Jak by ktoś mógł to niech mi napisze jak moge zmienić tapete po usunięci Spyware infection… Dalej mam tą tapete i nie moge jej zmienić Mo numer GG 9099810. Piszcie nawet jak mnie nie ma :] Albo odpowiedzcie na Forum. :] Dzieki Wielkie:]
Wstaw log z hijacka
To coś z hijacka
====================================
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.
Pozdrawiam kuz5
-
Wyłączyć Przywracanie systemu w XP TU
-
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
-
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
-
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
-
Dokończyć skanerami online - Scanery do wyboru
-
Pokazać nowy log
Daj log z Silent-a - opis: http://www.searchengines.pl/phpbb203/in … opic=15989
OK Wiem jak włączyć kompa w trybie awaryjnym ale nie wiem jak to zrobić bez internety:/
Nie rozumie masz usunac zaznaczone pliki na poczateki dopiero jak zrobisz jak to zrobisz start do trybu normalnego i opcjanr 5 i 6 oraz log z Silenta
Sorki:) to jest wszystko:] z tego Silenta:P
“Silent Runners.vbs”, revision 43, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“NVIEW” = “rundll32.exe nview.dll,nViewLoadHook” [MS]
“PcSync” = “J:\Gry\Nokia 6610i\Nokia PC Suite 6\PcSync2.exe /NoDialog” [“Time Information Services Ltd.”]
“Gadu-Gadu” = ““J:\Gry\Gadu-gadu 6.0\gg.exe” /tray” [“sms-express.com”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“CoolSwitch” = “C:\WINDOWS\System32\taskswitch.exe” [null data]
“FastUser” = “C:\WINDOWS\System32\fast.exe” [MS]
“LWBMOUSE” = “C:\Program Files\Browser Mouse_1.0\lwbwheel.exe” [empty string]
“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“NeroCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“CloneCDElbyCDFL” = ““C:\Program Files\CloneCD\ElbyCheck.exe” /L ElbyCDFL” [“Elaborate Bytes AG”]
“MediaKey” = “C:\PROGRA~1\MediaKey\MMKeybd.EXE” [“Dritek System Inc.”]
“USBKBDrv” = “C:\PROGRA~1\MediaKey\KPDrv4XP.EXE” [“Dritek System Inc.”]
“WinampAgent” = ““C:\Program Files\Winamp\Winampa.exe”” [file not found]
“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS]
“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]
“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” [MS]
“PCSuiteTrayApplication” = “J:\Gry\Nokia 6610i\Nokia PC Suite 6\LaunchApplication.exe -onlytray” [“Nokia”]
“DataLayer” = “C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [“Nokia Mobile Phones Ltd.”]
“avast!” = “J:\Gry\AVAST4~1.0AN\ashDisp.exe” [null data]
“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided)
\StubPath = ““C:\WINDOWS\System32\rundll32.exe” “C:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = “SSVHelper Class” [from CLSID]
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {CLSID}\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{709C6E11-538F-4759-86AC-6ACB302AA0DE}” = “Desktop Manager”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\msvdm.dll” [null data]
“{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}” = “PhotoToys”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\phototoys.dll” [MS]
“{efb97cb8-a4a4-4357-a261-002ffaed0267}” = “CD Slideshow Powertoy”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\slideshow.dll” [MS]
“{0E6C58A9-F592-4862-B35F-CA45E24003B3}” = “CloneCD”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\CloneCD\ElbyVCDShell.dll” [“Elaborate Bytes”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Office Xp\Office10\msohev.dll” [MS]
“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitów”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.11 Context Menu Shell Extension”
-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]
“{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.11 DragDrop Shell Extension”
-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]
“{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.11 Context Menu Shell Extension”
-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]
“{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.11 Property Sheet Shell Extension”
-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {CLSID}\InProcServer32(Default) = “J:\Gry\real\rpshell.dll” [“RealNetworks, Inc.”]
“{40950107-FEA6-4d53-A65F-B2DCBA57DD58}” = “Nokia Phone Browser”
-> {CLSID}\InProcServer32(Default) = “J:\Gry\Nokia 6610i\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”]
“{FBFE7864-D495-41f0-B7DC-4BB601CC295E}” = “Contact View”
-> {CLSID}\InProcServer32(Default) = “J:\Gry\Nokia 6610i\Nokia PC Suite 6\ContactView.dll” [“Nokia”]
“{C0C4375A-5B72-4efe-929D-3B848C3A1E91}” = “Message View”
-> {CLSID}\InProcServer32(Default) = “J:\Gry\Nokia 6610i\Nokia PC Suite 6\MessageView.dll” [“Nokia”]
“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”
-> {CLSID}\InProcServer32(Default) = “J:\Gry\Avast 4.0 antywirus\ashShell.dll” [“ALWIL Software”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {CLSID}\InProcServer32(Default) = “J:\Gry\Avast 4.0 antywirus\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}”
-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}”
-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {CLSID}\InProcServer32(Default) = “J:\Gry\Avast 4.0 antywirus\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies [Description] {enabled Group Policy setting}:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! “ForceActiveDesktopOn”=dword:00000001
[enables Active Desktop and prevents disabling it]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Enable Active Desktop}
HIJACK WARNING! “Wallpaper” = “C:\WINDOWS\desktop.html”
[disables the Display Properties|Desktop (tab) (except the "Customize
Desktop…" button); selects wallpaper if Active Desktop is enabled]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Active Desktop Wallpaper|Wallpaper Name:}
Active Desktop and Wallpaper:
Active Desktop enabled via Group Policy.
Wallpaper selected via Group Policy.
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]
Startup items in “Rafałek” & “All Users” startup folders:
C:\Documents and Settings\Rafałek\Menu Start\Programy\Autostart
“Webshots” -> shortcut to: “J:\Gry\Program do zmiany tapety\Launcher.exe /t” [null data]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Microsoft Office” -> shortcut to: “C:\Program Files\Office Xp\Office10\OSA.EXE -b -l” [MS]
“Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = “Yahoo! Toolbar” [from CLSID]
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = “Yahoo! Toolbar” [from CLSID]
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]
Running Services (Display Name, Service Name, Path {Service DLL}):
avast! Antivirus, avast! Antivirus, ““J:\Gry\Avast 4.0 antywirus\ashServ.exe”” [null data]
avast! iAVS4 Control Service, aswUpdSv, ““J:\Gry\Avast 4.0 antywirus\aswUpdSv.exe”” [null data]
avast! Mail Scanner, avast! Mail Scanner, ““J:\Gry\Avast 4.0 antywirus\ashMaiSv.exe” /service” [“ALWIL Software”]
avast! Web Scanner, avast! Web Scanner, ““J:\Gry\Avast 4.0 antywirus\ashWebSv.exe” /service” [“ALWIL Software”]
InteractiveLogon, InteractiveLogon, “C:\WINDOWS\System32\Fast.exe -service” [MS]
NVIDIA Driver Helper Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]
StyleXPService, StyleXPService, ““C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”” [empty string]
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer “No” at the first message box.
---------- (total run time: 117 seconds, including 4 seconds for message boxes)
Otworz notatnik i wklej:
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa
Po tym, jeśli jeszcze nie zadziała, proszę się upewnić iż jest:
Prawy klik na Pulpit >>> Właściwości >>> Pulpit >>> Dostosuj Pulpit >>> Sieć Web >>> odznaczona opcja Blokuj elementy pulpitu
Gutek Dzieki wielkie już mi wszystko normalnie działa:] Bardzo bym cie prosił podaj mi numer GG bo mój kumpel ma taki sam problem a ja mu nie pomoge bo sie na tym nie znam tzn. Na tym Hijacku:( Jeszcze rez dzieki wielkie i BIG RESPECT
Złączono Posta : 22.01.2006 (Nie) 19:44
Od niedawna zaczeły mi wyskakiwac komunikaty ze czas na połączenie z internetem upłyną i czy mam czekać dalej… Te komunikATY Są BARDZO DENERWUJąCE… Jeżeli ktoś zna powód i jego rozwiązanie prosze o ODP. Dzieki:] :mrgreen: