Dodaj do ulubionych

Bardzo prosze o pomoc !!Trojany!!

IP: 84.13.13.* 22.07.06, 13:45
Witam
Mam komputer ktory postanowilam dzisiaj zeskanowac adaware aby sprawdzicczy
nic mi sie tam nie zagniezdzilo!Jednak zaraz jak go uruchomilam i zaczal
prawdzac po kolei foldery, to po prostu znikal obraz,po czym pojawial sie
normalnie pupit bez zadnego uruchomionego programu!Tak wiec wrzcilam spybota
i nim zeskanowalam!Znalazl mi okolo 34 obiektow z wieloma wejsciami.Wiekszosc
z nich usunal,ale czesci ne dal rady. I tak zostaly miedzy innymi:
Network monitor
command service
coolWWWSearch.Leftovers
SurfSideKick
Virtumonde
Oraz kilka w stylu windows Security Center.Antivirus i Fiewall
Po tym zeskanowanie spybotem probowalam znowu uruchomic adawara,ale sytuacja
sie powtarzala jak poprzednio!
Bardzo prsze kogos o pomoc, bo ja juz nie wiem co robic.
A oto moj log z hijaka:

Logfile of HijackThis v1.99.1
Scan saved at 12:37:54 PM, on 7/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\VXNlcjE\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\winlogon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\User1\Local Settings\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
www.averatec.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} -
C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE START
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32
\algs.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrded_7.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Command Service (cmdService) - Unknown owner -
C:\WINDOWS\VXNlcjE\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32
\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32
\PAStiSvc.exe
O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown
owner - C:\WINDOWS\winlogon.exe (file missing)



Pozdrawiam
dreamy
Obserwuj wątek
    • Gość: Kolobos Re: Bardzo prosze o pomoc !!Trojany!! IP: *.warszawa.sdi.tpnet.pl 22.07.06, 13:55
      Zamknij porty w wwdc, opis masz w przyklejonym poscie do tego czytasz tam i
      wykonujesz: usuwanie look2me, usuwanie uslug, skan ewido.

      W meneadzerze zadan zakoncz:
      C:\WINDOWS\winlogon.exe
      Nie pomyl z plikiem systemowym!

      W hjt usun:
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*www.yahoo.com/ext/search/
      search.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*www.yahoo.com/ext/search/
      search.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
      us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*www.yahoo.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
      www.averatec.com/
      R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} -
      C:\Program Files\SurfSideKick 3\SskBho.dll <- katalog SurfSideKick 3 usun z
      dysku.
      O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
      O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32
      \algs.exe <- plik usun z dysku.
      O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe <-
      plik usun z dysku.
      O4 - HKLM\..\Run: [ms ownage] winPE.exe <- plik usun z dysku,
      O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe <- i ten
      O4 - HKLM\..\Run: [keyboard] C:\\kybrded_7.exe <- i ten
      O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
      O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
      O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
      O20 - AppInit_DLLs: repairs303169590.dll <- i ten

      Uslugi do kasacji:
      O23 - Service: Command Service (cmdService) - Unknown owner -
      C:\WINDOWS\VXNlcjE\command.exe (file missing) <- katalog VX... usun z dysku.
      O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown
      owner - C:\WINDOWS\winlogon.exe (file missing) <- plik usun z dysku, nie pomyl
      tylko z systemowym.

      Po wszystkim wklej nowy log z hijackthis.
      • Gość: dreamy Re: Bardzo prosze o pomoc !!Trojany!! IP: 84.13.252.* 22.07.06, 19:14
        1. Sciagnelam sobie wwdc i zamknelam porty.Jedynie UPNP jest na zolto,a reszta
        na zielono!
        2. W menadzerze zadan nie usunelam tego pliku, bo w kolumnie user name jest
        opisany jako system,wiec wole nie ryzykowac.Jesli jednak mam cos zrobic to
        czekam na wskazowki :-)
        3. Z hjt usunelam wszystko co trzeba,natomiast z usunieciem tych plikow mialam
        pewien problem, poniewaz te nazwy sie roznily.Na przyklad
        > O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe <
        > ;- to nie ma takiego pliku, tylko jest spoolsv.exe, a jak by nie bylo, to
        nazwa sie juz nie zgadza!
        Katalog SurfSideKick 3 zostal usuniety,choc nie od razu.Chyba ktorys ze
        skanerow mi w tym pomogl,bo jak recznie probowalam,to nie chcialo zniknac, a
        teraz go nie ma!
        > O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32
        > \algs.exe co do tego pliku to znowu nazwa mi sie nie zgadza, bo ja mam
        alg.exe
        I to chyba na tyle! Adaware juz skanuje, natomiast przy skanowaniu pelnym
        znajduje ozne rzeczytakie jak adware.look2me WinAntiVirusPro
        RepairRegistryPro. Tego look2me probowalam usunac killboxem,ale nie bardzo mi
        to wyszlo,oraz sciagnelam tego destroyera i ten w ogole nie chcial dzialac.
        Jak odpalam spybota, to znajduje mi czasem Virtumonde i nastepnie pisze,ze nie
        moze usunac c:\windows\system32\h40q0ed5eh0.dll

        A do tego jeszcze jak jestem w necie,to co jakis czas same otwieraja mi sie
        rozne strony.Co mnie tylko dziwi zadne z sekse, jak to zwykle bywa, lecz jakies
        w stylu kasino,czy komorki do kupenia!

        To chyba na tyle!Czekam w takim razie na odpowiedz co robic dalej i dziekuje za
        dotychczasowe rady!Co my bysmy bez was zrobili....eh:-*
        • Gość: Kolobos Re: Bardzo prosze o pomoc !!Trojany!! IP: *.warszawa.sdi.tpnet.pl 22.07.06, 19:34
          > 1. Sciagnelam sobie wwdc i zamknelam porty.Jedynie UPNP jest na zolto,a
          > reszta na zielono!

          Tutaj masz o UPNP:
          forum.gazeta.pl/forum/72,2.html?f=430&w=38051058&a=38142298
          > 2. W menadzerze zadan nie usunelam tego pliku, bo w kolumnie user name
          > jest opisany jako system,wiec wole nie ryzykowac.Jesli jednak mam cos
          > zrobic to czekam na wskazowki :-)

          Wklej nowy log z hjt to zobaczymy co zostalo.

          > O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe <
          > O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32
          > \algs.exe

          Skoro plikow nie ma to nie usuwasz ;-)

          > to wyszlo,oraz sciagnelam tego destroyera i ten w ogole nie chcial dzialac.

          Uruchom w trybie awaryjnym.

          > c:\windows\system32\h40q0ed5eh0.dll

          Wyglada na kawalek look2me, wiec narazie sprobuj to co napisalem wyzej.

          > A do tego jeszcze jak jestem w necie,to co jakis czas same otwieraja...

          Masz look2me wiec nic dziwnego.
          • Gość: dreamy Re: Bardzo prosze o pomoc !!Trojany!! IP: 84.13.50.* 22.07.06, 20:11
            Mam problem z uruchmieniem trybu awaryjnego,bo to komp z USA,a z tego co wiem
            to w nich sie inaczej go wlacza.W kazdym razie probowalam z F8 i F2 i ctrl i
            nic nie dziala!

            W dodaj usun programy nie znalazlam nic takiego jak UPNP,a poza tym nie bardzo
            wiem cz nawet jesli bm znalazla,to cz moge to usunac.Problem jest taki,ze to
            komp znajmych i nie chce usunac im nic co moze byc im potrzebne!No ale zlicze
            sie na Ciebie :-D

            Pousuwalam te pozycje z loga.Ale look2me caly czas aje o sobie znac!! Meczacy
            jest on strasznie!

            Pozdrawiam
            dreamy
            • kolobos Re: Bardzo prosze o pomoc !!Trojany!! 22.07.06, 21:07
              Komputer moze byc i z chin, a i tak tryb awaryjny uruchamia sie przez F8.

              > W dodaj usun programy nie znalazlam nic takiego jak UPNP

              Jest w skladnikach systemowych, mozna tez wylaczyc usluge w Start->Uruchom-
              >Services.msc odszukac tam upnp, wylaczyc i zatrzymac.

              > Pousuwalam te pozycje z loga.Ale look2me caly czas aje o sobie znac!!
              > Meczacy jest on strasznie!

              Wszystkie trzy programy do usuwania nie dzialaja?
              • Gość: dreamy Re: Bardzo prosze o pomoc !!Trojany!! IP: 84.13.43.* 23.07.06, 13:06
                No tak.Tylko swietnie pamietam,ze moj kumpel mial kompa z usa i u niego tryb
                awaryjny uruchamialo sie na 100% przez wcisniecie F2!!No,ale nic!W kazdym razie
                na tym moim kompie F8 nie dziala.Pokazuje sie jedynie cos w stylu select first
                boot dewice a pozniej HDD CD/DVD i BBS-0 a nie wiedze nigdzie mozliwosci
                wrzucenia systemu awaryjnego.

                Probowalam z wszystkimi trzema programami.Zaden nie chce mi usunac look2me.Dwa
                w ogole nie chca dzialac,a jeden z nich,ten killbox ma niby wyszukiwac
                pliki,ale nie moze nic znalexc z look2me.....nie wiem,moze cos zle robie...

                pozdrawiam
                dreamy
                • kolobos Re: Bardzo prosze o pomoc !!Trojany!! 23.07.06, 15:38
                  > W kazdym razie na tym moim kompie F8 nie dziala.Pokazuje sie jedynie cos w
                  > stylu select first boot dewice a pozniej HDD CD/DVD i BBS-0 a nie wiedze
                  > nigdzie mozliwosci wrzucenia systemu awaryjnego.

                  Za wczesnie naciskasz...

                  > ale nie moze nic znalexc z look2me.....nie wiem,moze cos zle robie...

                  Wiec moze juz go nie ma.


                  • Gość: dreamy Re: Bardzo prosze o pomoc !!Trojany!! IP: 84.13.144.* 23.07.06, 16:10
                    Udalo mi sie juz uruchomic tryb awaryjny!Ale pomimo skanowania przez wszystkie
                    mozliwe skanery jakie mamy,lacznie z tymi co mialy usunac look2me,nie udalo mi
                    sie go usunac.Probowalam uzyc tez tego kill....na poczatku on pisze,ze nie mam
                    look2me,ale proponuje sprawdzenie.Gdy kaze mu sprawdzic,to pisze ze go
                    usunal,ale on dalej jest.Tak wiec ten tryb awaryjny chyba nic nie pomogl.

                    A tego portu UPNP dalej nie zamknelam......czytalam na necie jak to zrobic,ale
                    podaja inna nazwe....cos zaczynajacego sie chyba na d.....teraz nie pamietam
                    dokladnie....ale moze ty masz jeszcze jakis pomysl?

                    pozdrawiam
                    dreamy
                    • Gość: Kolobos Re: Bardzo prosze o pomoc !!Trojany!! IP: *.warszawa.sdi.tpnet.pl 23.07.06, 17:01
                      Sciagnij:
                      www.downloads.subratam.org/l2mfix.exe
                      rozpakuj, uruchom l2mfix.bat, wybierz opcje 1, a log, ktory sie
                      utworzy wklej na forum.

                      > A tego portu UPNP dalej nie zamknelam......czytalam na necie jak
                      > to zrobic,ale podaja inna nazwe....cos zaczynajacego sie chyba na
                      > d.....teraz nie pamietam dokladnie....ale moze ty masz jeszcze
                      > jakis pomysl?

                      Juz Ci napisalem zeby wylaczyc usluge w service.msc mozna tez uzyc tego:
                      www.grc.com/files/unpnp.exe
                      Jezeli dalej bedziesz miec z tym problem to juz to zostaw, niech bedzie
                      wlaczone.
                      • Gość: dreamy Re: Bardzo prosze o pomoc !!Trojany!! IP: 84.13.28.* 23.07.06, 19:44
                        oto ten log :-D
                        pozdrawiam
                        dreamy



                        L2MFIX find log 051206
                        These are the registry keys present
                        ********************************************************************************
                        **
                        Winlogon/notify:
                        Windows Registry Editor Version 5.00

                        [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
                        NT\CurrentVersion\Winlogon\Notify]

                        [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
                        NT\CurrentVersion\Winlogon\Notify\Dynamic Directory]
                        "Asynchronous"=dword:00000000
                        "DllName"="C:\\WINDOWS\\system32\\fp4003hme.dll"
                        "Impersonate"=dword:00000000
                        "Logon"="WinLogon"
                        "Logoff"="WinLogoff"
                        "Shutdown"="WinShutdown"

                        [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
                        NT\CurrentVersion\Winlogon\Notify\hgdby]
                        "Asynchronous"=dword:00000001
                        "DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
                        "Impersonate"=dword:00000000
                        "Startup"="SysLogon"
                        "Logoff"="SysLogoff"

                        ********************************************************************************
                        **
                        useragent:
                        Windows Registry Editor Version 5.00

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
                        Settings\User Agent\Post Platform]
                        "{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=""

                        ********************************************************************************
                        **
                        Shell Extension key:
                        Windows Registry Editor Version 5.00

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
                        Extensions\Approved]
                        "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
                        "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
                        "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
                        "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
                        "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
                        "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
                        "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
                        "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
                        "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
                        "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
                        "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
                        "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
                        "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
                        "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
                        Windows Network objects"
                        "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
                        "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
                        "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
                        "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
                        "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
                        "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
                        "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
                        "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
                        "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
                        "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
                        "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
                        "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
                        "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
                        "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
                        "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
                        "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
                        "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
                        "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
                        "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
                        "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
                        "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
                        "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
                        "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
                        "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
                        Host"
                        "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
                        "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
                        "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
                        "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
                        "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
                        "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
                        "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
                        "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
                        "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
                        "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
                        "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
                        "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
                        "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
                        "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
                        "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
                        "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
                        "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
                        "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
                        "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
                        "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
                        "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
                        "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
                        "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
                        "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
                        "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
                        "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
                        "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
                        "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
                        "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
                        "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
                        "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
                        "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
                        "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
                        "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
                        "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
                        "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
                        "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
                        "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
                        "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
                        "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
                        "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
                        List"
                        "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
                        Container"
                        "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
                        "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
                        "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
                        "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
                        "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
                        "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
                        "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
                        "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
                        "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
                        "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
                        "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
                        "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
                        "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
                        "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
                        "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
                        "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
                        "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
                        "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
                        "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
                        "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
                        "{3DC7
                          • Gość: dreamy Re: Bardzo prosze o pomoc !!Trojany!! IP: 89.240.224.* 24.07.06, 12:53
                            Ju to robilam.W trybie awaryjnym probowalam uruchomic tego destroyera,ale jest
                            to samo co w trybie normalnym.To zaczy na poczatku zaznaczam ten "run..." i on
                            mi wyswietla komunikat: "look2me-destroyer has detected that the task scheduler
                            service is not running and will start it now" a nastepnie wyskakuje mi to
                            okienko co powinno,czyli informujace,ze za minute odpali sie program.I moge
                            czekac 3 minuty,a nic mi sie nie pokazuje!Gdy wlaczam ponownie ten program,to
                            droga jestidentyczna jak poprzednio.

                            A tutaj wklejam loga z L2mfix

                            L2MFIX find log 051206
                            These are the registry keys present
                            ********************************************************************************
                            **
                            Winlogon/notify:
                            Windows Registry Editor Version 5.00

                            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
                            NT\CurrentVersion\Winlogon\Notify]

                            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
                            NT\CurrentVersion\Winlogon\Notify\Explorer]
                            "Asynchronous"=dword:00000000
                            "DllName"="C:\\WINDOWS\\system32\\p66slgj716o.dll"
                            "Impersonate"=dword:00000000
                            "Logon"="WinLogon"
                            "Logoff"="WinLogoff"
                            "Shutdown"="WinShutdown"

                            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
                            NT\CurrentVersion\Winlogon\Notify\hgdby]
                            "Asynchronous"=dword:00000001
                            "DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
                            "Impersonate"=dword:00000000
                            "Startup"="SysLogon"
                            "Logoff"="SysLogoff"

                            ********************************************************************************
                            **
                            useragent:
                            Windows Registry Editor Version 5.00

                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
                            Settings\User Agent\Post Platform]
                            "{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=""

                            ********************************************************************************
                            **
                            Shell Extension key:
                            Windows Registry Editor Version 5.00

                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
                            Extensions\Approved]
                            "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
                            "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
                            "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
                            "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
                            "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
                            "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
                            "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
                            "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
                            "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
                            "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
                            "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
                            "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
                            "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
                            "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
                            Windows Network objects"
                            "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
                            "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
                            "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
                            "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
                            "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
                            "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
                            "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
                            "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
                            "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
                            "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
                            "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
                            "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
                            "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
                            "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
                            "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
                            "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
                            "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
                            "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
                            "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
                            "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
                            "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
                            "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
                            "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
                            "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
                            Host"
                            "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
                            "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
                            "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
                            "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
                            "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
                            "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
                            "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
                            "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
                            "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
                            "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
                            "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
                            "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
                            "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
                            "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
                            "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
                            "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
                            "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
                            "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
                            "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
                            "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
                            "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
                            "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
                            "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
                            "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
                            "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
                            "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
                            "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
                            "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
                            "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
                            "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
                            "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
                            "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
                            "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
                            "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
                            "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
                            "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
                            "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
                            "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
                            "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
                            "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
                            "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
                            List"
                            "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
                            Container"
                            "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
                            "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
                            "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
                            "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
                            "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
                            "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
                            "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
                            "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
                            "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
                            "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
                            "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
                            "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
                            "{FF393560-C2A7-11CF
                          • Gość: dreamy Re: Bardzo prosze o pomoc !!Trojany!! IP: 89.240.224.* 24.07.06, 12:57
                            ciag dalszy loga


                            "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
                            "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
                            "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
                            "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
                            "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
                            "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
                            "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
                            "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
                            "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
                            "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
                            "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
                            "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
                            "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
                            "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
                            "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
                            "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
                            "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
                            "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
                            "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
                            "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
                            "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
                            "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
                            "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
                            "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
                            "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
                            "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
                            "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
                            "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
                            "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
                            "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
                            "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler
                            (DOCFILES)"
                            "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
                            "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
                            "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
                            "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
                            "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
                            "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
                            "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
                            "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag
                            Handler"
                            "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo
                            Target"
                            "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
                            "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
                            "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
                            "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
                            "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
                            "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
                            "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
                            "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box
                            Control"
                            "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box
                            Control"
                            "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist
                            Combo Control"
                            "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar
                            Control"
                            "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time
                            Control"
                            "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
                            "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
                            "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
                            "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
                            "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
                            "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
                            "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
                            "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
                            "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
                            "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
                            "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
                            "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
                            "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property
                            Sheet Handler"
                            "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
                            "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
                            "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
                            "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
                            "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
                            "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist
                            Context Menu Handler"
                            "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD
                            Context Menu Handler"
                            "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist
                            Context Menu Handler"
                            "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
                            "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
                            "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
                            "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
                            "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
                            "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
                            "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-
                            B43203AB3CC0}"
                            "{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-
                            3FB6980118CF}"
                            "{A5110426-177D-4e08-AB3F-785F10B4439C}"="Sony Ericsson File Manager"
                            "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
                            "{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=""
                            "{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=""
                            "{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=""
                            "{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=""
                            "{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=""
                            "{309EA188-4A0E-49B5-B041-055F14309998}"=""
                            "{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=""
                            "{94C41DAF-A412-4D90-862C-2C43548A21D4}"=""
                            "{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=""
                            "{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
                            "{354A9DC0-3981-4EA6-8A14-676654209E11}"=""
                            "{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=""
                            "{D867D6CD-104C-4647-8331-1EB13B876CE5}"=""

                            ********************************************************************************
                            **
                            HKEY ROOT CLASSIDS:
                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}]
                            @=""
                            "IDEx"="ADDR"

                            [HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\Mostdfmt.dll"
                            "ThreadingModel"="Apartment"

                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}]
                            @=""
                            "IDEx"="ADDR"

                            [HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\pplstore.dll"
                            "ThreadingModel"="Apartment"

                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}]
                            @=""
                            "IDEx"="ADDR"

                            [HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\InprocServer3
                          • Gość: dreamy Re: Bardzo prosze o pomoc !!Trojany!! IP: 89.240.224.* 24.07.06, 13:01
                            [HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\cirsrv.dll"
                            "ThreadingModel"="Apartment"

                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\crcfg32.dll"
                            "ThreadingModel"="Apartment"

                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\mlpmspsv.dll"
                            "ThreadingModel"="Apartment"

                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\guard.tmp"
                            "ThreadingModel"="Apartment"

                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}]
                            @=""
                            "IDEx"="AD"

                            [HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\lgrmonui.dll"
                            "ThreadingModel"="Apartment"

                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}]
                            @=""
                            "IDEx"="ADDR"

                            [HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\mv4sdmod.dll"
                            "ThreadingModel"="Apartment"

                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}]
                            @=""
                            "IDEx"="AD"

                            [HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\mivcrt40.dll"
                            "ThreadingModel"="Apartment"

                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\sudll.dll"
                            "ThreadingModel"="Apartment"

                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\bdowsewm.dll"
                            "ThreadingModel"="Apartment"

                            Windows Registry Editor Version 5.00

                            [HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\Implemented
                            Categories]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\Implemented
                            Categories\{00021492-0000-0000-C000-000000000046}]
                            @=""

                            [HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\InprocServer32]
                            @="C:\\WINDOWS\\system32\\kmdru.dll"
                            "ThreadingModel"="Apartment"

                            ********************************************************************************
                            **
                            Files Found are not all bad files:

                            C:\WINDOWS\SYSTEM32\
                            cpuinf32.dll Thu Jul 13 2006 11:18:34a A.... 9,216 9.00 K
                            dsmclien.dll Sun Jul 23 2006 2:02:32p ..S.R 236,371 230.83 K
                            hgdby.dll Thu Jul 13 2006 11:34:20a ..SH. 573,492 560.05 K
                            kmdru.dll Sun Jul 23 2006 9:40:54p ..S.R 233,680 228.20 K
                            lv4409~1.dll Sun Jul 23 2006 9:39:50p ..S.R 236,591 231.04 K
                            lvp209~1.dll Sat Jul 22 2006 6:53:42p ..S.R 234,584 229.09 K
                            lvr209~1.dll Sun Jul 23 2006 11:31:02p ..S.R 233,680 228.20 K
                            mplvpx.dll Thu Jul 13 2006 11:18:52a A.... 245,760 240.00 K
                            mrpmsnsv.dll Sun Jul 23 2006 2:43:50p ..S.R 236,548 231.00 K
                            msvbvm60.dll Fri Jun 23 2006 9:54:18p A.... 1,385,744 1.32 M
                            nvtshell.dll Sun Jul 23 2006 1:58:48p ..S.R 235,463 229.94 K
                            ogg.dll Thu Jul 13 2006 11:39:08a A.... 45,056 44.00 K
                            oggds.dll Thu Jul 13 2006 11:54:14a A.... 237,568 232.00 K
                            ouffilt.dll Sun Jul 23 2006 1:52:28p ..S.R 234,584 229.09 K
                            p66slg~1.dll Sun Jul 23 2006 10:50:00p ..S.R 235,446 229.93 K
                            pncrt.dll Sun Jun 4 2006 5:08:42p A.... 278,528 272.00 K
                            pndx5016.dll Sun Jun 4 2006 5:08:44p A.... 6,656 6.50 K
                            pndx5032.dll Sun Jun 4 2006 5:08:44p A.... 5,632 5.50 K
                            qghumeay.dll Thu Jul 13 2006 11:13:32a A.... 0 0.00 K
                            rmoc3260.dll Sun Jun 4 2006 5:09:18p A.... 157,696 154.00 K
                            sudll.dll Mon Jul 24 2006 11:33:38a ..S.R 235,446 229.93 K
                            vorbis.dll Thu Jul 13 2006 11:41:40a A.... 188,416 184.00 K
                            vorbis~1.dll Thu Jul 13 2006 11:51:18a A.... 921,600 900.00 K
                            wmv9vcm.dll Thu Jul 13 2006 11:37:42a A.... 1,415,680 1.35 M
                            wsvdmod.dll Sun Jul 23 2006 2:14:18p ..S.R 234,880 229.38 K
                            xvid.dll Thu Jul 13 2006 11:17:40a A.... 626,688 612.00 K
                            xvidcore.dll Thu Jul 13 2006 11:17:56a A.... 679,936 664.00 K
                            xvidvfw.dll Thu Jul 13 2006 11:18:02a A.... 155,648 152.00 K

                            28 items found: 28 files (12 H/S), 0 directories.
                            Total of file sizes: 9,520,589 bytes 9.08 M
                            Locate .tmp files:

                            C:\WINDOWS\SYSTEM32\
                            mcrh.tmp Sun Jul 23 2006 10:48:40p A.... 0 0.00 K
                            ybdgh.tmp Sun Jul 23 2006 1:38:08p ..SH. 5,613 5.48 K

                            2 items found: 2 files (1 H/S), 0 directories.
                            Total of file sizes: 5,613 bytes 5.48 K
                            ********************************************************************************
                            **
                            Directory Listing of system files:
                            Volume in drive C has no label.
                            Volume Serial Number is 682E-1693

                            Directory of C:\WINDOWS\System32

                            07/24/2006 11:49 AM 2,872 ybdgh.ini2
                            07/24/2006 11:33 AM 235,446 sudll.dll
                            07/23/2006 11:31 PM 233,680 lvr2099oe.dll
                            07/23/2006 10:49 PM 235,446 p66slgj716o.dll
                            07/23/2006 09:40 PM 233,680 kmdru.dll
                            07/23/2006
                          • Gość: dreamy Re: Bardzo prosze o pomoc !!Trojany!! IP: 89.240.224.* 24.07.06, 13:02
                            i to juz koncowka
                            pozdrawiam
                            dreamy


                            07/23/2006 09:39 PM 236,591 lv4409hqe.dll
                            07/23/2006 02:43 PM 236,548 mrpmsnsv.dll
                            07/23/2006 02:14 PM 234,880 wsvdmod.dll
                            07/23/2006 02:02 PM 236,371 dsmclien.dll
                            07/23/2006 01:58 PM 235,463 nvtshell.dll
                            07/23/2006 01:52 PM 234,584 ouffilt.dll
                            07/23/2006 01:38 PM 5,613 ybdgh.tmp
                            07/22/2006 06:53 PM 234,584 lvp2097oe.dll
                            07/20/2006 09:26 PM 2,507 ybdgh.ini
                            07/13/2006 11:34 AM 573,492 hgdby.dll
                            07/09/2006 07:48 AM <DIR> dllcache
                            03/18/2003 07:58 AM <DIR> Microsoft
                            15 File(s) 3,171,757 bytes
                            2 Dir(s) 14,314,938,368 bytes free
          • Gość: dreamy Re: Bardzo prosze o pomoc !!Trojany!! IP: 84.13.43.* 23.07.06, 13:46
            > Tutaj masz o UPNP:
            > forum.gazeta.pl/forum/72,2.html?f=430&w=38051058&a=38142298
            Weszlam na te forum,i zaczelam rbic wszystko po kolei jak bylo
            napisane,ale.....w dodaj usun programy nie mam nic takiego jak UPNP,ani w
            takiej nazwie ani jako skrot (bo tak na prawde nie wiem co to znaczy).Noa,el
            nic,weszlam dalej w skladniki systemu windows i uslugi sieciowe,ale tam tez nie
            znalazlam zadnego UPNP......Juz koncza mi sie pomysly :-)
            Zaczynam miec wrazenie,ze ten trojan zamieszkal tu na dobre :-P
      • Gość: dreamy Re: Bardzo prosze o pomoc !!Trojany!! IP: 84.13.252.* 22.07.06, 19:16
        a to jeszcze moj hijack

        Logfile of HijackThis v1.99.1
        Scan saved at 6:16:22 PM, on 7/22/2006
        Platform: Windows XP SP1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\ewido anti-spyware 4.0\guard.exe
        C:\WINDOWS\system32\slserv.exe
        C:\WINDOWS\System32\PAStiSvc.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\WINDOWS\System32\AVWLPSTA.EXE
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Real\RealPlayer\RealPlay.exe
        C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Documents and Settings\User1\Local Settings\Temp\Temporary Directory 2 for
        hijackthis.zip\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.google.co.uk/
        R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no
        file)
        F2 - REG:system.ini: UserInit=userinit.exe
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5
        \DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE START
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
        atboottime
        O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
        SYSTEMBOOTHIDEPLAYER
        O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
        Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
        O4 - HKCU\..\Run: [Skype] "C:\Program
        Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
        \MICROS~3\Office10\EXCEL.EXE/3000
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
        C:\WINDOWS\System32\Shdocvw.dll
        O17 - HKLM\System\CCS\Services\Tcpip\..\{D8CAA52E-F6AD-464C-A3CF-ECB6080511C8}:
        NameServer = 62.24.128.17 62.24.128.18
        O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
        C:\Program Files\ewido anti-spyware 4.0\guard.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
        Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
        \IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
        Files\iPod\bin\iPodService.exe
        O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
        O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
        O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown
        owner - C:\WINDOWS\winlogon.exe (file missing)

        pozdrawiam
        dreamy
    • Gość: dreamy LOG Z l2mfix IP: 89.240.226.* 25.07.06, 13:00
      Zaczelam z nowym tematem,aby bylo latwiej sie polapac w postach!!! Ponizej
      wkleje log z l2mfix, natomiast jeszcze taka sprawa,ze ten plik co na samym
      poczatku kolobos kazal mi usunac,teraz wyskakuje mi przy wylaczaniu kompa,ze
      nie ma tego pliku i ma jakies problemy, i ledwo mi wylacza kompa,to za chwile
      sam go wlacza!! Czy to znaczy,ze teraz mam sobie sciagnac ten plik?
      Pozdrawiam
      dreamy

      L2MFIX find log 051206
      These are the registry keys present
      ********************************************************************************
      **
      Winlogon/notify:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
      NT\CurrentVersion\Winlogon\Notify]
      "Asynchronous"=dword:00000000
      "DllName"=""
      "Impersonate"=dword:00000000
      "Logon"="WinLogon"
      "Logoff"="WinLogoff"
      "Shutdown"="WinShutdown"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
      NT\CurrentVersion\Winlogon\Notify\hgdby]
      "Asynchronous"=dword:00000001
      "DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
      "Impersonate"=dword:00000000
      "Startup"="SysLogon"
      "Logoff"="SysLogoff"

      ********************************************************************************
      **
      useragent:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
      Settings\User Agent\Post Platform]
      "{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=""

      ********************************************************************************
      **
      Shell Extension key:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
      Extensions\Approved]
      "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
      "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
      "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
      "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
      "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
      "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
      "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
      "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
      "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
      "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
      "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
      "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
      "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
      Windows Network objects"
      "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
      "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
      "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
      "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
      "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
      "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
      "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
      "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
      "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
      "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
      "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
      "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
      "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
      "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
      "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
      "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
      "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
      "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
      "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
      "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
      "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
      "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
      "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
      "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
      Host"
      "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
      "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
      "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
      "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
      "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
      "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
      "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
      "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
      "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
      "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
      "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
      "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
      "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
      "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
      "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
      "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
      "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
      "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
      "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
      "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
      "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
      "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
      "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
      "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
      "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
      "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
      "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
      "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
      "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
      "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
      "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
      "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
      "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
      "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
      "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
      "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
      "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
      "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
      "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
      "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
      "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
      List"
      "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
      Container"
      "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
      "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
      "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
      "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
      "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
      "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
      "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
      "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
      "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
      "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
      "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
      "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
      "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
      "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
      "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"=
    • Gość: dreamy LOG Z l2mfix IP: 89.240.226.* 25.07.06, 13:03
      "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
      "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
      "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
      "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
      "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
      "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
      "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
      "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
      "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
      "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
      "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
      "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
      "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
      "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
      "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
      "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
      "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
      "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
      "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
      "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
      "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
      "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
      "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
      "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
      "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler
      (DOCFILES)"
      "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
      "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
      "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
      "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
      "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
      "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
      "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
      "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag
      Handler"
      "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo
      Target"
      "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
      "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
      "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
      "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
      "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
      "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
      "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
      "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box
      Control"
      "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box
      Control"
      "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist
      Combo Control"
      "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar
      Control"
      "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time
      Control"
      "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
      "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
      "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
      "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
      "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
      "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
      "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
      "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
      "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
      "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
      "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
      "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
      "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property
      Sheet Handler"
      "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
      "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
      "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
      "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
      "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
      "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist
      Context Menu Handler"
      "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD
      Context Menu Handler"
      "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist
      Context Menu Handler"
      "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
      "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
      "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
      "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
      "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
      "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
      "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-
      B43203AB3CC0}"
      "{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-
      3FB6980118CF}"
      "{A5110426-177D-4e08-AB3F-785F10B4439C}"="Sony Ericsson File Manager"
      "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
      "{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=""
      "{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=""
      "{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=""
      "{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=""
      "{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=""
      "{309EA188-4A0E-49B5-B041-055F14309998}"=""
      "{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=""
      "{94C41DAF-A412-4D90-862C-2C43548A21D4}"=""
      "{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=""
      "{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
      "{354A9DC0-3981-4EA6-8A14-676654209E11}"=""
      "{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=""
      "{D867D6CD-104C-4647-8331-1EB13B876CE5}"=""

      ********************************************************************************
      **
      HKEY ROOT CLASSIDS:
      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}]
      @=""
      "IDEx"="ADDR"

      [HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}\InprocServer32]
      @="C:\\WINDOWS\\system32\\Mostdfmt.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}]
      @=""
      "IDEx"="ADDR"

      [HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}\InprocServer32]
      @="C:\\WINDOWS\\system32\\pplstore.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}]
      @=""
      "IDEx"="ADDR"

      [HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}\InprocServer32]
      @="C:\\WINDOWS\\system32\\cirsrv.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\Implemented
      Categories]
      @=
    • Gość: dreamy LOG Z l2mfix IP: 89.240.226.* 25.07.06, 13:05
      [HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}\InprocServer32]
      @="C:\\WINDOWS\\system32\\crcfg32.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mlpmspsv.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}\InprocServer32]
      @="C:\\WINDOWS\\system32\\guard.tmp"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}]
      @=""
      "IDEx"="AD"

      [HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}\InprocServer32]
      @="C:\\WINDOWS\\system32\\lgrmonui.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}]
      @=""
      "IDEx"="ADDR"

      [HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mv4sdmod.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}]
      @=""
      "IDEx"="AD"

      [HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mivcrt40.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}\InprocServer32]
      @="C:\\WINDOWS\\system32\\guard.tmp"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}\InprocServer32]
      @="C:\\WINDOWS\\system32\\bdowsewm.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\Implemented
      Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\Implemented
      Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}\InprocServer32]
      @="C:\\WINDOWS\\system32\\kmdru.dll"
      "ThreadingModel"="Apartment"

      ********************************************************************************
      **
      Files Found are not all bad files:

      C:\WINDOWS\SYSTEM32\
      bgtsprx3.dll Mon Jul 24 2006 3:26:28p ..S.R 233,680 228.20 K
      cpuinf32.dll Thu Jul 13 2006 11:18:34a A.... 9,216 9.00 K
      hgdby.dll Thu Jul 13 2006 11:34:20a ..SH. 573,492 560.05 K
      m6nq0g~1.dll Mon Jul 24 2006 1:19:28p ..S.R 233,680 228.20 K
      mplvpx.dll Thu Jul 13 2006 11:18:52a A.... 245,760 240.00 K
      msvbvm60.dll Fri Jun 23 2006 9:54:18p A.... 1,385,744 1.32 M
      ogg.dll Thu Jul 13 2006 11:39:08a A.... 45,056 44.00 K
      oggds.dll Thu Jul 13 2006 11:54:14a A.... 237,568 232.00 K
      pncrt.dll Sun Jun 4 2006 5:08:42p A.... 278,528 272.00 K
      pndx5016.dll Sun Jun 4 2006 5:08:44p A.... 6,656 6.50 K
      pndx5032.dll Sun Jun 4 2006 5:08:44p A.... 5,632 5.50 K
      qghumeay.dll Thu Jul 13 2006 11:13:32a A.... 0 0.00 K
      rmoc3260.dll Sun Jun 4 2006 5:09:18p A.... 157,696 154.00 K
      vorbis.dll Thu Jul 13 2006 11:41:40a A.... 188,416 184.00 K
      vorbis~1.dll Thu Jul 13 2006 11:51:18a A.... 921,600 900.00 K
      wmv9vcm.dll Thu Jul 13 2006 11:37:42a A.... 1,415,680 1.35 M
      xvid.dll Thu Jul 13 2006 11:17:40a A.... 626,688 612.00 K
      xvidcore.dll Thu Jul 13 2006 11:17:56a A.... 679,936 664.00 K
      xvidvfw.dll Thu Jul 13 2006 11:18:02a A.... 155,648 152.00 K

      19 items found: 19 files (3 H/S), 0 directories.
      Total of file sizes: 7,400,676 bytes 7.05 M
      Locate .tmp files:

      C:\WINDOWS\SYSTEM32\
      guard.tmp Mon Jul 24 2006 10:36:14p A.... 233,979 228.49 K
      mcrh.tmp Mon Jul 24 2006 4:09:22p A.... 0 0.00 K
      ybdgh.tmp Sun Jul 23 2006 1:38:08p ..SH. 5,613 5.48 K

      3 items found: 3 files (1 H/S), 0 directories.
      Total of file sizes: 239,592 bytes 233.98 K
      ********************************************************************************
      **
      Directory Listing of system files:
      Volume in drive C has no label.
      Volume Serial Number is 682E-1693

      Directory of C:\WINDOWS\System32

      07/25/2006 11:57 AM 2,817 ybdgh.ini2
      07/24/2006 04:10 PM 543,415 ybdgh.bak2
      07/24/2006 03:26 PM 233,680 bgtsprx3.dll
      07/24/2006 01:19 PM 233,680 m6nq0g55e6.dll
      07/23/2006 01:38 PM 5,613 ybdgh.tmp
      07/20/2006 09:26 PM 2,507 ybdgh.ini
      07/13/2006 11:34 AM 573,492 hgdby.dll
      07/09/2006 07:48 AM <DIR> dllcache
      03/18/2003 07:58 AM <DIR> Microsoft
      7 File(s) 1,595,204 bytes
      2 Dir(s) 14,235,484,160 bytes free
      • wiewia1 Re: LOG Z l2mfix 25.07.06, 19:36
        Ściagasz program Gmer www.gmer.net/ Zapisujesz go koniecznie na dysku C:\ i przejdz do zakładki CMD i wklej to

        CD C:\WINDOWS\System32
        ATTRIB -R -S -H hgdby.dll
        ATTRIB -R -S -H Mostdfmt.dll
        ATTRIB -R -S -H pplstore.dll
        ATTRIB -R -S -H cirsrv.dll
        ATTRIB -R -S -H crcfg32.dll
        ATTRIB -R -S -H mlpmspsv.dll
        ATTRIB -R -S -H lgrmonui.dll
        ATTRIB -R -S -H mv4sdmod.dll
        ATTRIB -R -S -H mivcrt40.dll
        ATTRIB -R -S -H bdowsewm.dll
        ATTRIB -R -S -H kmdru.dll
        ATTRIB -R -S -H gtsprx3.dll
        ATTRIB -R -S -H cpuinf32.dll
        ATTRIB -R -S -H mplvpx.dll
        ATTRIB -R -S -H msvbvm60.dll
        ATTRIB -R -S -H ogg.dll
        ATTRIB -R -S -H oggds.dll
        ATTRIB -R -S -H qghumeay.dll
        ATTRIB -R -S -H vorbis.dll
        ATTRIB -R -S -H vorbis~1.dll
        ATTRIB -R -S -H wmv9vcm.dll
        ATTRIB -R -S -H xvid.dll
        ATTRIB -R -S -H xvidcore.dll
        ATTRIB -R -S -H xvidvfw.dll
        ATTRIB -R -S -H bgtsprx3.dll
        ATTRIB -R -S -H m6nq0g55e6.dll
        DEL hgdby.dll
        DEL Mostdfmt.dll
        DEL pplstore.dll
        DEL cirsrv.dll
        DEL crcfg32.dll
        DEL mlpmspsv.dll
        DEL lgrmonui.dll
        DEL mv4sdmod.dll
        DEL mivcrt40.dll
        DEL bdowsewm.dll
        DEL kmdru.dll
        DEL gtsprx3.dll
        DEL cpuinf32.dll
        DEL mplvpx.dll
        DEL msvbvm60.dll
        DEL ogg.dll
        DEL oggds.dll
        DEL qghumeay.dll
        DEL vorbis.dll
        DEL vorbis~1.dll
        DEL wmv9vcm.dll
        DEL xvid.dll
        DEL xvidcore.dll
        DEL xvidvfw.dll
        DEL bgtsprx3.dll
        DEL m6nq0g55e6.dll
        DEL guard.tmp
        DEL mcrh.tmp
        DEL ybdgh.ini2
        DEL ybdgh.bak2
        DEL ybdgh.tmp
        DEL ybdgh.ini

        Następnie zaznacz REGEDIT i wklej to

        Windows Registry Editor Version 5.00

        [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
        NT\CurrentVersion\Winlogon\Notify\hgdby]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
        Settings\User Agent\Post Platform]
        "{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=-

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
        Extensions\Approved]
        "{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=-
        "{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=-
        "{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=-
        "{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=-
        "{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=-
        "{309EA188-4A0E-49B5-B041-055F14309998}"=-
        "{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=-
        "{94C41DAF-A412-4D90-862C-2C43548A21D4}"=-
        "{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=-
        "{354A9DC0-3981-4EA6-8A14-676654209E11}"=-
        "{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=-
        "{D867D6CD-104C-4647-8331-1EB13B876CE5}"=-

        [-HKEY_CLASSES_ROOT\CLSID\{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}]

        [-HKEY_CLASSES_ROOT\CLSID\{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}]

        [-HKEY_CLASSES_ROOT\CLSID\{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}]

        [-HKEY_CLASSES_ROOT\CLSID\{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}]

        [-HKEY_CLASSES_ROOT\CLSID\{7B360F63-E3D5-4D4E-B071-82D9CECD2442}]

        [-HKEY_CLASSES_ROOT\CLSID\{309EA188-4A0E-49B5-B041-055F14309998}]

        [-HKEY_CLASSES_ROOT\CLSID\{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}]

        [-HKEY_CLASSES_ROOT\CLSID\{94C41DAF-A412-4D90-862C-2C43548A21D4}]

        [-HKEY_CLASSES_ROOT\CLSID\{D4C95D68-8A65-49F6-B87C-936659EAF3AD}]

        [-HKEY_CLASSES_ROOT\CLSID\{354A9DC0-3981-4EA6-8A14-676654209E11}]

        [-HKEY_CLASSES_ROOT\CLSID\{C085BC1E-9087-4BFA-B880-5DD85964AB61}]

        [-HKEY_CLASSES_ROOT\CLSID\{D867D6CD-104C-4647-8331-1EB13B876CE5}]

        Następnie wróc do zakładki procesy Wybierz funkcje ZABIJ WSZYSTKO. Powrót do zakładki cmd I dajesz uruchom zarówno dla CDM i REGEDIT z osobna. Powrót do zakładki procesy i restart. Jeśli Gmer się zawiesi zobacz opcje awaryjny w zakładce procesy. I ponownie wklep komendy.



          • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.243.* 25.07.06, 21:17
            Zrobilam wszystko tak jak mialam zrobic,ale po nacisnieciu restart,nic sie nie
            zmienilo.Wiec zamknelam okno tego programu i musialam wyjac baterie z kompa,aby
            chcial mi sie wylaczyc.W kazdym razie wklejam log

            L2MFIX find log 051206
            These are the registry keys present
            ********************************************************************************
            **
            Winlogon/notify:
            Windows Registry Editor Version 5.00

            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
            NT\CurrentVersion\Winlogon\Notify]

            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
            NT\CurrentVersion\Winlogon\Notify\hgdby]
            "Asynchronous"=dword:00000001
            "DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
            "Impersonate"=dword:00000000
            "Startup"="SysLogon"
            "Logoff"="SysLogoff"

            ********************************************************************************
            **
            useragent:
            Windows Registry Editor Version 5.00

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
            Settings\User Agent\Post Platform]
            "{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=""

            ********************************************************************************
            **
            Shell Extension key:
            Windows Registry Editor Version 5.00

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
            Extensions\Approved]
            "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
            "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
            "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
            "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
            "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
            "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
            "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
            "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
            "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
            "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
            "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
            "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
            "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
            "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
            Windows Network objects"
            "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
            "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
            "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
            "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
            "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
            "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
            "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
            "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
            "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
            "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
            "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
            "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
            "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
            "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
            "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
            "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
            "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
            "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
            "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
            "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
            "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
            "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
            "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
            "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
            Host"
            "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
            "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
            "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
            "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
            "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
            "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
            "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
            "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
            "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
            "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
            "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
            "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
            "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
            "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
            "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
            "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
            "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
            "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
            "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
            "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
            "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
            "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
            "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
            "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
            "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
            "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
            "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
            "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
            "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
            "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
            "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
            "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
            "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
            "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
            "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
            "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
            "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
            "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
            "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
            "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
            "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
            List"
            "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
            Container"
            "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
            "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
            "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
            "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
            "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
            "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
            "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
            "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
            "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
            "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
            "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
            "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
            "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
            • wiewia1 Re: LOG Z l2mfix 25.07.06, 21:32
              Fix-y do rejestru musiały się złamać więc dlatego pewno nie weszły .Ale nic nie jest żle wklej teraz do zakładki CMD to

              CD C:\WINDOWS\System32
              ATTRIB -R -S -H hgdby.dll
              DEL hgdby.dll
              DEL ybdgh.tmp
              DEL ybdgh.ini2
              DEL ybdgh.ini
              DEL ybdgh.bak2

              W zakładke regedit wklej to

              Windows Registry Editor Version 5.00

              [-HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\User Agent\Post Platform]
              "{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=-

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellExtensions\Approved]
              "{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=-
              "{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=-
              "{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=-
              "{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=-
              "{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=-
              "{309EA188-4A0E-49B5-B041-055F14309998}"=-
              "{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=-
              "{94C41DAF-A412-4D90-862C-2C43548A21D4}"=-
              "{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=-
              "{354A9DC0-3981-4EA6-8A14-676654209E11}"=-
              "{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=-
              "{D867D6CD-104C-4647-8331-1EB13B876CE5}"=-

              Reszta procedura ta sama i wklej log nowy.
          • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.243.* 25.07.06, 21:18
            "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
            "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
            "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
            "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
            "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
            "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
            "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
            "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
            "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
            "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
            "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
            "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
            "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
            "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
            "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
            "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
            "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
            "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
            "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
            "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
            "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
            "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
            "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
            "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
            "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
            "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
            "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
            "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
            "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
            "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler
            (DOCFILES)"
            "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
            "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
            "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
            "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
            "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
            "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
            "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
            "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag
            Handler"
            "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo
            Target"
            "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
            "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
            "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
            "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
            "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
            "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
            "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
            "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box
            Control"
            "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box
            Control"
            "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist
            Combo Control"
            "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar
            Control"
            "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time
            Control"
            "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
            "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
            "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
            "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
            "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
            "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
            "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
            "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
            "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
            "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
            "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
            "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
            "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property
            Sheet Handler"
            "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
            "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
            "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
            "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
            "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
            "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist
            Context Menu Handler"
            "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD
            Context Menu Handler"
            "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist
            Context Menu Handler"
            "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
            "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
            "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
            "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
            "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
            "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
            "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-
            B43203AB3CC0}"
            "{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-
            3FB6980118CF}"
            "{A5110426-177D-4e08-AB3F-785F10B4439C}"="Sony Ericsson File Manager"
            "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
            "{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=""
            "{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=""
            "{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=""
            "{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=""
            "{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=""
            "{309EA188-4A0E-49B5-B041-055F14309998}"=""
            "{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=""
            "{94C41DAF-A412-4D90-862C-2C43548A21D4}"=""
            "{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=""
            "{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
            "{354A9DC0-3981-4EA6-8A14-676654209E11}"=""
            "{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=""
            "{D867D6CD-104C-4647-8331-1EB13B876CE5}"=""
          • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.243.* 25.07.06, 21:19

            ********************************************************************************
            **
            HKEY ROOT CLASSIDS:
            ********************************************************************************
            **
            Files Found are not all bad files:

            C:\WINDOWS\SYSTEM32\
            pncrt.dll Sun Jun 4 2006 5:08:42p A.... 278,528 272.00 K
            pndx5016.dll Sun Jun 4 2006 5:08:44p A.... 6,656 6.50 K
            pndx5032.dll Sun Jun 4 2006 5:08:44p A.... 5,632 5.50 K
            rmoc3260.dll Sun Jun 4 2006 5:09:18p A.... 157,696 154.00 K

            4 items found: 4 files, 0 directories.
            Total of file sizes: 448,512 bytes 438.00 K
            Locate .tmp files:

            C:\WINDOWS\SYSTEM32\
            ybdgh.tmp Sun Jul 23 2006 1:38:08p ..SH. 5,613 5.48 K

            1 item found: 1 file (1 H/S), 0 directories.
            Total of file sizes: 5,613 bytes 5.48 K
            ********************************************************************************
            **
            Directory Listing of system files:
            Volume in drive C has no label.
            Volume Serial Number is 682E-1693

            Directory of C:\WINDOWS\System32

            07/25/2006 07:43 PM 3,329 ybdgh.ini2
            07/24/2006 04:10 PM 543,415 ybdgh.bak2
            07/23/2006 01:38 PM 5,613 ybdgh.tmp
            07/20/2006 09:26 PM 2,507 ybdgh.ini
            07/09/2006 07:48 AM <DIR> dllcache
            03/18/2003 07:58 AM <DIR> Microsoft
            4 File(s) 554,864 bytes
            2 Dir(s) 14,038,708,224 bytes free




            Pozdrawiam
            dreamy
              • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.247.* 25.07.06, 21:44
                L2MFIX find log 051206
                These are the registry keys present
                ********************************************************************************
                **
                Winlogon/notify:
                Windows Registry Editor Version 5.00

                [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
                NT\CurrentVersion\Winlogon\Notify]

                [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
                NT\CurrentVersion\Winlogon\Notify\hgdby]
                "Asynchronous"=dword:00000001
                "DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
                "Impersonate"=dword:00000000
                "Startup"="SysLogon"
                "Logoff"="SysLogoff"

                ********************************************************************************
                **
                useragent:
                Windows Registry Editor Version 5.00

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
                Settings\User Agent\Post Platform]
                "{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=""

                ********************************************************************************
                **
                Shell Extension key:
                Windows Registry Editor Version 5.00

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
                Extensions\Approved]
                "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
                "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
                "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
                "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
                "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
                "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
                "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
                "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
                "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
                "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
                "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
                "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
                "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
                "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
                Windows Network objects"
                "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
                "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
                "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
                "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
                "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
                "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
                "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
                "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
                "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
                "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
                "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
                "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
                "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
                "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
                "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
                "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
                "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
                "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
                "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
                "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
                "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
                "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
                "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
                "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
                Host"
                "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
                "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
                "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
                "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
                "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
                "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
                "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
                "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
                "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
                "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
                "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
                "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
                "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
                "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
                "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
                "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
                "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
                "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
                "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
                "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
                "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
                "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
                "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
                "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
                "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
                "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
                "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
                "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
                "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
                "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
                "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
                "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
                "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
                "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
                "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
                "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
                "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
                "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
                "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
                "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
                "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
                List"
                "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
                Container"
                "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
                "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
                "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
                "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
                "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
                "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
                "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
                "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
                "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
                "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
                "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
                "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
                "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
              • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.247.* 25.07.06, 21:46
                ciag dalszy loga

                "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
                "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
                "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
                "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
                "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
                "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
                "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
                "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
                "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
                "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
                "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
                "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
                "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
                "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
                "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
                "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
                "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
                "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
                "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
                "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
                "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
                "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
                "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
                "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
                "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
                "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
                "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
                "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
                "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
                "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler
                (DOCFILES)"
                "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
                "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
                "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
                "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
                "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
                "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
                "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
                "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag
                Handler"
                "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo
                Target"
                "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
                "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
                "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
                "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
                "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
                "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
                "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
                "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box
                Control"
                "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box
                Control"
                "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist
                Combo Control"
                "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar
                Control"
                "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time
                Control"
                "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
                "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
                "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
                "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
                "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
                "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
                "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
                "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
                "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
                "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
                "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
                "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
                "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property
                Sheet Handler"
                "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
                "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
                "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
                "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
                "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
                "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist
                Context Menu Handler"
                "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD
                Context Menu Handler"
                "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist
                Context Menu Handler"
                "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
                "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
                "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
                "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
                "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
                "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
                "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-
                B43203AB3CC0}"
                "{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-
                3FB6980118CF}"
                "{A5110426-177D-4e08-AB3F-785F10B4439C}"="Sony Ericsson File Manager"
                "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
                "{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=""
                "{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=""
                "{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=""
                "{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=""
                "{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=""
                "{309EA188-4A0E-49B5-B041-055F14309998}"=""
                "{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=""
                "{94C41DAF-A412-4D90-862C-2C43548A21D4}"=""
                "{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=""
                "{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
                "{354A9DC0-3981-4EA6-8A14-676654209E11}"=""
                "{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=""
                "{D867D6CD-104C-4647-8331-1EB13B876CE5}"=""
              • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.247.* 25.07.06, 21:46
                ********************************************************************************
                **
                HKEY ROOT CLASSIDS:
                ********************************************************************************
                **
                Files Found are not all bad files:

                C:\WINDOWS\SYSTEM32\
                pncrt.dll Sun Jun 4 2006 5:08:42p A.... 278,528 272.00 K
                pndx5016.dll Sun Jun 4 2006 5:08:44p A.... 6,656 6.50 K
                pndx5032.dll Sun Jun 4 2006 5:08:44p A.... 5,632 5.50 K
                rmoc3260.dll Sun Jun 4 2006 5:09:18p A.... 157,696 154.00 K

                4 items found: 4 files, 0 directories.
                Total of file sizes: 448,512 bytes 438.00 K
                Locate .tmp files:

                C:\WINDOWS\SYSTEM32\
                ybdgh.tmp Sun Jul 23 2006 1:38:08p ..SH. 5,613 5.48 K

                1 item found: 1 file (1 H/S), 0 directories.
                Total of file sizes: 5,613 bytes 5.48 K
                ********************************************************************************
                **
                Directory Listing of system files:
                Volume in drive C has no label.
                Volume Serial Number is 682E-1693

                Directory of C:\WINDOWS\System32

                07/25/2006 07:43 PM 3,329 ybdgh.ini2
                07/24/2006 04:10 PM 543,415 ybdgh.bak2
                07/23/2006 01:38 PM 5,613 ybdgh.tmp
                07/20/2006 09:26 PM 2,507 ybdgh.ini
                07/09/2006 07:48 AM <DIR> dllcache
                03/18/2003 07:58 AM <DIR> Microsoft
                4 File(s) 554,864 bytes
                2 Dir(s) 14,036,328,448 bytes free
                • wiewia1 Re: LOG Z l2mfix 25.07.06, 22:06
                  No nic trzeba tłuc dalej wklej do zakładki CMD teraz to

                  CD C:\WINDOWS\System32
                  ATTRIB -R -S -H hgdby.dll
                  DEL hgdby.dll
                  DEL ybdgh.tmp
                  DEL ybdgh.ini2
                  DEL ybdgh.ini
                  DEL ybdgh.bak2

                  W zakładke regedit wklej

                  Windows Registry Editor Version 5.00

                  [-HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\hgdby]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
                  "{4FE754DA-268F-B046-23BF-8E5612B42DB9}"=-

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
                  "{F6C81EAF-3B35-4CA8-9064-3419C302E6C0}"=-
                  "{22B2251D-C3D4-4364-9D5A-AF30C376AEDE}"=-
                  "{53F2E65F-D5E7-4A4E-9ED8-217A0AB429EE}"=-
                  "{618B8EAD-7FF2-442A-AEC3-8626E3FA4D09}"=-
                  "{7B360F63-E3D5-4D4E-B071-82D9CECD2442}"=-
                  "{309EA188-4A0E-49B5-B041-055F14309998}"=-
                  "{0825C0E0-6D53-400D-B24D-3BE341C3DC0F}"=-
                  "{94C41DAF-A412-4D90-862C-2C43548A21D4}"=-
                  "{D4C95D68-8A65-49F6-B87C-936659EAF3AD}"=-
                  "{354A9DC0-3981-4EA6-8A14-676654209E11}"=-
                  "{C085BC1E-9087-4BFA-B880-5DD85964AB61}"=-
                  "{D867D6CD-104C-4647-8331-1EB13B876CE5}"=-

                  Porocedura ta sama coś fix-y do rejetsru nie wchodzą. Moze bład w odstępach jest zobacz teraz. Czy problem się troche zmienił czy dalej wystepuje.Po wszytstkim znowu mowy log




                  • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.76.* 25.07.06, 22:13
                    No,brawo,jakis sukces!Od razu zrestartowalo mi kompa!! Hehe A o to moj log

                    L2MFIX find log 051206
                    These are the registry keys present
                    ********************************************************************************
                    **
                    Winlogon/notify:
                    Windows Registry Editor Version 5.00

                    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
                    NT\CurrentVersion\Winlogon\Notify]

                    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
                    NT\CurrentVersion\Winlogon\Notify\hgdby]
                    "Asynchronous"=dword:00000001
                    "DllName"="C:\\WINDOWS\\System32\\hgdby.dll"
                    "Impersonate"=dword:00000000
                    "Startup"="SysLogon"
                    "Logoff"="SysLogoff"

                    ********************************************************************************
                    **
                    useragent:
                    Windows Registry Editor Version 5.00

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
                    Settings\User Agent\Post Platform]

                    ********************************************************************************
                    **
                    Shell Extension key:
                    Windows Registry Editor Version 5.00

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
                    Extensions\Approved]
                    "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
                    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
                    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
                    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
                    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
                    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
                    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
                    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
                    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
                    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
                    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
                    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
                    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
                    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft
                    Windows Network objects"
                    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
                    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
                    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
                    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
                    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
                    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
                    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
                    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
                    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
                    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
                    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
                    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
                    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
                    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
                    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
                    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
                    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
                    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
                    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
                    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
                    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
                    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
                    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
                    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script
                    Host"
                    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
                    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
                    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
                    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
                    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
                    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
                    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
                    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
                    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
                    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
                    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
                    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
                    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
                    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
                    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
                    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
                    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
                    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
                    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
                    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
                    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
                    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
                    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
                    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
                    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
                    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
                    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
                    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
                    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
                    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
                    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
                    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
                    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
                    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
                    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
                    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
                    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
                    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
                    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
                    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
                    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete
                    List"
                    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List
                    Container"
                    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
                    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
                    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
                    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
                    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
                    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
                    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
                    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
                    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
                    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
                    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
                    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
                    "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
                  • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.76.* 25.07.06, 22:14
                    cd..

                    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
                    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
                    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
                    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
                    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
                    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
                    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
                    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
                    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
                    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
                    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
                    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
                    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
                    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
                    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
                    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
                    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
                    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
                    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
                    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
                    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
                    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
                    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
                    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
                    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
                    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
                    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
                    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
                    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
                    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler
                    (DOCFILES)"
                    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
                    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
                    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
                    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
                    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
                    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
                    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
                    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag
                    Handler"
                    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo
                    Target"
                    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
                    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
                    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
                    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
                    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
                    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
                    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
                    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box
                    Control"
                    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box
                    Control"
                    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist
                    Combo Control"
                    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar
                    Control"
                    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time
                    Control"
                    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
                    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
                    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
                    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
                    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
                    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
                    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
                    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
                    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
                    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
                    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
                    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
                    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property
                    Sheet Handler"
                    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
                    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
                    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
                    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
                    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
                    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist
                    Context Menu Handler"
                    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD
                    Context Menu Handler"
                    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist
                    Context Menu Handler"
                    "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
                    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
                    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
                    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
                    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
                    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
                    "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-
                    B43203AB3CC0}"
                    "{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-
                    3FB6980118CF}"
                    "{A5110426-177D-4e08-AB3F-785F10B4439C}"="Sony Ericsson File Manager"
                    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
                    "{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
                  • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.76.* 25.07.06, 22:15

                    ********************************************************************************
                    **
                    HKEY ROOT CLASSIDS:
                    ********************************************************************************
                    **
                    Files Found are not all bad files:

                    C:\WINDOWS\SYSTEM32\
                    pncrt.dll Sun Jun 4 2006 5:08:42p A.... 278,528 272.00 K
                    pndx5016.dll Sun Jun 4 2006 5:08:44p A.... 6,656 6.50 K
                    pndx5032.dll Sun Jun 4 2006 5:08:44p A.... 5,632 5.50 K
                    rmoc3260.dll Sun Jun 4 2006 5:09:18p A.... 157,696 154.00 K

                    4 items found: 4 files, 0 directories.
                    Total of file sizes: 448,512 bytes 438.00 K
                    Locate .tmp files:

                    C:\WINDOWS\SYSTEM32\
                    ybdgh.tmp Sun Jul 23 2006 1:38:08p ..SH. 5,613 5.48 K

                    1 item found: 1 file (1 H/S), 0 directories.
                    Total of file sizes: 5,613 bytes 5.48 K
                    ********************************************************************************
                    **
                    Directory Listing of system files:
                    Volume in drive C has no label.
                    Volume Serial Number is 682E-1693

                    Directory of C:\WINDOWS\System32

                    07/25/2006 07:43 PM 3,329 ybdgh.ini2
                    07/24/2006 04:10 PM 543,415 ybdgh.bak2
                    07/23/2006 01:38 PM 5,613 ybdgh.tmp
                    07/20/2006 09:26 PM 2,507 ybdgh.ini
                    07/09/2006 07:48 AM <DIR> dllcache
                    03/18/2003 07:58 AM <DIR> Microsoft
                    4 File(s) 554,864 bytes
                    2 Dir(s) 14,035,042,304 bytes free
                    • wiewia1 Re: LOG Z l2mfix 25.07.06, 22:24
                      Dobra jest ok. Look2me nie ma Wiem już dlaczego nie wchodzi ten fix. Tam tych plików nie usuwamy. Jakiś program musi je wkładac po restarcie u ciebie z powrotem albo wgrany soft
                      Wpisz w uruchom regedit i przejdz do klucza i wykasuj z prawokliku myszki

                      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgdby]

                      Jak sytuacja z kompem poprawiła się. Wklej loga z Hijackthis do kontroli . Z l2mfix już nie wklejaj.
                        • wiewia1 Re: LOG Z l2mfix 25.07.06, 22:35
                          REGEDIT i OK

                          Rozwijaj pokolei klucze az przejdziesz do tego i wkasuj go prawym myszy

                          [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgdby]

                          Jak nie. to zrób tak otwórz notanik wi kwlej w nim to

                          Windows Registry Editor Version 5.00

                          [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgdby]

                          Następnie plik=>zapisz jako zmień rozszerzenie z txt na wszystkie pliki i zapisz pod nazwą fix.reg Kliknij dwa razy lewym myszy na zrobiony fix i restart kompa. Melduj o sytuacji w systemie
                          • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.251.* 25.07.06, 22:42
                            Mam problem z uruchomieniem Hijackthis.....gdy go odpalam podaje mi
                            komunikat: "This application has failed to start because MSVBVM60.DLL was not
                            found. I napisal ze nalezy jeszczeraz to zainstalowac.Tylko ze sciagnelam nowy
                            program z netu i sytuacja sie powtorzyla!Wczesniejsze polecenia wkonalam!

                            Pozdrawiam
                            dreamy
                                    • wiewia1 Re: LOG Z l2mfix 25.07.06, 22:57
                                      Plik masz już na dysku w katalogu C:\WINDOWS\System32

                                      Teraz trzeba go zarejestrować wklej takie polecenie w Start=>uruchom

                                      regsvr32 MSVBVM60.dll

                                      I restart systemu. Tamto pierwsze jest złe. Zastosuj to. Niechcący ten plik poleciał przy usuwaniu.
                                      • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.251.* 25.07.06, 23:02
                                        nie przyjmuje mi tej nazwy.Podaje ja pelna czyli "regsvr32 MSVBVM60.dll" lub i
                                        czesciowo.Za kazdym razem nie przyjmuje. poza tym jak sciagnelam ten plik z
                                        netu do system32 to jest to plik zzipowany,wiec chyba powinnam go
                                        rozzipowac....?
                                        pozdrawiam
                                        dreamy
                                          • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.69.* 25.07.06, 23:18
                                            Jakis dziwnie krotki....ale jest!

                                            Logfile of HijackThis v1.99.1
                                            Scan saved at 10:18:19 PM, on 7/25/2006
                                            Platform: Windows XP SP1 (WinNT 5.01.2600)
                                            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                            Running processes:
                                            C:\WINDOWS\System32\smss.exe
                                            C:\WINDOWS\system32\winlogon.exe
                                            C:\WINDOWS\system32\services.exe
                                            C:\WINDOWS\system32\lsass.exe
                                            C:\WINDOWS\system32\svchost.exe
                                            C:\WINDOWS\System32\svchost.exe
                                            C:\WINDOWS\system32\spoolsv.exe
                                            C:\Program Files\ewido anti-spyware 4.0\guard.exe
                                            C:\WINDOWS\system32\slserv.exe
                                            C:\WINDOWS\System32\PAStiSvc.exe
                                            C:\WINDOWS\System32\svchost.exe
                                            C:\WINDOWS\Explorer.EXE
                                            C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                                            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                                            C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
                                            C:\WINDOWS\System32\AVWLPSTA.EXE
                                            C:\Program Files\iTunes\iTunesHelper.exe
                                            C:\Program Files\QuickTime\qttask.exe
                                            C:\Program Files\Real\RealPlayer\RealPlay.exe
                                            C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
                                            C:\Program Files\Skype\Phone\Skype.exe
                                            C:\WINDOWS\System32\ctfmon.exe
                                            C:\Program Files\Gadu-Gadu\gg.exe
                                            C:\Program Files\iPod\bin\iPodService.exe
                                            C:\Documents and Settings\User1\Desktop\New Folder\HijackThis.exe

                                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                            www.google.co.uk/
                                            F2 - REG:system.ini: UserInit=userinit.exe
                                            O2 - BHO: (no name) - {B204DC68-03EE-4D08-B42D-8109704D5719} -
                                            C:\WINDOWS\System32\hgdby.dll (file missing)
                                            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                            C:\WINDOWS\System32\msdxm.ocx
                                            O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                                            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                                            O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5
                                            \DirectCD\DirectCD.exe"
                                            O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE START
                                            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                                            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
                                            atboottime
                                            O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
                                            SYSTEMBOOTHIDEPLAYER
                                            O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
                                            Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
                                            O4 - HKCU\..\Run: [Skype] "C:\Program
                                            Files\Skype\Phone\Skype.exe" /nosplash /minimized
                                            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
                                            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                                            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                            Office\Office10\OSA.EXE
                                            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
                                            \MICROS~3\Office10\EXCEL.EXE/3000
                                            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                                            C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                                            O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
                                            C:\WINDOWS\System32\Shdocvw.dll
                                            O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
                                            C:\Program Files\ewido anti-spyware 4.0\guard.exe
                                            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
                                            Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
                                            \IDriverT.exe
                                            O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
                                            Files\iPod\bin\iPodService.exe
                                            O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
                                            O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                                            O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown
                                            owner - C:\WINDOWS\winlogon.exe (file missing)

                                            • wiewia1 Re: LOG Z l2mfix 25.07.06, 23:23
                                              F2 - REG:system.ini: UserInit=userinit.exe
                                              O2 - BHO: (no name) - {B204DC68-03EE-4D08-B42D-8109704D5719} -
                                              C:\WINDOWS\System32\hgdby.dll (file missing)

                                              Usuń ten wpis w hijackthis poleceniem fixchecked Po za tym jest Ok Log czysty

                                              Zrób jeszcze tak. Włóż płyte do napędu cd systemem Windows Xp i wklej w Start=> uruchom takie polecenie

                                              sfc /scannow

                                              i ok. sprawdzi ci pliki systemowe .dll
                                              • wiewia1 Re: LOG Z l2mfix 25.07.06, 23:27
                                                Jeszcze usłaga została do kasacji.

                                                Wejdz w panel sterowania=>Narzędzia administarcyjne=>usłigi i wyszukaj usługi Service: Windows Process Viewer Klikasz dwa razy lewym myszy zatrzymujesz ją i ustawiasz status na wyłączony.
                                                i usuwasz plik z dysku C:\WINDOWS\winlogon.exe tylko taka sciezke w inną nie wchodzisz
                                                • Gość: dreamy Re: LOG Z l2mfix IP: 84.13.69.* 26.07.06, 00:28
                                                  Co do tej uslugi,to byla ona wylaczona! A ten plik winlogon.exe to w katalogu
                                                  Windows nie znalazlam go,natomiast siedzi on w "system32" i z innym
                                                  rozszerzeniem w "prefetch".
                                                  Ogolnie zeskanowalam kompa adaware i spybot,zaden nic nie znalazl,wiec moge z
                                                  wielkim usmiechem podziekaowac Tobie za pomoc!! Co my laicy zrobilibysmy bez
                                                  Was!!! Fajnie ze jest takie forum i ze sa ludzie ktorzy tak bezinteresownie
                                                  pomagaja!! Po prostu wielki uklon w Wasza strone!!!

                                                  Mam jeszcze na koniec takie pytanie.....bo nie bardzo moge znalezc zadnych
                                                  antywirow(poza ewido) i firewalli ....i chcialam wiedziec czy dobrze zrobie jak
                                                  wgram jutro avasta i na przyklad Agnitum Outpost Firewall.....bo na swoich
                                                  kompach mam avasta i jestem bardzo zadowolona,a z tego firewalla bylam
                                                  zadowolona jak korzystalam.Czy to jest potrzebne na tym kompie,czy moze widzisz
                                                  jakiegos innego firewalla ktory jakims dziwnym trafem jest dla mnie nie
                                                  widoczny....

                                                  Jeszcze raz wielkie dzieki!!!!!!!!!!!!! :-D
                                                  Podrawiam
                                                  dreamy
                                                  • wiewia1 Re: LOG Z l2mfix 26.07.06, 06:10
                                                    Z usługą mozesz zrobić tak. Wejdz w Hijacthis następnie wybierz opcje "open the misc tools section" Potem wejdz "delete an NT service... i w okienko wklej to The Windows Process Viewer Ok i restart kompa usługa powinna wynieść sie na dobre. Apliku nie ma tak. A przy wyszukiwaniu miałaś w opcjach folderów=>Widok=>zaznaczona opcja pokaż ukryte pliki i systemowe. Jak nie to zrób tak i poszukaj. Tamte innne winlogon cię nie interesują

                                                    Awast Ok i zainstaluj sobie Kerio firewalla konfiguracja i opis tu forum.dobreprogramy.pl/viewtopic.php?t=35065 no i przedewszytskim zainstaluj SP2 no i trzynaj sie zdala od wirusów

                                                    Pozdrawiam Wiewia

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka