Jak by ktoś mógł to niech mi napisze jak moge zmienić tapete po usunięci Spyware infection… Dalej mam tą tapete i nie moge jej zmienić Mo numer GG 9099810. Piszcie nawet jak mnie nie ma :] Albo odpowiedzcie na Forum. :] Dzieki Wielkie:]

podobny temat

Wstaw log z hijacka

To coś z hijacka

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

1. Wyłączyć Przywracanie systemu w XP TU

2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

4. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

5. Dokończyć skanerami online - Scanery do wyboru

6. Pokazać nowy log

Daj log z Silent-a - opis: http://www.searchengines.pl/phpbb203/in … opic=15989

OK Wiem jak włączyć kompa w trybie awaryjnym ale nie wiem jak to zrobić bez internety:/

Nie rozumie masz usunac zaznaczone pliki na poczateki dopiero jak zrobisz jak to zrobisz start do trybu normalnego i opcjanr 5 i 6 oraz log z Silenta

Sorki:) to jest wszystko:] z tego Silenta:P

“Silent Runners.vbs”, revision 43, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

---

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“NVIEW” = “rundll32.exe nview.dll,nViewLoadHook” [MS]

“PcSync” = “J:\Gry\Nokia 6610i\Nokia PC Suite 6\PcSync2.exe /NoDialog” [“Time Information Services Ltd.”]

“Gadu-Gadu” = ““J:\Gry\Gadu-gadu 6.0\gg.exe” /tray” [“sms-express.com”]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“CoolSwitch” = “C:\WINDOWS\System32\taskswitch.exe” [null data]

“FastUser” = “C:\WINDOWS\System32\fast.exe” [MS]

“LWBMOUSE” = “C:\Program Files\Browser Mouse_1.0\lwbwheel.exe” [empty string]

“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]

“NeroCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“CloneCDElbyCDFL” = ““C:\Program Files\CloneCD\ElbyCheck.exe” /L ElbyCDFL” [“Elaborate Bytes AG”]

“MediaKey” = “C:\PROGRA~1\MediaKey\MMKeybd.EXE” [“Dritek System Inc.”]

“USBKBDrv” = “C:\PROGRA~1\MediaKey\KPDrv4XP.EXE” [“Dritek System Inc.”]

“WinampAgent” = ““C:\Program Files\Winamp\Winampa.exe”” [file not found]

“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS]

“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]

“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” [MS]

“PCSuiteTrayApplication” = “J:\Gry\Nokia 6610i\Nokia PC Suite 6\LaunchApplication.exe -onlytray” [“Nokia”]

“DataLayer” = “C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [“Nokia Mobile Phones Ltd.”]

“avast!” = “J:\Gry\AVAST4~1.0AN\ashDisp.exe” [null data]

“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”]

HKLM\Software\Microsoft\Active Setup\Installed Components\

{306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided)

\StubPath = ““C:\WINDOWS\System32\rundll32.exe” “C:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = “SSVHelper Class” [from CLSID]

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {CLSID}\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]

“{709C6E11-538F-4759-86AC-6ACB302AA0DE}” = “Desktop Manager”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\msvdm.dll” [null data]

“{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}” = “PhotoToys”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\phototoys.dll” [MS]

“{efb97cb8-a4a4-4357-a261-002ffaed0267}” = “CD Slideshow Powertoy”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\slideshow.dll” [MS]

“{0E6C58A9-F592-4862-B35F-CA45E24003B3}” = “CloneCD”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\CloneCD\ElbyVCDShell.dll” [“Elaborate Bytes”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Office Xp\Office10\msohev.dll” [MS]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitów”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]

“{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.11 Context Menu Shell Extension”

-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]

“{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.11 DragDrop Shell Extension”

-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]

“{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.11 Context Menu Shell Extension”

-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]

“{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.11 Property Sheet Shell Extension”

-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]

“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”

-> {CLSID}\InProcServer32(Default) = “J:\Gry\real\rpshell.dll” [“RealNetworks, Inc.”]

“{40950107-FEA6-4d53-A65F-B2DCBA57DD58}” = “Nokia Phone Browser”

-> {CLSID}\InProcServer32(Default) = “J:\Gry\Nokia 6610i\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”]

“{FBFE7864-D495-41f0-B7DC-4BB601CC295E}” = “Contact View”

-> {CLSID}\InProcServer32(Default) = “J:\Gry\Nokia 6610i\Nokia PC Suite 6\ContactView.dll” [“Nokia”]

“{C0C4375A-5B72-4efe-929D-3B848C3A1E91}” = “Message View”

-> {CLSID}\InProcServer32(Default) = “J:\Gry\Nokia 6610i\Nokia PC Suite 6\MessageView.dll” [“Nokia”]

“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”

-> {CLSID}\InProcServer32(Default) = “J:\Gry\Avast 4.0 antywirus\ashShell.dll” [“ALWIL Software”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {CLSID}\InProcServer32(Default) = “J:\Gry\Avast 4.0 antywirus\ashShell.dll” [“ALWIL Software”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}”

-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}”

-> {CLSID}\InProcServer32(Default) = “C:\Documents and Settings\jb\Pulpit\Programy\WinAce\arcext.dll” [file not found]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {CLSID}\InProcServer32(Default) = “J:\Gry\Avast 4.0 antywirus\ashShell.dll” [“ALWIL Software”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies [Description] {enabled Group Policy setting}:

---

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

HIJACK WARNING! “ForceActiveDesktopOn”=dword:00000001

[enables Active Desktop and prevents disabling it]

{User Configuration|Administrative Templates|Desktop|Active Desktop|

Enable Active Desktop}

HIJACK WARNING! “Wallpaper” = “C:\WINDOWS\desktop.html”

[disables the Display Properties|Desktop (tab) (except the "Customize

Desktop…" button); selects wallpaper if Active Desktop is enabled]

{User Configuration|Administrative Templates|Desktop|Active Desktop|

Active Desktop Wallpaper|Wallpaper Name:}

Active Desktop and Wallpaper:

---

Active Desktop enabled via Group Policy.

Wallpaper selected via Group Policy.

Enabled Screen Saver:

---

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]

Startup items in “Rafałek” & “All Users” startup folders:

---

C:\Documents and Settings\Rafałek\Menu Start\Programy\Autostart

“Webshots” -> shortcut to: “J:\Gry\Program do zmiany tapety\Launcher.exe /t” [null data]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Microsoft Office” -> shortcut to: “C:\Program Files\Office Xp\Office10\OSA.EXE -b -l” [MS]

“Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”]

Winsock2 Service Provider DLLs:

---

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

---

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = “Yahoo! Toolbar” [from CLSID]

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = “Yahoo! Toolbar” [from CLSID]

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]

Running Services (Display Name, Service Name, Path {Service DLL}):

---

avast! Antivirus, avast! Antivirus, ““J:\Gry\Avast 4.0 antywirus\ashServ.exe”” [null data]

avast! iAVS4 Control Service, aswUpdSv, ““J:\Gry\Avast 4.0 antywirus\aswUpdSv.exe”” [null data]

avast! Mail Scanner, avast! Mail Scanner, ““J:\Gry\Avast 4.0 antywirus\ashMaiSv.exe” /service” [“ALWIL Software”]

avast! Web Scanner, avast! Web Scanner, ““J:\Gry\Avast 4.0 antywirus\ashWebSv.exe” /service” [“ALWIL Software”]

InteractiveLogon, InteractiveLogon, “C:\WINDOWS\System32\Fast.exe -service” [MS]

NVIDIA Driver Helper Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]

StyleXPService, StyleXPService, ““C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”” [empty string]

---

• This report excludes default entries except where indicated.

• To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

• To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer “No” at the first message box.

---------- (total run time: 117 seconds, including 4 seconds for message boxes)

Otworz notatnik i wklej:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

Po tym, jeśli jeszcze nie zadziała, proszę się upewnić iż jest:

Prawy klik na Pulpit >>> Właściwości >>> Pulpit >>> Dostosuj Pulpit >>> Sieć Web >>> odznaczona opcja Blokuj elementy pulpitu

Gutek Dzieki wielkie już mi wszystko normalnie działa:] Bardzo bym cie prosił podaj mi numer GG bo mój kumpel ma taki sam problem a ja mu nie pomoge bo sie na tym nie znam tzn. Na tym Hijacku:( Jeszcze rez dzieki wielkie i BIG RESPECT

Złączono Posta : 22.01.2006 (Nie) 19:44

Od niedawna zaczeły mi wyskakiwac komunikaty ze czas na połączenie z internetem upłyną i czy mam czekać dalej… Te komunikATY Są BARDZO DENERWUJąCE… Jeżeli ktoś zna powód i jego rozwiązanie prosze o ODP. Dzieki:] :mrgreen: