gandalfwww 06.06.05, 16:22 Tapetka której nie da sie zmienic. Kiedys na forum byl poruszany ten temat ale nie moge znaleźć linku. www.republika.pl/gandalfwww tak wlasnie wyglada ta tapetka :( help please Odpowiedz Link Zgłoś czytaj wygodnie posty
bydgosc Re: Tapeta nie do usunięcia (SPYWARE??) 06.06.05, 16:37 ja bym proponowal przesiasc sie na Linuxa - kto wie co jeszcze zlapiesz.... a tak powanie to wyglada fajnie, ja bym zostawil Odpowiedz Link Zgłoś
Gość: aga Re: Tapeta nie do usunięcia (SPYWARE??) IP: *.neoplus.adsl.tpnet.pl 06.06.05, 17:59 Własnie mam to samo :( Czy tu pomoże tylko format????? Czyżby nikt napraaawde nie mógł nam pomóc???? Odpowiedz Link Zgłoś
Gość: barracuda7110 Re: Tapeta nie do usunięcia (SPYWARE??) IP: *.dsl.telepac.pt 06.06.05, 18:10 mgregor.republika.pl/ Odpowiedz Link Zgłoś
bydgosc Re: Tapeta nie do usunięcia (SPYWARE??) 06.06.05, 18:18 ladne na tej stronie... ale mozna inaczej... 1. bierzesz plyte instalacyjna Linux'a .... . . . . . 7. Jestes szczesliwy(a) Odpowiedz Link Zgłoś
Gość: Aga do bygdosc IP: *.neoplus.adsl.tpnet.pl 06.06.05, 18:28 Dzięki za radę... no cóż nie każdy jest informatykiem żeby sobie poradzić w taki sposób jaki go przedstawiasz... Komputer to dla mnie (na razie ) maszyna do pisania i komunikator ;) Pozdrawiam.. Odpowiedz Link Zgłoś
bydgosc Re: do bygdosc 07.06.05, 12:30 nic osobistego.... po prostu tez mialem problemy z Win i sie przesiadlem Odpowiedz Link Zgłoś
Gość: A Re: Tapeta nie do usunięcia (SPYWARE??) IP: *.neoplus.adsl.tpnet.pl 06.06.05, 18:30 Logfile of HijackThis v1.99.1 Scan saved at 18:21:15, on 2005-06-06 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe E:\Program Files\InCD\InCD.exe C:\WINDOWS\System32\paytime.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\newdial1.exe E:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\paytime.exe C:\WINDOWS\System32\l?gonui.exe C:\WINDOWS\System32\newdial1.exe C:\bsw.exe E:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Internet Explorer\iexplore.exe c:\windows\system32\qusrktz.exe C:\Documents and Settings\Agnieszka\Pulpit\hijackthis\HijackThis.exe C:\WINDOWS\System32\newdial1.exe C:\WINDOWS\System32\newdial1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 195.95.218.172/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 195.95.218.172/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 195.95.218.172/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 195.95.218.172/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32 \nsl4E.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32 \NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06 \bin\jusched.exe O4 - HKLM\..\Run: [InCD] E:\Program Files\InCD\InCD.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe O4 - HKLM\..\Run: [nzslfvm] c:\windows\system32\qusrktz.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32 \NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [IncrediMail] E:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKCU\..\Run: [Acun] C:\Program Files\peos\ldor.exe O4 - HKCU\..\Run: [Ize] C:\WINDOWS\System32\l?gonui.exe O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Search - bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYPL O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29- 0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Microsoft AntiSpyware helper - {4D257333-2F44-4F92-9632- 04BAF906E991} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4D257333-2F44-4F92- 9632-04BAF906E991} - (no file) (HKCU) O15 - Trusted Zone: *.bestcounter.biz O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - T Odpowiedz Link Zgłoś
Gość: Aga Jeszcze raz... coś chyba nie wyszło IP: *.neoplus.adsl.tpnet.pl 06.06.05, 18:44 Logfile of HijackThis v1.99.1 Scan saved at 18:40:31, on 2005-06-06 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe E:\Program Files\InCD\InCD.exe C:\WINDOWS\System32\paytime.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\newdial1.exe E:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\paytime.exe C:\WINDOWS\System32\l?gonui.exe C:\WINDOWS\System32\newdial1.exe C:\bsw.exe E:\PROGRA~1\INCRED~1\bin\IMApp.exe c:\windows\system32\qusrktz.exe C:\WINDOWS\System32\newdial1.exe C:\WINDOWS\System32\newdial1.exe C:\Documents and Settings\Agnieszka\Pulpit\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 195.95.218.172/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 195.95.218.172/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 195.95.218.172/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 195.95.218.172/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32 \nsl4E.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32 \NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06 \bin\jusched.exe O4 - HKLM\..\Run: [InCD] E:\Program Files\InCD\InCD.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe O4 - HKLM\..\Run: [nzslfvm] c:\windows\system32\qusrktz.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32 \NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [IncrediMail] E:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKCU\..\Run: [Acun] C:\Program Files\peos\ldor.exe O4 - HKCU\..\Run: [Ize] C:\WINDOWS\System32\l?gonui.exe O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Search - bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYPL O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29- 0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Microsoft AntiSpyware helper - {4D257333-2F44-4F92-9632- 04BAF906E991} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4D257333-2F44-4F92- 9632-04BAF906E991} - (no file) (HKCU) O15 - Trusted Zone: *.bestcounter.biz O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted I Odpowiedz Link Zgłoś
Gość: barracuda7110 Re: Jeszcze raz... coś chyba nie wyszło IP: *.dsl.telepac.pt 06.06.05, 19:29 Doklej tylko brakującą część. Odpowiedz Link Zgłoś
Gość: barracuda7110 Re: Jeszcze raz... coś chyba nie wyszło IP: *.dsl.telepac.pt 06.06.05, 19:34 To leci: > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > 195.95.218.172/index.php > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = > szukaj.wp.pl > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = > 195.95.218.172/index.php > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > 195.95.218.172/index.php > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > 195.95.218.172/index.php > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = > 195.95.218.172/index.php > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = > 195.95.218.172/index.php > F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe Kolobos podawał na forum sposób usunięcia nail.exe > O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe > O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe > O4 - HKCU\..\Run: [Acun] C:\Program Files\peos\ldor.exe > O4 - HKCU\..\Run: [Ize] C:\WINDOWS\System32\l?gonui.exe > O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe O15 - Trusted Zone: *.bestcounter.biz O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted I Później zainstaluj poprawki do windowsa, firewalla, antywirusa, alternatywną przeglądarkę i nową wersję javy. ps nie wiem czy wszystko wyłapałem. Strasznie dużo śmieci masz w logu. Odpowiedz Link Zgłoś
Gość: AGA Re: Jeszcze raz... coś chyba nie wyszło IP: *.neoplus.adsl.tpnet.pl 06.06.05, 19:49 Sorki że zawracam głowę... ale co mam wkleic... to było wszystko co miałam w tym pliku... a może jednak nie?.... i co dalej... ratunku.... Aga gg 4506686 PS mam antywira; nortona, ad-aware... czy to za mało??? Odpowiedz Link Zgłoś
Gość: Aga ech.. prosze tamte usunąć. TO teraz chyba wszystko IP: *.neoplus.adsl.tpnet.pl 06.06.05, 19:54 Logfile of HijackThis v1.99.1 Scan saved at 18:40:31, on 2005-06-06 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe E:\Program Files\InCD\InCD.exe C:\WINDOWS\System32\paytime.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\newdial1.exe E:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\paytime.exe C:\WINDOWS\System32\l?gonui.exe C:\WINDOWS\System32\newdial1.exe C:\bsw.exe E:\PROGRA~1\INCRED~1\bin\IMApp.exe c:\windows\system32\qusrktz.exe C:\WINDOWS\System32\newdial1.exe C:\WINDOWS\System32\newdial1.exe C:\Documents and Settings\Agnieszka\Pulpit\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 195.95.218.172/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 195.95.218.172/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 195.95.218.172/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 195.95.218.172/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32 \nsl4E.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32 \NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06 \bin\jusched.exe O4 - HKLM\..\Run: [InCD] E:\Program Files\InCD\InCD.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe O4 - HKLM\..\Run: [nzslfvm] c:\windows\system32\qusrktz.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32 \NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [IncrediMail] E:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKCU\..\Run: [Acun] C:\Program Files\peos\ldor.exe O4 - HKCU\..\Run: [Ize] C:\WINDOWS\System32\l?gonui.exe O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Search - bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYPL O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29- 0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Microsoft AntiSpyware helper - {4D257333-2F44-4F92-9632- 04BAF906E991} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4D257333-2F44-4F92- 9632-04BAF906E991} - (no file) (HKCU) O15 - Trusted Zone: *.bestcounter.biz O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted I Odpowiedz Link Zgłoś
Gość: Kolobos Re: ech.. prosze tamte usunąć. TO teraz chyba wsz IP: *.warszawa.sdi.tpnet.pl 06.06.05, 20:12 Zrob to co napisalem w innym poscie w tym watku, a log z hijackthis sie nie miesci caly w jednym poscie bo jest ograniczenie ilosci wierszy/znakow na gazecie i musisz dokleic brakujacy koniec w drugim poscie ;-) Ale najpierw zrob to co napisalem tutaj: forum.gazeta.pl/forum/72,2.html?f=430&w=24837187&a=24845456 Odpowiedz Link Zgłoś
Gość: Kolobos Re: Jeszcze raz... coś chyba nie wyszło IP: *.warszawa.sdi.tpnet.pl 06.06.05, 19:45 Opis usuwania tepety jest tutaj: www.searchengines.pl/phpbb203/index.php?showtopic=31936 Przeskanuj sobie system tym: download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe I usun to co znajdzie. Zamknij porty tym: www.firewallleaktester.com/tools/wwdc.exe Jak juz to zrobisz to wklej nowy log z hijackthis. Odpowiedz Link Zgłoś