD8A410-72B7-48A0-8A6B-F70583E4F19E}] @="" [HKEY_CLASSES_ROOT\CLSID{3DD8A410-72B7-48A0-8A6B-F70583E4F19E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{3DD8A410-72B7-48A0-8A6B-F70583E4F19E}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{3DD8A410-72B7-48A0-8A6B-F70583E4F19E}\InprocServer32] @=“C:\WINNT\system32\guard.tmp” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{7C6C134D-8C25-4EF4-8F58-D56BDBC004CC}] @="" [HKEY_CLASSES_ROOT\CLSID{7C6C134D-8C25-4EF4-8F58-D56BDBC004CC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{7C6C134D-8C25-4EF4-8F58-D56BDBC004CC}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{7C6C134D-8C25-4EF4-8F58-D56BDBC004CC}\InprocServer32] @=“C:\WINNT\system32\xVctsrv.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{B53AA755-D752-45B4-948C-6275927D9800}] @="" [HKEY_CLASSES_ROOT\CLSID{B53AA755-D752-45B4-948C-6275927D9800}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{B53AA755-D752-45B4-948C-6275927D9800}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{B53AA755-D752-45B4-948C-6275927D9800}\InprocServer32] @=“C:\WINNT\system32\mgxml.dll” “ThreadingModel”=“Apartment” Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID{D292E471-1E1F-4AA0-BCCD-74D117A4A424}] @="" [HKEY_CLASSES_ROOT\CLSID{D292E471-1E1F-4AA0-BCCD-74D117A4A424}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID{D292E471-1E1F-4AA0-BCCD-74D117A4A424}\Implemented Categories{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID{D292E471-1E1F-4AA0-BCCD-74D117A4A424}\InprocServer32] @=“C:\WINNT\system32\cdbjmon.dll” “ThreadingModel”=“Apartment” REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{754713E5-4A57-456E-AF4F-907573A61D62}”=- “{2CED22D7-1007-4D95-B901-86B614C32864}”=- “{3DD8A410-72B7-48A0-8A6B-F70583E4F19E}”=- “{7C6C134D-8C25-4EF4-8F58-D56BDBC004CC}”=- “{B53AA755-D752-45B4-948C-6275927D9800}”=- “{D292E471-1E1F-4AA0-BCCD-74D117A4A424}”=- [-HKEY_CLASSES_ROOT\CLSID{754713E5-4A57-456E-AF4F-907573A61D62}] [-HKEY_CLASSES_ROOT\CLSID{2CED22D7-1007-4D95-B901-86B614C32864}] [-HKEY_CLASSES_ROOT\CLSID{3DD8A410-72B7-48A0-8A6B-F70583E4F19E}] [-HKEY_CLASSES_ROOT\CLSID{7C6C134D-8C25-4EF4-8F58-D56BDBC004CC}] [-HKEY_CLASSES_ROOT\CLSID{B53AA755-D752-45B4-948C-6275927D9800}] [-HKEY_CLASSES_ROOT\CLSID{D292E471-1E1F-4AA0-BCCD-74D117A4A424}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/cdbjmon.dll (184 bytes security) (deflated 5%) adding: dlls/fp2o03f3e.dll (184 bytes security) (deflated 5%) adding: dlls/g8lm0i31e8.dll (184 bytes security) (deflated 5%) adding: dlls/nqwdev.dll (184 bytes security) (deflated 5%) adding: backregs/3DD8A410-72B7-48A0-8A6B-F70583E4F19E.reg (164 bytes security) (deflated 70%) adding: backregs/7C6C134D-8C25-4EF4-8F58-D56BDBC004CC.reg (164 bytes security) (deflated 70%) adding: backregs/B53AA755-D752-45B4-948C-6275927D9800.reg (164 bytes security) (deflated 70%) adding: backregs/D292E471-1E1F-4AA0-BCCD-74D117A4A424.reg (164 bytes security) (deflated 70%) adding: backregs/notibac.reg (184 bytes security) (deflated 86%) adding: backregs/shell.reg (184 bytes security) (deflated 74%)

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] “Logoff”=“NavLogoffEvent” “DllName”=“C:\WINNT\system32\NavLogon.dll” “StartShell”=“NavStartShellEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage] “Asynchronous”=dword:00000000 “DllName”=“C:\WINNT\system32\fp2o03f3e.dll” “Impersonate”=dword:00000000 “Logon”=“WinLogon” “Logoff”=“WinLogoff” “Shutdown”=“WinShutdown” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] “DLLName”=“wzcdlg.dll” “Logon”=“WZCEventLogon” “Logoff”=“WZCEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000000 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “Neostrada Plus 5.6”=“IEAKFT” ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“Rozszerzenie CPL pakietu PlusPack” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenie powloki dla programu Windows Script Host” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe i telefoniczne” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{1A9BA3A0-143A-11CF-8350-444553540000}”=“Folder Ulubione powoki” “{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=“M˘j komputer” “{86747AC0-42A0-1069-A2E6-08002B30309D}”=“Folder Akt˘wka” “{0AFACED1-E828-11D1-9187-B532F1E9575D}”=“Skr˘t folderu” “{12518493-00B2-11d2-9FA5-9E3420524153}”=“Wolumin zainstalowany” “{21B22460-3AEA-1069-A2DC-08002B30309D}”=“Rozszerzenie strony waciwoci pliku” “{B091E540-83E3-11CF-A713-0020AFD79762}”=“Strona typ˘w plik˘w” “{FBF23B41-E3F0-101B-8488-00AA003E56F8}”=“Przechwytywanie plik˘w typu MIME” “{C2FBB630-2971-11d1-A18C-00C04FD75D13}”=“Usuga Microsoft CopyTo” “{C2FBB631-2971-11d1-A18C-00C04FD75D13}”=“Usuga Microsoft MoveTo” “{13709620-C279-11CE-A49E-444553540000}”=“Usuga automatyzacji powoki” “{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}”=“Widok folderu automatyzacji powoki” “{4622AD11-FF23-11d0-8D34-00A0C90F2719}”=“Menu Start” “{7BA4C740-9E81-11CF-99D3-00AA004AE837}”=“Usuga Microsoft SendTo” “{D969A300-E7FF-11d0-A93B-00A0C90F2719}”=“Usuga Microsoft New Object” “{09799AFB-AD67-11d1-ABCD-00C04FC30936}”=“Obsuga menu kontekstowego “Otw˘rz z”” “{3FC0B520-68A9-11D0-8D77-00C04FD70822}”=“Wywietlaj rozszerzenia HTML Panelu sterowania” “{75048700-EF1F-11D0-9888-006097DEACF9}”=“ActiveDesktop” “{6D5313C0-8C62-11D1-B2CD-006097DF8C11}”=“Rozszerzenie strony waciwoci Opcje folder˘w” “{57651662-CE3E-11D0-8D77-00C04FC99D61}”=“CmdFileIcon” “{4657278A-411B-11d2-839A-00C04FD918D0}”=“Pomocnik dla operacji przeciĄgania i upuszczania powoki” “{A470F8CF-A1E8-4f65-8335-227475AA5C46}”=“Dodaj opcj© szyfrowania do menu kontekstowych w Eksploratorze” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{568804CA-CBD7-11d0-9816-00C04FD91972}”=“Folder powoki menu” “{5b4dae26-b807-11d0-9815-00c04fd91972}”=“Pasek menu” “{8278F931-2A3E-11d2-838F-00C04FD918D0}”=“Menu powoki ledzenia” “{E13EF4E4-D2F2-11d0-9816-00C04FD91972}”=“Lokacja menu” “{ECD4FC4F-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu menu” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{D82BE2B0-5764-11D0-A96E-00C04FD705A2}”=“IPasek folder˘w powoki” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{0E5CBF21-D15F-11d0-8301-00AA005B4383}”="&ťĄcza" “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7487cd30-f71a-11d0-9ea7-00805f714772}”=“Obraz miniatury” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}”=“Miniatury” “{EAB841A0-9550-11CF-8C16-00805F1408F3}”=“Rozpakowywacz miniatur HTML” “{1AEB1360-5AFC-11D0-B806-00C04FD706EC}”=“Rozpakowywacz miniatur filtr˘w graficznych Office” “{9DBD2C50-62AD-11D0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{500202A0-731E-11D0-B829-00C04FD706EC}”=“Obsuga interfejsu miniatur plik˘w typu LNK” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8C-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Darwin App Publisher” “{fe1290f0-cfbd-11cf-a330-00aa00c16e65}”=“Directory Namespace” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{450D8FBA-AD25-11D0-98A8-0800361B1103}”=“MyDocs Folder” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Menu plik˘w trybu offline” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Opcje folderu plik˘w trybu offline” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{BDA77241-42F6-11d0-85E2-00AA001FE28C}”=“LDVP Shell Extensions” “{E0D79304-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79305-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79306-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79307-84BE-11CE-9641-444553540000}”=“WinZip” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{BDEADF00-C265-11D0-BCED-00A0C90AB50F}”=“Foldery w sieci Web” “{0006F045-0000-0000-C000-000000000046}”=“Microsoft Outlook Custom Icon Handler” “{42042206-2D85-11D3-8CFF-005004838597}”=“Microsoft Office HTML Icon Handler” “{D653647D-D607-4DF6-A5B8-48D2BA195F7B}”=“BitDefender Antivirus v8” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{D3796116-94D3-4009-96D7-51578411CC7D}”=“Outpost Shell Extension” “{e82a2d71-5b2f-43a0-97b8-81be15854de8}”=“ShellLink for Application References” “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}”=“Shell Icon Handler for Application References” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: No matches found. Locate .tmp files: C:\WINNT\SYSTEM32\ 8.tmp Tue 2006-08-29 14:43:14 A… 0 0,00 K atmtdd~1.tmp Mon 2006-08-28 11:16:24 A… 0 0,00 K 2 items found: 2 files, 0 directories. Total of file sizes: 0 bytes 0,00 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C: DYSK_C Numer seryjny woluminu: 3C7A-BD16 Katalog: C:\WINNT\System32 2006-08-30 16:25 44˙544 net32a.exe 2006-08-30 16:25 44˙544 .exe 2006-08-18 11:51 2 plik(˘w) 89˙088 bajt˘w 1 katalog(˘w) 2˙446˙495˙744 bajt˘w wolnych

Bieniol · 30 Sierpień 2006 16:22

Uruchamiasz narzędzie KillBox, zaznaczasz Delete on reboot i All Files , w polu full path of file wklej ścieżkę:

C:\WINNT\system32\msp.cpl

C:\WINNT\system32\8.tmp

C:\WINNT\system32\atmtdd~1.tmp

C:\WINNT\system32\net32a.exe

C:\WINNT\system32.exe

Klikasz X i restart kompa

Usuwasz Hijackiem te wpisy:

Po zabiegach 3 logi (Hijack, Silent, l2mfix)

Gutek · 30 Sierpień 2006 17:01

Zastosuj się do tego Tematu i zmień tytuł na konkretny inaczej KOSZ, nie będę prosił

Pozdrawiam Gutek2222

Lava · 30 Sierpień 2006 17:31

Niestety nie udaje mi się tego skasować fixem

Logfile of HijackThis v1.99.1 Scan saved at 19:54:02, on 2006-08-30 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\WINNT\system32\TASKMGR.EXE C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\system32\cmd.exe C:\WINNT\system32\cmd.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://poczta.o2.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM…\Run: [!ewido] “C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKCU…\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU…\Run: [ccleaner] “C:\Program Files\CCleaner\ccleaner.exe” /AUTO O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [ntdll.dll] ctfmon.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O4 - Global Startup: Skrót do TASKMGR.EXE.lnk = C:\WINNT\system32\TASKMGR.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= … lcid=0x409 O17 - HKLM\System\CCS\Services\Tcpip…{08913F49-A008-4C4C-AB71-34DA4F74D266}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{08913F49-A008-4C4C-AB71-34DA4F74D266}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O21 - SSODL: Network Connections Tray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - (no file) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Sygate Technologies, Inc. - (no file)

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “ctfmon.exe” [MS] “ccleaner” = ““C:\Program Files\CCleaner\ccleaner.exe” /AUTO” [“CCleaner.com”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “ntdll.dll” = “ctfmon.exe” [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Synchronization Manager” = “mobsync.exe /logon” [MS] “!ewido” = ““C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINNT\System32\hticons.dll” [“Hilgraeve, Inc.”] “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” = “LDVP Shell Extensions” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINNT\system32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINNT\system32\dfshim.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “ewido anti-spyware 4.0” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! NavLogon\DLLName = “C:\WINNT\system32\NavLogon.dll” [“Symantec Corporation”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”] LDVPMenu(Default) = “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] “Logoff”=“NavLogoffEvent” “DllName”=“C:\WINNT\system32\NavLogon.dll” “StartShell”=“NavStartShellEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] “DLLName”=“wzcdlg.dll” “Logon”=“WZCEventLogon” “Logoff”=“WZCEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000000 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “Neostrada Plus 5.6”=“IEAKFT” ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“Rozszerzenie CPL pakietu PlusPack” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenie powloki dla programu Windows Script Host” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe i telefoniczne” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{1A9BA3A0-143A-11CF-8350-444553540000}”=“Folder Ulubione powoki” “{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=“M˘j komputer” “{86747AC0-42A0-1069-A2E6-08002B30309D}”=“Folder Akt˘wka” “{0AFACED1-E828-11D1-9187-B532F1E9575D}”=“Skr˘t folderu” “{12518493-00B2-11d2-9FA5-9E3420524153}”=“Wolumin zainstalowany” “{21B22460-3AEA-1069-A2DC-08002B30309D}”=“Rozszerzenie strony waciwoci pliku” “{B091E540-83E3-11CF-A713-0020AFD79762}”=“Strona typ˘w plik˘w” “{FBF23B41-E3F0-101B-8488-00AA003E56F8}”=“Przechwytywanie plik˘w typu MIME” “{C2FBB630-2971-11d1-A18C-00C04FD75D13}”=“Usuga Microsoft CopyTo” “{C2FBB631-2971-11d1-A18C-00C04FD75D13}”=“Usuga Microsoft MoveTo” “{13709620-C279-11CE-A49E-444553540000}”=“Usuga automatyzacji powoki” “{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}”=“Widok folderu automatyzacji powoki” “{4622AD11-FF23-11d0-8D34-00A0C90F2719}”=“Menu Start” “{7BA4C740-9E81-11CF-99D3-00AA004AE837}”=“Usuga Microsoft SendTo” “{D969A300-E7FF-11d0-A93B-00A0C90F2719}”=“Usuga Microsoft New Object” “{09799AFB-AD67-11d1-ABCD-00C04FC30936}”=“Obsuga menu kontekstowego “Otw˘rz z”” “{3FC0B520-68A9-11D0-8D77-00C04FD70822}”=“Wywietlaj rozszerzenia HTML Panelu sterowania” “{75048700-EF1F-11D0-9888-006097DEACF9}”=“ActiveDesktop” “{6D5313C0-8C62-11D1-B2CD-006097DF8C11}”=“Rozszerzenie strony waciwoci Opcje folder˘w” “{57651662-CE3E-11D0-8D77-00C04FC99D61}”=“CmdFileIcon” “{4657278A-411B-11d2-839A-00C04FD918D0}”=“Pomocnik dla operacji przeciĄgania i upuszczania powoki” “{A470F8CF-A1E8-4f65-8335-227475AA5C46}”=“Dodaj opcj© szyfrowania do menu kontekstowych w Eksploratorze” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{568804CA-CBD7-11d0-9816-00C04FD91972}”=“Folder powoki menu” “{5b4dae26-b807-11d0-9815-00c04fd91972}”=“Pasek menu” “{8278F931-2A3E-11d2-838F-00C04FD918D0}”=“Menu powoki ledzenia” “{E13EF4E4-D2F2-11d0-9816-00C04FD91972}”=“Lokacja menu” “{ECD4FC4F-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu menu” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{D82BE2B0-5764-11D0-A96E-00C04FD705A2}”=“IPasek folder˘w powoki” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{0E5CBF21-D15F-11d0-8301-00AA005B4383}”="&ťĄcza" “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7487cd30-f71a-11d0-9ea7-00805f714772}”=“Obraz miniatury” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}”=“Miniatury” “{EAB841A0-9550-11CF-8C16-00805F1408F3}”=“Rozpakowywacz miniatur HTML” “{1AEB1360-5AFC-11D0-B806-00C04FD706EC}”=“Rozpakowywacz miniatur filtr˘w graficznych Office” “{9DBD2C50-62AD-11D0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{500202A0-731E-11D0-B829-00C04FD706EC}”=“Obsuga interfejsu miniatur plik˘w typu LNK” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8C-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Darwin App Publisher” “{fe1290f0-cfbd-11cf-a330-00aa00c16e65}”=“Directory Namespace” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{450D8FBA-AD25-11D0-98A8-0800361B1103}”=“MyDocs Folder” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Menu plik˘w trybu offline” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Opcje folderu plik˘w trybu offline” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{BDA77241-42F6-11d0-85E2-00AA001FE28C}”=“LDVP Shell Extensions” “{E0D79304-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79305-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79306-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79307-84BE-11CE-9641-444553540000}”=“WinZip” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{BDEADF00-C265-11D0-BCED-00A0C90AB50F}”=“Foldery w sieci Web” “{0006F045-0000-0000-C000-000000000046}”=“Microsoft Outlook Custom Icon Handler” “{42042206-2D85-11D3-8CFF-005004838597}”=“Microsoft Office HTML Icon Handler” “{D653647D-D607-4DF6-A5B8-48D2BA195F7B}”=“BitDefender Antivirus v8” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{D3796116-94D3-4009-96D7-51578411CC7D}”=“Outpost Shell Extension” “{e82a2d71-5b2f-43a0-97b8-81be15854de8}”=“ShellLink for Application References” “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}”=“Shell Icon Handler for Application References” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: No matches found. Locate .tmp files: C:\WINNT\SYSTEM32\ 8.tmp Tue 2006-08-29 14:43:14 A… 0 0,00 K atmtdd~1.tmp Mon 2006-08-28 11:16:24 A… 0 0,00 K 2 items found: 2 files, 0 directories. Total of file sizes: 0 bytes 0,00 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C: DYSK_C Numer seryjny woluminu: 3C7A-BD16 Katalog: C:\WINNT\System32 2006-08-30 19:52 44˙544 net32a.exe 2006-08-30 19:52 44˙544 .exe 2006-08-18 11:51 2 plik(˘w) 89˙088 bajt˘w 1 katalog(˘w) 2˙442˙395˙648 bajt˘w wolnych

Bieniol · 30 Sierpień 2006 17:35

Wykonałeś to polecenie? Bo pliki nadal są

Lava · 30 Sierpień 2006 17:42

tak robiłam.

Bieniol · 30 Sierpień 2006 17:46

Przepraszam za pomyłkę przy płci :oops:

Uruchamiasz narzędzie KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\WINNT\system32\msp.cpl

Klikasz X i restart kompa

Tak samo robisz z tymi ścieżkami:

C:\WINNT\system32\8.tmp

C:\WINNT\system32\atmtdd~1.tmp

C:\WINNT\system32\net32a.exe

I dajesz nowy log z l2mfix i nowy log z Silenta, bo ten jest ucięty - cierpliwie czekaj na komunikat

Lava · 30 Sierpień 2006 18:35

Nic nie szkodzi - co do płci

Zrobione

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] “Logoff”=“NavLogoffEvent” “DllName”=“C:\WINNT\system32\NavLogon.dll” “StartShell”=“NavStartShellEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] “DLLName”=“wzcdlg.dll” “Logon”=“WZCEventLogon” “Logoff”=“WZCEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000000 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] “Neostrada Plus 5.6”=“IEAKFT” ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“Rozszerzenie CPL pakietu PlusPack” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenie powloki dla programu Windows Script Host” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe i telefoniczne” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{1A9BA3A0-143A-11CF-8350-444553540000}”=“Folder Ulubione powoki” “{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=“M˘j komputer” “{86747AC0-42A0-1069-A2E6-08002B30309D}”=“Folder Akt˘wka” “{0AFACED1-E828-11D1-9187-B532F1E9575D}”=“Skr˘t folderu” “{12518493-00B2-11d2-9FA5-9E3420524153}”=“Wolumin zainstalowany” “{21B22460-3AEA-1069-A2DC-08002B30309D}”=“Rozszerzenie strony waciwoci pliku” “{B091E540-83E3-11CF-A713-0020AFD79762}”=“Strona typ˘w plik˘w” “{FBF23B41-E3F0-101B-8488-00AA003E56F8}”=“Przechwytywanie plik˘w typu MIME” “{C2FBB630-2971-11d1-A18C-00C04FD75D13}”=“Usuga Microsoft CopyTo” “{C2FBB631-2971-11d1-A18C-00C04FD75D13}”=“Usuga Microsoft MoveTo” “{13709620-C279-11CE-A49E-444553540000}”=“Usuga automatyzacji powoki” “{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}”=“Widok folderu automatyzacji powoki” “{4622AD11-FF23-11d0-8D34-00A0C90F2719}”=“Menu Start” “{7BA4C740-9E81-11CF-99D3-00AA004AE837}”=“Usuga Microsoft SendTo” “{D969A300-E7FF-11d0-A93B-00A0C90F2719}”=“Usuga Microsoft New Object” “{09799AFB-AD67-11d1-ABCD-00C04FC30936}”=“Obsuga menu kontekstowego “Otw˘rz z”” “{3FC0B520-68A9-11D0-8D77-00C04FD70822}”=“Wywietlaj rozszerzenia HTML Panelu sterowania” “{75048700-EF1F-11D0-9888-006097DEACF9}”=“ActiveDesktop” “{6D5313C0-8C62-11D1-B2CD-006097DF8C11}”=“Rozszerzenie strony waciwoci Opcje folder˘w” “{57651662-CE3E-11D0-8D77-00C04FC99D61}”=“CmdFileIcon” “{4657278A-411B-11d2-839A-00C04FD918D0}”=“Pomocnik dla operacji przeciĄgania i upuszczania powoki” “{A470F8CF-A1E8-4f65-8335-227475AA5C46}”=“Dodaj opcj© szyfrowania do menu kontekstowych w Eksploratorze” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{568804CA-CBD7-11d0-9816-00C04FD91972}”=“Folder powoki menu” “{5b4dae26-b807-11d0-9815-00c04fd91972}”=“Pasek menu” “{8278F931-2A3E-11d2-838F-00C04FD918D0}”=“Menu powoki ledzenia” “{E13EF4E4-D2F2-11d0-9816-00C04FD91972}”=“Lokacja menu” “{ECD4FC4F-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu menu” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{D82BE2B0-5764-11D0-A96E-00C04FD705A2}”=“IPasek folder˘w powoki” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{0E5CBF21-D15F-11d0-8301-00AA005B4383}”="&ťĄcza" “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7487cd30-f71a-11d0-9ea7-00805f714772}”=“Obraz miniatury” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}”=“Miniatury” “{EAB841A0-9550-11CF-8C16-00805F1408F3}”=“Rozpakowywacz miniatur HTML” “{1AEB1360-5AFC-11D0-B806-00C04FD706EC}”=“Rozpakowywacz miniatur filtr˘w graficznych Office” “{9DBD2C50-62AD-11D0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{500202A0-731E-11D0-B829-00C04FD706EC}”=“Obsuga interfejsu miniatur plik˘w typu LNK” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8C-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Darwin App Publisher” “{fe1290f0-cfbd-11cf-a330-00aa00c16e65}”=“Directory Namespace” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{450D8FBA-AD25-11D0-98A8-0800361B1103}”=“MyDocs Folder” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Menu plik˘w trybu offline” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Opcje folderu plik˘w trybu offline” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{BDA77241-42F6-11d0-85E2-00AA001FE28C}”=“LDVP Shell Extensions” “{E0D79304-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79305-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79306-84BE-11CE-9641-444553540000}”=“WinZip” “{E0D79307-84BE-11CE-9641-444553540000}”=“WinZip” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{BDEADF00-C265-11D0-BCED-00A0C90AB50F}”=“Foldery w sieci Web” “{0006F045-0000-0000-C000-000000000046}”=“Microsoft Outlook Custom Icon Handler” “{42042206-2D85-11D3-8CFF-005004838597}”=“Microsoft Office HTML Icon Handler” “{D653647D-D607-4DF6-A5B8-48D2BA195F7B}”=“BitDefender Antivirus v8” “{1D2680C9-0E2A-469d-B787-065558BC7D43}”=“Fusion Cache” “{D3796116-94D3-4009-96D7-51578411CC7D}”=“Outpost Shell Extension” “{e82a2d71-5b2f-43a0-97b8-81be15854de8}”=“ShellLink for Application References” “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}”=“Shell Icon Handler for Application References” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: No matches found. Locate .tmp files: C:\WINNT\SYSTEM32\ atmtdd~1.tmp Mon 2006-08-28 11:16:24 A… 0 0,00 K 1 item found: 1 file, 0 directories. Total of file sizes: 0 bytes 0,00 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C: DYSK_C Numer seryjny woluminu: 3C7A-BD16 Katalog: C:\WINNT\System32 2006-08-30 19:52 44˙544 net32a.exe 2006-08-30 19:52 44˙544 .exe 2006-08-18 11:51 2 plik(˘w) 89˙088 bajt˘w 1 katalog(˘w) 2˙450˙116˙608 bajt˘w wolnych

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “ctfmon.exe” [MS] “ccleaner” = ““C:\Program Files\CCleaner\ccleaner.exe” /AUTO” [“CCleaner.com”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “ntdll.dll” = “ctfmon.exe” [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Synchronization Manager” = “mobsync.exe /logon” [MS] “!ewido” = ““C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINNT\System32\hticons.dll” [“Hilgraeve, Inc.”] “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” = “LDVP Shell Extensions” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINNT\system32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINNT\system32\dfshim.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “ewido anti-spyware 4.0” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! NavLogon\DLLName = “C:\WINNT\system32\NavLogon.dll” [“Symantec Corporation”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”] LDVPMenu(Default) = “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ LDVPMenu(Default) = “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINNT\Web\Wallpaper\Złote płatki.jpg” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINNT\system32\ssstars.scr” [MS] Startup items in “Administrator” & “All Users” startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] “Picture Package Menu” -> shortcut to: “C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe” [“Sony Corporation”] “Picture Package VCD Maker” -> shortcut to: “C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -h” [“Sony Corporation.”] “Skrót do TASKMGR.EXE” -> shortcut to: “C:\WINNT\system32\TASKMGR.EXE” [MS] Enabled Scheduled Tasks: ------------------------ “Look2Me-Destroyer” -> launches: “C:\PROGRA~1\Wanadoo\Profil1\Look2Me-Destroyer.exe” [“Atribune.org”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\rnr20.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: É [file not found], 01 %SystemRoot%\system32\msafd.dll [MS], 02 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, “C:\Program Files\ewido anti-spyware 4.0\guard.exe” [“Anti-Malware Development a.s.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS] Symantec AntiVirus, Symantec AntiVirus, ““C:\Program Files\Symantec AntiVirus\Rtvscan.exe”” [“Symantec Corporation”] Symantec AntiVirus Definition Watcher, DefWatch, ““C:\Program Files\Symantec AntiVirus\DefWatch.exe”” [“Symantec Corporation”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] System zdarzeń COM+, EventSystem, “C:\WINNT\System32\svchost.exe -k netsvcs” {“C:\WINNT\System32\es.dll” [null data]} ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 194 seconds, including 2 seconds for message boxes)

Mam nadzieję że dobrze zrobione, bo ja w tym gąszczu literek, cyferek niestety gubię się.

Bieniol · 30 Sierpień 2006 19:43

Część nadal siedzi

Odpal Konsolę odzyskiwania z CD Windowsa i wpisuj komendy:

CD C:\WINNT\System32

ATTRIB -R-S-H atmtdd~1.tmp

ATTRIB -R-S-H net32a.exe

ATTRIB -R-S-H .exe

DEL atmtdd~1.tmp

DEL net32a.exe

DEL .exe

EXIT

I dajesz nowy log z l2mfix

Lava · 31 Sierpień 2006 08:43

Niestety utknęłam na hasle admina. Nie mam hasła i nie mogę ruszyć dalej, ale będe próbowała dobrać się do niego.

Jak mi się uda wszystko zrobić to wkleje loga.

Mimo pozostałego syfu i tak dzieki Waszej pomocy jest już lepiej.

Gutek · 31 Sierpień 2006 10:50

Pobierz GMER

Otwierasz Gmera >>> przechodzisz do nowej zakładki o nazwie CMD i tutaj w oknie CMD wklej ten zestaw komend::

Przejść do Procesów i opcja Zabij Wszystko. Powrócić do okna CMD i wcisnąć Uruchom

Lava · 31 Sierpień 2006 15:41

Niestety nie tak łatwo

Po rozpakowaniu gmera i otwarciu go resetuje mi się komputer.

Bieniol · 31 Sierpień 2006 16:30

Spróbuj to zrobićw trybie awaryjnym

Oraz wejdź w dziennik zdarzeń:

Start --> uruchom --> eventvwr i zobacz jaki błąd wygenerował GMER