reklamy

witam,
od kilku dni wyskakują mi non-stop reklamy. szukałem na tym forum znalazłem kilka rzeczy ale nie działały
log z HijackThis:

Cytat:

Logfile of HijackThis v1.99.1
Scan saved at 16:44:13, on 2005-11-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\WINDOWS\V29qdGtvd3NraQ\command.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Mariusz714\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k




O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://skaner.mks.com.pl/SkanerOnline.cab
O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\en6ml1j11.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\V29qdGtvd3NraQ\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Próbowałeś skanować programem Ad-Aware? Możesz za darmo ściagnąć z internetu...

oczywiście ze tak

O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\en6ml1j11.dll <- look2me, usninstaller masz tutaj:
http://www.pchell.com/support/look2me.shtml
gdyby nie pomogl to potrzebny bedzie log z l2mfix.exe z opcji #1

Zatrzymaj i wylacz usluge w services.msc :
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\V29qdGtvd3NraQ\command.exe
W hijackthis delete nt service wpisz cmdService
Katalog V29qdGtvd3NraQ usun.

jest problem nie mam w ogóle takiego wpisu w rejestrze tego z tej instrukcji ;(
log z l2mfix:

Cytat:

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\gp8ql3l51.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-CI) DENY --C------- BUILTIN\Administratorzy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-NI) ALLOW Full access BUILTIN\Administratorzy
(ID-IO) ALLOW Full access BUILTIN\Administratorzy
(ID-NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-IO) ALLOW Full access TWŕRCA-WťA—CICIEL


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{2F608B19-8520-276A-A229-4994AE0DB8C6}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Strona wˆa˜ciwo˜ci Poprzednie wersje"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Poprzednie wersje"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{C510EEF1-7608-40EE-83DB-5DF6B48ACFBF}"=""
"{543BAD5A-3E54-426B-B9A9-DE8019A4D869}"=""
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C510EEF1-7608-40EE-83DB-5DF6B48ACFBF}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{C510EEF1-7608-40EE-83DB-5DF6B48ACFBF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C510EEF1-7608-40EE-83DB-5DF6B48ACFBF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C510EEF1-7608-40EE-83DB-5DF6B48ACFBF}\InprocServer32]
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{543BAD5A-3E54-426B-B9A9-DE8019A4D869}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{543BAD5A-3E54-426B-B9A9-DE8019A4D869}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{543BAD5A-3E54-426B-B9A9-DE8019A4D869}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{543BAD5A-3E54-426B-B9A9-DE8019A4D869}\InprocServer32]
@="C:\\WINDOWS\\system32\\ciyptsvc.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
apicap.dll Sun 2005-11-06 14:08:02 ..S.R 234 493 228,99 K
atmtd.dll Sat 2005-11-05 20:14:04 A.... 687 592 671,48 K
ciyptsvc.dll Sun 2005-11-13 17:18:12 ..S.R 235 411 229,89 K
gp8ql3~1.dll Sun 2005-11-13 16:09:50 ..S.R 235 411 229,89 K
j6j6lg~1.dll Sun 2005-11-13 0:42:50 ..S.R 236 024 230,49 K
k6lqlg~1.dll Sun 2005-11-13 17:18:12 ..S.R 236 947 231,39 K
lvj809~1.dll Fri 2005-11-11 9:21:32 A.... 234 961 229,45 K

7 items found: 7 files (5 H/S), 0 directories.
Total of file sizes: 2 100 839 bytes 2,00 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: A067-C8ED

Katalog: C:\WINDOWS\System32

2005-11-13 17:18 235˙411 ciyptsvc.dll
2005-11-13 17:18 236˙947 k6lqlg3516.dll
2005-11-13 16:09 235˙411 gp8ql3l51.dll
2005-11-13 00:42 236˙024 j6j6lg1s16.dll
2005-11-12 18:52 <DIR> dllcache
2005-11-06 14:08 234˙493 apicap.dll
2005-11-05 16:32 <DIR> Microsoft
5 plik(˘w) 1˙178˙286 bajt˘w
2 katalog(˘w) 26˙023˙690˙240 bajt˘w wolnych

Cytat:

Post13 Lis 2005 17:00 reklamy
Odpowiedz z cytatem Pisownia
O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\en6ml1j11.dll <- look2me, usninstaller masz tutaj:
http://www.pchell.com/support/look2me.shtml
gdyby nie pomogl to potrzebny bedzie log z l2mfix.exe z opcji #1

Zatrzymaj i wylacz usluge w services.msc :
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\V29qdGtvd3NraQ\command.exe
W hijackthis delete nt service wpisz cmdService
Katalog V29qdGtvd3NraQ usun.

MaNiEk115
Nie masz czytac instrukcji tylko sciagnac i uzyc uninstaller do ktorego jest link na stronie.

Katalog jest ukryty, pewnie slyszales o plikach ukrytych i chronionych wiec wylacz w opcjach folderow stosowna opcje, a nastepnie usun katalog.

wyskakuje mi cos takiego:

Cytat:

Look2Me application UnInstaller

An UnInstaller has already been requested twice from you IP address today and the number of requests is limited by two per day, please try again tomorrow.

Thank you for using the Look2Me application.

Tutaj masz:
https://www.elektroda.pl/rtvforum/viewtopic.php?t=387867&highlight=uninstaller

niestety ale nie mam do tego keya...

Key masz na stronie ale widze, ze zepsules juz wczesniej wiec pewnie nie zobaczysz, wiec masz:
KEY: 7Ee41qndTMwg

Nie po to udzielam sie na forum zeby pomagac na gg.

no niestety nie działa nadal wyskakuje strona:
http://www.searc-h.com/normal/yyy65.html
albo ta: http://oas-central.realmedia.com/RealMedia/ad...sx.ads/exactmb/cing5328anascar/cache_bust@x04

Uruchom komputer z plyty instalacyjnej XP, wlacz konsole odzyskiwania i wpisz:

cd C:\WINDOWS\system32

ATTRIB -R-S-H ciyptsvc.dll
ATTRIB -R-S-H k6lqlg3516.dll
ATTRIB -R-S-H gp8ql3l51.dll
ATTRIB -R-S-H j6j6lg1s16.dll

DEL ciyptsvc.dll
DEL k6lqlg3516.dll
DEL gp8ql3l51.dll
DEL j6j6lg1s16.dll

cd C:\WINDOWS\system32\dllcache

ATTRIB -R-S-H apicap.dll

DEL apicap.dll

EXIT

Ewenutalnie mozesz probowac usunac te pliki killbox'em z opcja delete on reboot (wszystkie za jednym razem) ale lepiej zrob to z konsli odzyskiwania.

Jak juz to zrobisz to wlacz windows, otworz sobie notatnik i wklej do niego:

Windows Registry Editor Version 5.00



[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{2F608B19-8520-276A-A229-4994AE0DB8C6}"=-



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{C510EEF1-7608-40EE-83DB-5DF6B48ACFBF}"=-

"{543BAD5A-3E54-426B-B9A9-DE8019A4D869}"=- 



[-HKEY_CLASSES_ROOT\CLSID\{543BAD5A-3E54-426B-B9A9-DE8019A4D869}]

sory ze pytam ale jak sie wlacza konsole odzyskiwania?
lece teraz do szkoły jak wroce to pokombinuje

Tak jak masz tutaj opisane:
http://www.searchengines.pl/phpbb203/index.php?showtopic=14270&st=0&#entry65742

nie znalazł mi
k6lqlg3516.dll
gp8ql3l51.dll
tych plikow i nie dalo sie zrobić ani ATTRIB ani DEL a reszta poszła ok
zrobiłem ten wpis i dalej wyskakuje to

Pewnie, ze wyskakuje bo nazwy plikow juz sie zmienily.To trzeba robic odrazu, a nie czekac nie wiem ile.
Napisz na to forum:
http://www.searchengines.pl/phpbb203/index.php?showforum=99
I wklej tam log z l2mfix, to Ci pomoga.