Bardzo prosze o pomoc !!Trojany!!

[Gość: dreamy]

Witam
Mam komputer ktory postanowilam dzisiaj zeskanowac adaware aby sprawdzicczy
nic mi sie tam nie zagniezdzilo!Jednak zaraz jak go uruchomilam i zaczal
prawdzac po kolei foldery, to po prostu znikal obraz,po czym pojawial sie
normalnie pupit bez zadnego uruchomionego programu!Tak wiec wrzcilam spybota
i nim zeskanowalam!Znalazl mi okolo 34 obiektow z wieloma wejsciami.Wiekszosc
z nich usunal,ale czesci ne dal rady. I tak zostaly miedzy innymi:
Network monitor
command service
coolWWWSearch.Leftovers
SurfSideKick
Virtumonde
Oraz kilka w stylu windows Security Center.Antivirus i Fiewall
Po tym zeskanowanie spybotem probowalam znowu uruchomic adawara,ale sytuacja
sie powtarzala jak poprzednio!
Bardzo prsze kogos o pomoc, bo ja juz nie wiem co robic.
A oto moj log z hijaka:

Logfile of HijackThis v1.99.1
Scan saved at 12:37:54 PM, on 7/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\VXNlcjE\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\winlogon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\User1\Local Settings\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
www.averatec.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} -
C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE START
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32
\algs.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrded_7.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Command Service (cmdService) - Unknown owner -
C:\WINDOWS\VXNlcjE\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32
\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32
\PAStiSvc.exe
O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown
owner - C:\WINDOWS\winlogon.exe (file missing)



Pozdrawiam
dreamy

[Gość: Kolobos]

Zamknij porty w wwdc, opis masz w przyklejonym poscie do tego czytasz tam i
wykonujesz: usuwanie look2me, usuwanie uslug, skan ewido.

W meneadzerze zadan zakoncz:
C:\WINDOWS\winlogon.exe
Nie pomyl z plikiem systemowym!

W hjt usun:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*www.yahoo.com/ext/search/
search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*www.yahoo.com/ext/search/
search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
www.averatec.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} -
C:\Program Files\SurfSideKick 3\SskBho.dll <- katalog SurfSideKick 3 usun z
dysku.
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32
\algs.exe <- plik usun z dysku.
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe <-
plik usun z dysku.
O4 - HKLM\..\Run: [ms ownage] winPE.exe <- plik usun z dysku,
O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe <- i ten
O4 - HKLM\..\Run: [keyboard] C:\\kybrded_7.exe <- i ten
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O20 - AppInit_DLLs: repairs303169590.dll <- i ten

Uslugi do kasacji:
O23 - Service: Command Service (cmdService) - Unknown owner -
C:\WINDOWS\VXNlcjE\command.exe (file missing) <- katalog VX... usun z dysku.
O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown
owner - C:\WINDOWS\winlogon.exe (file missing) <- plik usun z dysku, nie pomyl
tylko z systemowym.

Po wszystkim wklej nowy log z hijackthis.

[Gość: dreamy]

1. Sciagnelam sobie wwdc i zamknelam porty.Jedynie UPNP jest na zolto,a reszta
na zielono!
2. W menadzerze zadan nie usunelam tego pliku, bo w kolumnie user name jest
opisany jako system,wiec wole nie ryzykowac.Jesli jednak mam cos zrobic to
czekam na wskazowki :-)
3. Z hjt usunelam wszystko co trzeba,natomiast z usunieciem tych plikow mialam
pewien problem, poniewaz te nazwy sie roznily.Na przyklad
> O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe <
> ;- to nie ma takiego pliku, tylko jest spoolsv.exe, a jak by nie bylo, to
nazwa sie juz nie zgadza!
Katalog SurfSideKick 3 zostal usuniety,choc nie od razu.Chyba ktorys ze
skanerow mi w tym pomogl,bo jak recznie probowalam,to nie chcialo zniknac, a
teraz go nie ma!
> O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32
> \algs.exe co do tego pliku to znowu nazwa mi sie nie zgadza, bo ja mam
alg.exe
I to chyba na tyle! Adaware juz skanuje, natomiast przy skanowaniu pelnym
znajduje ozne rzeczytakie jak adware.look2me WinAntiVirusPro
RepairRegistryPro. Tego look2me probowalam usunac killboxem,ale nie bardzo mi
to wyszlo,oraz sciagnelam tego destroyera i ten w ogole nie chcial dzialac.
Jak odpalam spybota, to znajduje mi czasem Virtumonde i nastepnie pisze,ze nie
moze usunac c:\windows\system32\h40q0ed5eh0.dll

A do tego jeszcze jak jestem w necie,to co jakis czas same otwieraja mi sie
rozne strony.Co mnie tylko dziwi zadne z sekse, jak to zwykle bywa, lecz jakies
w stylu kasino,czy komorki do kupenia!

To chyba na tyle!Czekam w takim razie na odpowiedz co robic dalej i dziekuje za
dotychczasowe rady!Co my bysmy bez was zrobili....eh:-*

[Gość: Kolobos]

> 1. Sciagnelam sobie wwdc i zamknelam porty.Jedynie UPNP jest na zolto,a
> reszta na zielono!

Tutaj masz o UPNP:
forum.gazeta.pl/forum/72,2.html?f=430&w=38051058&a=38142298
> 2. W menadzerze zadan nie usunelam tego pliku, bo w kolumnie user name
> jest opisany jako system,wiec wole nie ryzykowac.Jesli jednak mam cos
> zrobic to czekam na wskazowki :-)

Wklej nowy log z hjt to zobaczymy co zostalo.

> O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe <
> O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32
> \algs.exe

Skoro plikow nie ma to nie usuwasz ;-)

> to wyszlo,oraz sciagnelam tego destroyera i ten w ogole nie chcial dzialac.

Uruchom w trybie awaryjnym.

> c:\windows\system32\h40q0ed5eh0.dll

Wyglada na kawalek look2me, wiec narazie sprobuj to co napisalem wyzej.

> A do tego jeszcze jak jestem w necie,to co jakis czas same otwieraja...

Masz look2me wiec nic dziwnego.

[Gość: dreamy]

Mam problem z uruchmieniem trybu awaryjnego,bo to komp z USA,a z tego co wiem
to w nich sie inaczej go wlacza.W kazdym razie probowalam z F8 i F2 i ctrl i
nic nie dziala!

W dodaj usun programy nie znalazlam nic takiego jak UPNP,a poza tym nie bardzo
wiem cz nawet jesli bm znalazla,to cz moge to usunac.Problem jest taki,ze to
komp znajmych i nie chce usunac im nic co moze byc im potrzebne!No ale zlicze
sie na Ciebie :-D

Pousuwalam te pozycje z loga.Ale look2me caly czas aje o sobie znac!! Meczacy
jest on strasznie!

Pozdrawiam
dreamy

[kolobos]

Komputer moze byc i z chin, a i tak tryb awaryjny uruchamia sie przez F8.

> W dodaj usun programy nie znalazlam nic takiego jak UPNP

Jest w skladnikach systemowych, mozna tez wylaczyc usluge w Start->Uruchom-
>Services.msc odszukac tam upnp, wylaczyc i zatrzymac.

> Pousuwalam te pozycje z loga.Ale look2me caly czas aje o sobie znac!!
> Meczacy jest on strasznie!

Wszystkie trzy programy do usuwania nie dzialaja?

[Gość: dreamy]

No tak.Tylko swietnie pamietam,ze moj kumpel mial kompa z usa i u niego tryb
awaryjny uruchamialo sie na 100% przez wcisniecie F2!!No,ale nic!W kazdym razie
na tym moim kompie F8 nie dziala.Pokazuje sie jedynie cos w stylu select first
boot dewice a pozniej HDD CD/DVD i BBS-0 a nie wiedze nigdzie mozliwosci
wrzucenia systemu awaryjnego.

Probowalam z wszystkimi trzema programami.Zaden nie chce mi usunac look2me.Dwa
w ogole nie chca dzialac,a jeden z nich,ten killbox ma niby wyszukiwac
pliki,ale nie moze nic znalexc z look2me.....nie wiem,moze cos zle robie...

pozdrawiam
dreamy

[kolobos]

> W kazdym razie na tym moim kompie F8 nie dziala.Pokazuje sie jedynie cos w
> stylu select first boot dewice a pozniej HDD CD/DVD i BBS-0 a nie wiedze
> nigdzie mozliwosci wrzucenia systemu awaryjnego.

Za wczesnie naciskasz...

> ale nie moze nic znalexc z look2me.....nie wiem,moze cos zle robie...

Wiec moze juz go nie ma.

[Gość: dreamy]

Udalo mi sie juz uruchomic tryb awaryjny!Ale pomimo skanowania przez wszystkie
mozliwe skanery jakie mamy,lacznie z tymi co mialy usunac look2me,nie udalo mi
sie go usunac.Probowalam uzyc tez tego kill....na poczatku on pisze,ze nie mam
look2me,ale proponuje sprawdzenie.Gdy kaze mu sprawdzic,to pisze ze go
usunal,ale on dalej jest.Tak wiec ten tryb awaryjny chyba nic nie pomogl.

A tego portu UPNP dalej nie zamknelam......czytalam na necie jak to zrobic,ale
podaja inna nazwe....cos zaczynajacego sie chyba na d.....teraz nie pamietam
dokladnie....ale moze ty masz jeszcze jakis pomysl?

pozdrawiam
dreamy

[Gość: Kolobos]

Sciagnij:
www.downloads.subratam.org/l2mfix.exe
rozpakuj, uruchom l2mfix.bat, wybierz opcje 1, a log, ktory sie
utworzy wklej na forum.

> A tego portu UPNP dalej nie zamknelam......czytalam na necie jak
> to zrobic,ale podaja inna nazwe....cos zaczynajacego sie chyba na
> d.....teraz nie pamietam dokladnie....ale moze ty masz jeszcze
> jakis pomysl?

Juz Ci napisalem zeby wylaczyc usluge w service.msc mozna tez uzyc tego:
www.grc.com/files/unpnp.exe
Jezeli dalej bedziesz miec z tym problem to juz to zostaw, niech bedzie
wlaczone.

[Gość: dreamy]

oto ten log :-D
pozdrawiam
dreamy



L2MFIX find log 051206
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Dynamic Directory]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\fp4003hme.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\hgdby]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform]
"{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7

[kolobos]

Tak ten, ale sie nie zmiescil, doklej reszte w nastepnym poscie i tak az sie
zmiesci caly.

[kolobos]

Wlacz tryb awaryjny, bez obslugi sieci, uzyj jeszcze raz: Look2Me-Destroyer.exe
I wklej tez log z usuwania: Look2Me-Destroyer.txt

[Gość: dreamy]

Ju to robilam.W trybie awaryjnym probowalam uruchomic tego destroyera,ale jest
to samo co w trybie normalnym.To zaczy na poczatku zaznaczam ten "run..." i on
mi wyswietla komunikat: "look2me-destroyer has detected that the task scheduler
service is not running and will start it now" a nastepnie wyskakuje mi to
okienko co powinno,czyli informujace,ze za minute odpali sie program.I moge
czekac 3 minuty,a nic mi sie nie pokazuje!Gdy wlaczam ponownie ten program,to
droga jestidentyczna jak poprzednio.

A tutaj wklejam loga z L2mfix

L2MFIX find log 051206
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Explorer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\p66slgj716o.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\hgdby]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform]
"{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF

[Gość: dreamy]

ciag dalszy loga


"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler
(DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag
Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo
Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box
Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box
Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist
Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar
Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time
Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property
Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist
Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD
Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist
Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-
B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-
3FB6980118CF}"
"{A5110426-177D-4e08-AB3F-785F10B4439C}"="Sony Ericsson File Manager"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=""
"{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=""
"{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=""
"{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=""
"{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=""
"{309EA188-4A0E-49B5-B041-055F14309998}"=""
"{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=""
"{94C41DAF-A412-4D90-862C-2C43548A21D4}"=""
"{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=""
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
"{354A9DC0-3981-4EA6-8A14-676654209E11}"=""
"{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=""
"{D867D6CD-104C-4647-8331-1EB13B876CE5}"=""

********************************************************************************
**
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\Mostdfmt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\InprocServer32]
@="C:\\WINDOWS\\system32\\pplstore.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\InprocServer3

[Gość: dreamy]

[HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\InprocServer32]
@="C:\\WINDOWS\\system32\\cirsrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\InprocServer32]
@="C:\\WINDOWS\\system32\\crcfg32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\InprocServer32]
@="C:\\WINDOWS\\system32\\mlpmspsv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\InprocServer32]
@="C:\\WINDOWS\\system32\\lgrmonui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\InprocServer32]
@="C:\\WINDOWS\\system32\\mv4sdmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\InprocServer32]
@="C:\\WINDOWS\\system32\\mivcrt40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\InprocServer32]
@="C:\\WINDOWS\\system32\\sudll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\InprocServer32]
@="C:\\WINDOWS\\system32\\bdowsewm.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\InprocServer32]
@="C:\\WINDOWS\\system32\\kmdru.dll"
"ThreadingModel"="Apartment"

********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
cpuinf32.dll Thu Jul 13 2006 11:18:34a A.... 9,216 9.00 K
dsmclien.dll Sun Jul 23 2006 2:02:32p ..S.R 236,371 230.83 K
hgdby.dll Thu Jul 13 2006 11:34:20a ..SH. 573,492 560.05 K
kmdru.dll Sun Jul 23 2006 9:40:54p ..S.R 233,680 228.20 K
lv4409~1.dll Sun Jul 23 2006 9:39:50p ..S.R 236,591 231.04 K
lvp209~1.dll Sat Jul 22 2006 6:53:42p ..S.R 234,584 229.09 K
lvr209~1.dll Sun Jul 23 2006 11:31:02p ..S.R 233,680 228.20 K
mplvpx.dll Thu Jul 13 2006 11:18:52a A.... 245,760 240.00 K
mrpmsnsv.dll Sun Jul 23 2006 2:43:50p ..S.R 236,548 231.00 K
msvbvm60.dll Fri Jun 23 2006 9:54:18p A.... 1,385,744 1.32 M
nvtshell.dll Sun Jul 23 2006 1:58:48p ..S.R 235,463 229.94 K
ogg.dll Thu Jul 13 2006 11:39:08a A.... 45,056 44.00 K
oggds.dll Thu Jul 13 2006 11:54:14a A.... 237,568 232.00 K
ouffilt.dll Sun Jul 23 2006 1:52:28p ..S.R 234,584 229.09 K
p66slg~1.dll Sun Jul 23 2006 10:50:00p ..S.R 235,446 229.93 K
pncrt.dll Sun Jun 4 2006 5:08:42p A.... 278,528 272.00 K
pndx5016.dll Sun Jun 4 2006 5:08:44p A.... 6,656 6.50 K
pndx5032.dll Sun Jun 4 2006 5:08:44p A.... 5,632 5.50 K
qghumeay.dll Thu Jul 13 2006 11:13:32a A.... 0 0.00 K
rmoc3260.dll Sun Jun 4 2006 5:09:18p A.... 157,696 154.00 K
sudll.dll Mon Jul 24 2006 11:33:38a ..S.R 235,446 229.93 K
vorbis.dll Thu Jul 13 2006 11:41:40a A.... 188,416 184.00 K
vorbis~1.dll Thu Jul 13 2006 11:51:18a A.... 921,600 900.00 K
wmv9vcm.dll Thu Jul 13 2006 11:37:42a A.... 1,415,680 1.35 M
wsvdmod.dll Sun Jul 23 2006 2:14:18p ..S.R 234,880 229.38 K
xvid.dll Thu Jul 13 2006 11:17:40a A.... 626,688 612.00 K
xvidcore.dll Thu Jul 13 2006 11:17:56a A.... 679,936 664.00 K
xvidvfw.dll Thu Jul 13 2006 11:18:02a A.... 155,648 152.00 K

28 items found: 28 files (12 H/S), 0 directories.
Total of file sizes: 9,520,589 bytes 9.08 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
mcrh.tmp Sun Jul 23 2006 10:48:40p A.... 0 0.00 K
ybdgh.tmp Sun Jul 23 2006 1:38:08p ..SH. 5,613 5.48 K

2 items found: 2 files (1 H/S), 0 directories.
Total of file sizes: 5,613 bytes 5.48 K
********************************************************************************
**
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 682E-1693

Directory of C:\WINDOWS\System32

07/24/2006 11:49 AM 2,872 ybdgh.ini2
07/24/2006 11:33 AM 235,446 sudll.dll
07/23/2006 11:31 PM 233,680 lvr2099oe.dll
07/23/2006 10:49 PM 235,446 p66slgj716o.dll
07/23/2006 09:40 PM 233,680 kmdru.dll
07/23/2006

[Gość: dreamy]

i to juz koncowka
pozdrawiam
dreamy


07/23/2006 09:39 PM 236,591 lv4409hqe.dll
07/23/2006 02:43 PM 236,548 mrpmsnsv.dll
07/23/2006 02:14 PM 234,880 wsvdmod.dll
07/23/2006 02:02 PM 236,371 dsmclien.dll
07/23/2006 01:58 PM 235,463 nvtshell.dll
07/23/2006 01:52 PM 234,584 ouffilt.dll
07/23/2006 01:38 PM 5,613 ybdgh.tmp
07/22/2006 06:53 PM 234,584 lvp2097oe.dll
07/20/2006 09:26 PM 2,507 ybdgh.ini
07/13/2006 11:34 AM 573,492 hgdby.dll
07/09/2006 07:48 AM <DIR> dllcache
03/18/2003 07:58 AM <DIR> Microsoft
15 File(s) 3,171,757 bytes
2 Dir(s) 14,314,938,368 bytes free

[wiewia1]

Ok zrób tak. Wiem że Look2Me-Destroyer.exe ma już wersje poprawioną i nie występuje ten błąd. Ale może..

Zrób tak wejdz najpierw w panel sterowania=>Zaplanowane zadania i wykasuj wszystko co dotyczy Look2Me-Destroyer.exe. Następnie z tej strony ki.gwsh.edu.pl/przemek/download/pliki.htm ściagnij plik Mscomctl.ocx i zapisz go w katalogu c:\windows\sytem32 i restart kompa. Po restarcie sprawdz Look2Me-Destroyer

Do usuwania look2me tez dobry jest ten programik www.f-secure.com/tools/f-look2me.zip wrazie jak destroyera nie uruchomisz

[Gość: dreamy]

tylko mam taki problem,ze menu w tym kompie jest po angielsku,a ja nie zawszedo
konca wiem co jak sie tlumaczy.Rozumiem,ze zaplanowane zadania to jest
scheduled tasks.Wiec jak w to chodze to mam tylko "symantecnot detected" i nic
poza tym!!
zaraz sie wezme za sciagniecie tego pliku i bede dalej robic tak jak piszesz :-D

pozdrawiam
dreamy

[wiewia1]

Sorki pomyliło mi się szukaj do pobrania tego pliku Mswinsck.ocx

[Gość: dreamy]

sciagniecie tego pliku nic nie dalo.Zrestartowalam kompa,a ten program dalej
nie odpala.

[Gość: dreamy]

podobno juz mam taki plik w tym katalogu.Proponuje mi jegozamiane.Co mam zrobic?
Szczerze powiem,ze nie lubie grzebac w katalogach system i system32......czuje
pewien dyskomfort......szczegolnie bioroac pod uwage to,ze to nie moj komp :-/

czekam na dalsze polecenia:-D
pozdrawiam
dreamy

[wiewia1]

To użyj tego f-look2me co podałem link do niego . Bo na usuwanie ręczne i tak muisisz dać nowy log z l2mfix. Poniewaz robiłas restarty kompa i pliki i wpisy napewno się pozmieniały. Po użyciu f-look2me wklej nowy log z l2mfix opcji nr1. Jak coś pomordujemy się ręcznie

[Gość: dreamy]

to drugie tez raczej nic niedalo.Uruchomilam,chwile tam cos posprawdzalo,
napisalo mi,zeznalazlo zainfekowany plik w katalogu system32 o
nazwie "lvr2099oe.dll" i to wszystko.A wedlug mnie to mam duzo wiecej plikow
zainfekowanych.
Czekam na dalsze instrukcje :-P

pozdrawiam
dreamy

[wiewia1]

Coś mam dziś porblemy w połapaniu się w tych postach. Wklejaj log. z l2mfix z opcji nr1. Powalczymy ręcznie

[Gość: dreamy]

A probowalam zrobic tak jak napisales,wejsc w start uruchom i wpisalam te
serwices.msc,ale pisze mi,ze nie moze nic takiego znalezc.
Jeszcze jakies pomysly?? :-D
Pozdrawiam
dreamy

[Gość: dreamy]

sory,juz sie udalo!Literowka!!

[Gość: dreamy]

> Tutaj masz o UPNP:
> forum.gazeta.pl/forum/72,2.html?f=430&w=38051058&a=38142298
Weszlam na te forum,i zaczelam rbic wszystko po kolei jak bylo
napisane,ale.....w dodaj usun programy nie mam nic takiego jak UPNP,ani w
takiej nazwie ani jako skrot (bo tak na prawde nie wiem co to znaczy).Noa,el
nic,weszlam dalej w skladniki systemu windows i uslugi sieciowe,ale tam tez nie
znalazlam zadnego UPNP......Juz koncza mi sie pomysly :-)
Zaczynam miec wrazenie,ze ten trojan zamieszkal tu na dobre :-P

[Gość: dreamy]

a to jeszcze moj hijack

Logfile of HijackThis v1.99.1
Scan saved at 6:16:22 PM, on 7/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\AVWLPSTA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\User1\Local Settings\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.co.uk/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no
file)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE START
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8CAA52E-F6AD-464C-A3CF-ECB6080511C8}:
NameServer = 62.24.128.17 62.24.128.18
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown
owner - C:\WINDOWS\winlogon.exe (file missing)

pozdrawiam
dreamy

[Gość: Kolobos]

W hjt usun:
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no
file)
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

Usluga do kasacji jak juz pisalem:
O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown
owner - C:\WINDOWS\winlogon.exe (file missing)

LOG Z l2mfix

[Gość: dreamy]

Zaczelam z nowym tematem,aby bylo latwiej sie polapac w postach!!! Ponizej
wkleje log z l2mfix, natomiast jeszcze taka sprawa,ze ten plik co na samym
poczatku kolobos kazal mi usunac,teraz wyskakuje mi przy wylaczaniu kompa,ze
nie ma tego pliku i ma jakies problemy, i ledwo mi wylacza kompa,to za chwile
sam go wlacza!! Czy to znaczy,ze teraz mam sobie sciagnac ten plik?
Pozdrawiam
dreamy

L2MFIX find log 051206
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\hgdby]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform]
"{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"=

LOG Z l2mfix

[Gość: dreamy]

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler
(DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag
Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo
Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box
Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box
Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist
Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar
Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time
Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property
Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist
Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD
Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist
Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-
B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-
3FB6980118CF}"
"{A5110426-177D-4e08-AB3F-785F10B4439C}"="Sony Ericsson File Manager"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=""
"{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=""
"{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=""
"{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=""
"{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=""
"{309EA188-4A0E-49B5-B041-055F14309998}"=""
"{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=""
"{94C41DAF-A412-4D90-862C-2C43548A21D4}"=""
"{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=""
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
"{354A9DC0-3981-4EA6-8A14-676654209E11}"=""
"{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=""
"{D867D6CD-104C-4647-8331-1EB13B876CE5}"=""

********************************************************************************
**
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\Mostdfmt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\InprocServer32]
@="C:\\WINDOWS\\system32\\pplstore.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\InprocServer32]
@="C:\\WINDOWS\\system32\\cirsrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\Implemented
Categories]
@=

LOG Z l2mfix

[Gość: dreamy]

[HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\InprocServer32]
@="C:\\WINDOWS\\system32\\crcfg32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\InprocServer32]
@="C:\\WINDOWS\\system32\\mlpmspsv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\InprocServer32]
@="C:\\WINDOWS\\system32\\lgrmonui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\InprocServer32]
@="C:\\WINDOWS\\system32\\mv4sdmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\InprocServer32]
@="C:\\WINDOWS\\system32\\mivcrt40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\InprocServer32]
@="C:\\WINDOWS\\system32\\bdowsewm.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\Implemented
Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\Implemented
Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\InprocServer32]
@="C:\\WINDOWS\\system32\\kmdru.dll"
"ThreadingModel"="Apartment"

********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
bgtsprx3.dll Mon Jul 24 2006 3:26:28p ..S.R 233,680 228.20 K
cpuinf32.dll Thu Jul 13 2006 11:18:34a A.... 9,216 9.00 K
hgdby.dll Thu Jul 13 2006 11:34:20a ..SH. 573,492 560.05 K
m6nq0g~1.dll Mon Jul 24 2006 1:19:28p ..S.R 233,680 228.20 K
mplvpx.dll Thu Jul 13 2006 11:18:52a A.... 245,760 240.00 K
msvbvm60.dll Fri Jun 23 2006 9:54:18p A.... 1,385,744 1.32 M
ogg.dll Thu Jul 13 2006 11:39:08a A.... 45,056 44.00 K
oggds.dll Thu Jul 13 2006 11:54:14a A.... 237,568 232.00 K
pncrt.dll Sun Jun 4 2006 5:08:42p A.... 278,528 272.00 K
pndx5016.dll Sun Jun 4 2006 5:08:44p A.... 6,656 6.50 K
pndx5032.dll Sun Jun 4 2006 5:08:44p A.... 5,632 5.50 K
qghumeay.dll Thu Jul 13 2006 11:13:32a A.... 0 0.00 K
rmoc3260.dll Sun Jun 4 2006 5:09:18p A.... 157,696 154.00 K
vorbis.dll Thu Jul 13 2006 11:41:40a A.... 188,416 184.00 K
vorbis~1.dll Thu Jul 13 2006 11:51:18a A.... 921,600 900.00 K
wmv9vcm.dll Thu Jul 13 2006 11:37:42a A.... 1,415,680 1.35 M
xvid.dll Thu Jul 13 2006 11:17:40a A.... 626,688 612.00 K
xvidcore.dll Thu Jul 13 2006 11:17:56a A.... 679,936 664.00 K
xvidvfw.dll Thu Jul 13 2006 11:18:02a A.... 155,648 152.00 K

19 items found: 19 files (3 H/S), 0 directories.
Total of file sizes: 7,400,676 bytes 7.05 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Mon Jul 24 2006 10:36:14p A.... 233,979 228.49 K
mcrh.tmp Mon Jul 24 2006 4:09:22p A.... 0 0.00 K
ybdgh.tmp Sun Jul 23 2006 1:38:08p ..SH. 5,613 5.48 K

3 items found: 3 files (1 H/S), 0 directories.
Total of file sizes: 239,592 bytes 233.98 K
********************************************************************************
**
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 682E-1693

Directory of C:\WINDOWS\System32

07/25/2006 11:57 AM 2,817 ybdgh.ini2
07/24/2006 04:10 PM 543,415 ybdgh.bak2
07/24/2006 03:26 PM 233,680 bgtsprx3.dll
07/24/2006 01:19 PM 233,680 m6nq0g55e6.dll
07/23/2006 01:38 PM 5,613 ybdgh.tmp
07/20/2006 09:26 PM 2,507 ybdgh.ini
07/13/2006 11:34 AM 573,492 hgdby.dll
07/09/2006 07:48 AM <DIR> dllcache
03/18/2003 07:58 AM <DIR> Microsoft
7 File(s) 1,595,204 bytes
2 Dir(s) 14,235,484,160 bytes free

[wiewia1]

Ściagasz program Gmer www.gmer.net/ Zapisujesz go koniecznie na dysku C:\ i przejdz do zakładki CMD i wklej to

CD C:\WINDOWS\System32
ATTRIB -R -S -H hgdby.dll
ATTRIB -R -S -H Mostdfmt.dll
ATTRIB -R -S -H pplstore.dll
ATTRIB -R -S -H cirsrv.dll
ATTRIB -R -S -H crcfg32.dll
ATTRIB -R -S -H mlpmspsv.dll
ATTRIB -R -S -H lgrmonui.dll
ATTRIB -R -S -H mv4sdmod.dll
ATTRIB -R -S -H mivcrt40.dll
ATTRIB -R -S -H bdowsewm.dll
ATTRIB -R -S -H kmdru.dll
ATTRIB -R -S -H gtsprx3.dll
ATTRIB -R -S -H cpuinf32.dll
ATTRIB -R -S -H mplvpx.dll
ATTRIB -R -S -H msvbvm60.dll
ATTRIB -R -S -H ogg.dll
ATTRIB -R -S -H oggds.dll
ATTRIB -R -S -H qghumeay.dll
ATTRIB -R -S -H vorbis.dll
ATTRIB -R -S -H vorbis~1.dll
ATTRIB -R -S -H wmv9vcm.dll
ATTRIB -R -S -H xvid.dll
ATTRIB -R -S -H xvidcore.dll
ATTRIB -R -S -H xvidvfw.dll
ATTRIB -R -S -H bgtsprx3.dll
ATTRIB -R -S -H m6nq0g55e6.dll
DEL hgdby.dll
DEL Mostdfmt.dll
DEL pplstore.dll
DEL cirsrv.dll
DEL crcfg32.dll
DEL mlpmspsv.dll
DEL lgrmonui.dll
DEL mv4sdmod.dll
DEL mivcrt40.dll
DEL bdowsewm.dll
DEL kmdru.dll
DEL gtsprx3.dll
DEL cpuinf32.dll
DEL mplvpx.dll
DEL msvbvm60.dll
DEL ogg.dll
DEL oggds.dll
DEL qghumeay.dll
DEL vorbis.dll
DEL vorbis~1.dll
DEL wmv9vcm.dll
DEL xvid.dll
DEL xvidcore.dll
DEL xvidvfw.dll
DEL bgtsprx3.dll
DEL m6nq0g55e6.dll
DEL guard.tmp
DEL mcrh.tmp
DEL ybdgh.ini2
DEL ybdgh.bak2
DEL ybdgh.tmp
DEL ybdgh.ini

Następnie zaznacz REGEDIT i wklej to

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\hgdby]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform]
"{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved]
"{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=-
"{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=-
"{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=-
"{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=-
"{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=-
"{309EA188-4A0E-49B5-B041-055F14309998}"=-
"{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=-
"{94C41DAF-A412-4D90-862C-2C43548A21D4}"=-
"{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=-
"{354A9DC0-3981-4EA6-8A14-676654209E11}"=-
"{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=-
"{D867D6CD-104C-4647-8331-1EB13B876CE5}"=-

[-HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}]

[-HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}]

[-HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}]

[-HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}]

[-HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}]

[-HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}]

[-HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}]

[-HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}]

[-HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}]

[-HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}]

[-HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}]

[-HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}]

Następnie wróc do zakładki procesy Wybierz funkcje ZABIJ WSZYSTKO. Powrót do zakładki cmd I dajesz uruchom zarówno dla CDM i REGEDIT z osobna. Powrót do zakładki procesy i restart. Jeśli Gmer się zawiesi zobacz opcje awaryjny w zakładce procesy. I ponownie wklep komendy.

[wiewia1]

A po wszystkim daj nowy log z programu l2mfix z opcji nr1

[Gość: dreamy]

Zrobilam wszystko tak jak mialam zrobic,ale po nacisnieciu restart,nic sie nie
zmienilo.Wiec zamknelam okno tego programu i musialam wyjac baterie z kompa,aby
chcial mi sie wylaczyc.W kazdym razie wklejam log

L2MFIX find log 051206
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\hgdby]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform]
"{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

[wiewia1]

Fix-y do rejestru musiały się złamać więc dlatego pewno nie weszły .Ale nic nie jest żle wklej teraz do zakładki CMD to

CD C:\WINDOWS\System32
ATTRIB -R -S -H hgdby.dll
DEL hgdby.dll
DEL ybdgh.tmp
DEL ybdgh.ini2
DEL ybdgh.ini
DEL ybdgh.bak2

W zakładke regedit wklej to

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\User Agent\Post Platform]
"{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellExtensions\Approved]
"{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=-
"{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=-
"{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=-
"{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=-
"{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=-
"{309EA188-4A0E-49B5-B041-055F14309998}"=-
"{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=-
"{94C41DAF-A412-4D90-862C-2C43548A21D4}"=-
"{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=-
"{354A9DC0-3981-4EA6-8A14-676654209E11}"=-
"{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=-
"{D867D6CD-104C-4647-8331-1EB13B876CE5}"=-

Reszta procedura ta sama i wklej log nowy.

[Gość: dreamy]

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler
(DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag
Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo
Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box
Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box
Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist
Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar
Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time
Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property
Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist
Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD
Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist
Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-
B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-
3FB6980118CF}"
"{A5110426-177D-4e08-AB3F-785F10B4439C}"="Sony Ericsson File Manager"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=""
"{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=""
"{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=""
"{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=""
"{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=""
"{309EA188-4A0E-49B5-B041-055F14309998}"=""
"{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=""
"{94C41DAF-A412-4D90-862C-2C43548A21D4}"=""
"{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=""
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
"{354A9DC0-3981-4EA6-8A14-676654209E11}"=""
"{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=""
"{D867D6CD-104C-4647-8331-1EB13B876CE5}"=""

[Gość: dreamy]

********************************************************************************
**
HKEY ROOT CLASSIDS:
********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
pncrt.dll Sun Jun 4 2006 5:08:42p A.... 278,528 272.00 K
pndx5016.dll Sun Jun 4 2006 5:08:44p A.... 6,656 6.50 K
pndx5032.dll Sun Jun 4 2006 5:08:44p A.... 5,632 5.50 K
rmoc3260.dll Sun Jun 4 2006 5:09:18p A.... 157,696 154.00 K

4 items found: 4 files, 0 directories.
Total of file sizes: 448,512 bytes 438.00 K
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
ybdgh.tmp Sun Jul 23 2006 1:38:08p ..SH. 5,613 5.48 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 5,613 bytes 5.48 K
********************************************************************************
**
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 682E-1693

Directory of C:\WINDOWS\System32

07/25/2006 07:43 PM 3,329 ybdgh.ini2
07/24/2006 04:10 PM 543,415 ybdgh.bak2
07/23/2006 01:38 PM 5,613 ybdgh.tmp
07/20/2006 09:26 PM 2,507 ybdgh.ini
07/09/2006 07:48 AM <DIR> dllcache
03/18/2003 07:58 AM <DIR> Microsoft
4 File(s) 554,864 bytes
2 Dir(s) 14,038,708,224 bytes free




Pozdrawiam
dreamy

[wiewia1]

Sorki odpowiedz masz wyżej znowu sie troche pomyliło. Poprawie się

[Gość: dreamy]

L2MFIX find log 051206
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\hgdby]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform]
"{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

[Gość: dreamy]

ciag dalszy loga

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler
(DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag
Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo
Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box
Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box
Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist
Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar
Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time
Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property
Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist
Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD
Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist
Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-
B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-
3FB6980118CF}"
"{A5110426-177D-4e08-AB3F-785F10B4439C}"="Sony Ericsson File Manager"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=""
"{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=""
"{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=""
"{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=""
"{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=""
"{309EA188-4A0E-49B5-B041-055F14309998}"=""
"{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=""
"{94C41DAF-A412-4D90-862C-2C43548A21D4}"=""
"{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=""
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
"{354A9DC0-3981-4EA6-8A14-676654209E11}"=""
"{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=""
"{D867D6CD-104C-4647-8331-1EB13B876CE5}"=""

[Gość: dreamy]

********************************************************************************
**
HKEY ROOT CLASSIDS:
********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
pncrt.dll Sun Jun 4 2006 5:08:42p A.... 278,528 272.00 K
pndx5016.dll Sun Jun 4 2006 5:08:44p A.... 6,656 6.50 K
pndx5032.dll Sun Jun 4 2006 5:08:44p A.... 5,632 5.50 K
rmoc3260.dll Sun Jun 4 2006 5:09:18p A.... 157,696 154.00 K

4 items found: 4 files, 0 directories.
Total of file sizes: 448,512 bytes 438.00 K
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
ybdgh.tmp Sun Jul 23 2006 1:38:08p ..SH. 5,613 5.48 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 5,613 bytes 5.48 K
********************************************************************************
**
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 682E-1693

Directory of C:\WINDOWS\System32

07/25/2006 07:43 PM 3,329 ybdgh.ini2
07/24/2006 04:10 PM 543,415 ybdgh.bak2
07/23/2006 01:38 PM 5,613 ybdgh.tmp
07/20/2006 09:26 PM 2,507 ybdgh.ini
07/09/2006 07:48 AM <DIR> dllcache
03/18/2003 07:58 AM <DIR> Microsoft
4 File(s) 554,864 bytes
2 Dir(s) 14,036,328,448 bytes free

[wiewia1]

No nic trzeba tłuc dalej wklej do zakładki CMD teraz to

CD C:\WINDOWS\System32
ATTRIB -R -S -H hgdby.dll
DEL hgdby.dll
DEL ybdgh.tmp
DEL ybdgh.ini2
DEL ybdgh.ini
DEL ybdgh.bak2

W zakładke regedit wklej

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\hgdby]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=-
"{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=-
"{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=-
"{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=-
"{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=-
"{309EA188-4A0E-49B5-B041-055F14309998}"=-
"{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=-
"{94C41DAF-A412-4D90-862C-2C43548A21D4}"=-
"{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=-
"{354A9DC0-3981-4EA6-8A14-676654209E11}"=-
"{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=-
"{D867D6CD-104C-4647-8331-1EB13B876CE5}"=-

Porocedura ta sama coś fix-y do rejetsru nie wchodzą. Moze bład w odstępach jest zobacz teraz. Czy problem się troche zmienił czy dalej wystepuje.Po wszytstkim znowu mowy log

[Gość: dreamy]

No,brawo,jakis sukces!Od razu zrestartowalo mi kompa!! Hehe A o to moj log

L2MFIX find log 051206
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\hgdby]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform]

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

[Gość: dreamy]

cd..

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler
(DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag
Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo
Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box
Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box
Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist
Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar
Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time
Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property
Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist
Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD
Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist
Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-
B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-
3FB6980118CF}"
"{A5110426-177D-4e08-AB3F-785F10B4439C}"="Sony Ericsson File Manager"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"

[Gość: dreamy]

********************************************************************************
**
HKEY ROOT CLASSIDS:
********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
pncrt.dll Sun Jun 4 2006 5:08:42p A.... 278,528 272.00 K
pndx5016.dll Sun Jun 4 2006 5:08:44p A.... 6,656 6.50 K
pndx5032.dll Sun Jun 4 2006 5:08:44p A.... 5,632 5.50 K
rmoc3260.dll Sun Jun 4 2006 5:09:18p A.... 157,696 154.00 K

4 items found: 4 files, 0 directories.
Total of file sizes: 448,512 bytes 438.00 K
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
ybdgh.tmp Sun Jul 23 2006 1:38:08p ..SH. 5,613 5.48 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 5,613 bytes 5.48 K
********************************************************************************
**
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 682E-1693

Directory of C:\WINDOWS\System32

07/25/2006 07:43 PM 3,329 ybdgh.ini2
07/24/2006 04:10 PM 543,415 ybdgh.bak2
07/23/2006 01:38 PM 5,613 ybdgh.tmp
07/20/2006 09:26 PM 2,507 ybdgh.ini
07/09/2006 07:48 AM <DIR> dllcache
03/18/2003 07:58 AM <DIR> Microsoft
4 File(s) 554,864 bytes
2 Dir(s) 14,035,042,304 bytes free

[wiewia1]

Dobra jest ok. Look2me nie ma Wiem już dlaczego nie wchodzi ten fix. Tam tych plików nie usuwamy. Jakiś program musi je wkładac po restarcie u ciebie z powrotem albo wgrany soft
Wpisz w uruchom regedit i przejdz do klucza i wykasuj z prawokliku myszki

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgdby]

Jak sytuacja z kompem poprawiła się. Wklej loga z Hijackthis do kontroli . Z l2mfix już nie wklejaj.

[Gość: dreamy]

nie zrozumialam polecenia.Uruchomilam tego regetid i co dalej?Jest tam kilka
kluczy tych HKEY....i co teraz?

[wiewia1]

REGEDIT i OK

Rozwijaj pokolei klucze az przejdziesz do tego i wkasuj go prawym myszy

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgdby]

Jak nie. to zrób tak otwórz notanik wi kwlej w nim to

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgdby]

Następnie plik=>zapisz jako zmień rozszerzenie z txt na wszystkie pliki i zapisz pod nazwą fix.reg Kliknij dwa razy lewym myszy na zrobiony fix i restart kompa. Melduj o sytuacji w systemie

[Gość: dreamy]

Mam problem z uruchomieniem Hijackthis.....gdy go odpalam podaje mi
komunikat: "This application has failed to start because MSVBVM60.DLL was not
found. I napisal ze nalezy jeszczeraz to zainstalowac.Tylko ze sciagnelam nowy
program z netu i sytuacja sie powtorzyla!Wczesniejsze polecenia wkonalam!

Pozdrawiam
dreamy

[wiewia1]

Ściągnij ten plik z tego linku www.dll-files.com/dllindex/dll-files.shtml?msvbvm60 i zapisz go do C:\WINDOWS\System32

[Gość: dreamy]

ten sam problem sie powtarza!Moze ten plik trzeba wrzucic do innego katalogu?

[wiewia1]

Jak go ściągnełaś i zapisałaś w tej ścieżce co podałem To wklej w uruchom to

regsvr32 C:\WINDOWS\System32\MSVBVM60.dll

I restart kompa

[Gość: dreamy]

Nie wiem,moze jest juz dla mnie z pozno,ale znowu nie zrozumialam polecenia!!!
Mozna prosic o sprecyzowanie ?

[wiewia1]

Plik masz już na dysku w katalogu C:\WINDOWS\System32

Teraz trzeba go zarejestrować wklej takie polecenie w Start=>uruchom

regsvr32 MSVBVM60.dll

I restart systemu. Tamto pierwsze jest złe. Zastosuj to. Niechcący ten plik poleciał przy usuwaniu.

[Gość: dreamy]

nie przyjmuje mi tej nazwy.Podaje ja pelna czyli "regsvr32 MSVBVM60.dll" lub i
czesciowo.Za kazdym razem nie przyjmuje. poza tym jak sciagnelam ten plik z
netu do system32 to jest to plik zzipowany,wiec chyba powinnam go
rozzipowac....?
pozdrawiam
dreamy

[wiewia1]

No tak koniecznie i wypakuj go do tej ścieżki i ponownie rejestruj.

[Gość: dreamy]

Jakis dziwnie krotki....ale jest!

Logfile of HijackThis v1.99.1
Scan saved at 10:18:19 PM, on 7/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\AVWLPSTA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\User1\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.co.uk/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {B204DC68-03EE-4D08-B42D-8109704D5719} -
C:\WINDOWS\System32\hgdby.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE START
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown
owner - C:\WINDOWS\winlogon.exe (file missing)

[wiewia1]

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {B204DC68-03EE-4D08-B42D-8109704D5719} -
C:\WINDOWS\System32\hgdby.dll (file missing)

Usuń ten wpis w hijackthis poleceniem fixchecked Po za tym jest Ok Log czysty

Zrób jeszcze tak. Włóż płyte do napędu cd systemem Windows Xp i wklej w Start=> uruchom takie polecenie

sfc /scannow

i ok. sprawdzi ci pliki systemowe .dll

[wiewia1]

Jeszcze usłaga została do kasacji.

Wejdz w panel sterowania=>Narzędzia administarcyjne=>usłigi i wyszukaj usługi Service: Windows Process Viewer Klikasz dwa razy lewym myszy zatrzymujesz ją i ustawiasz status na wyłączony.
i usuwasz plik z dysku C:\WINDOWS\winlogon.exe tylko taka sciezke w inną nie wchodzisz

[Gość: dreamy]

Co do tej uslugi,to byla ona wylaczona! A ten plik winlogon.exe to w katalogu
Windows nie znalazlam go,natomiast siedzi on w "system32" i z innym
rozszerzeniem w "prefetch".
Ogolnie zeskanowalam kompa adaware i spybot,zaden nic nie znalazl,wiec moge z
wielkim usmiechem podziekaowac Tobie za pomoc!! Co my laicy zrobilibysmy bez
Was!!! Fajnie ze jest takie forum i ze sa ludzie ktorzy tak bezinteresownie
pomagaja!! Po prostu wielki uklon w Wasza strone!!!

Mam jeszcze na koniec takie pytanie.....bo nie bardzo moge znalezc zadnych
antywirow(poza ewido) i firewalli ....i chcialam wiedziec czy dobrze zrobie jak
wgram jutro avasta i na przyklad Agnitum Outpost Firewall.....bo na swoich
kompach mam avasta i jestem bardzo zadowolona,a z tego firewalla bylam
zadowolona jak korzystalam.Czy to jest potrzebne na tym kompie,czy moze widzisz
jakiegos innego firewalla ktory jakims dziwnym trafem jest dla mnie nie
widoczny....

Jeszcze raz wielkie dzieki!!!!!!!!!!!!! :-D
Podrawiam
dreamy

[wiewia1]

Z usługą mozesz zrobić tak. Wejdz w Hijacthis następnie wybierz opcje "open the misc tools section" Potem wejdz "delete an NT service... i w okienko wklej to The Windows Process Viewer Ok i restart kompa usługa powinna wynieść sie na dobre. Apliku nie ma tak. A przy wyszukiwaniu miałaś w opcjach folderów=>Widok=>zaznaczona opcja pokaż ukryte pliki i systemowe. Jak nie to zrób tak i poszukaj. Tamte innne winlogon cię nie interesują

Awast Ok i zainstaluj sobie Kerio firewalla konfiguracja i opis tu forum.dobreprogramy.pl/viewtopic.php?t=35065 no i przedewszytskim zainstaluj SP2 no i trzynaj sie zdala od wirusów

Pozdrawiam Wiewia

[Gość: dreamy]

z hijackthisa dostalam,ze nie ma takiej uslugi,zebym sprawdzila jej poprawnosc!

Pozdrawiam
dreamy