Tapeta nie do usunięcia (SPYWARE??)

06.06.05, 16:22
Tapetka której nie da sie zmienic. Kiedys na forum byl poruszany ten temat
ale nie moge znaleźć linku.

www.republika.pl/gandalfwww
tak wlasnie wyglada ta tapetka :(

help please
    • bydgosc Re: Tapeta nie do usunięcia (SPYWARE??) 06.06.05, 16:37
      ja bym proponowal przesiasc sie na Linuxa - kto wie co jeszcze zlapiesz.... a tak powanie to wyglada
      fajnie, ja bym zostawil
      • Gość: aga Re: Tapeta nie do usunięcia (SPYWARE??) IP: *.neoplus.adsl.tpnet.pl 06.06.05, 17:59
        Własnie mam to samo :( Czy tu pomoże tylko format?????
        Czyżby nikt napraaawde nie mógł nam pomóc????
        • Gość: barracuda7110 Re: Tapeta nie do usunięcia (SPYWARE??) IP: *.dsl.telepac.pt 06.06.05, 18:10
          mgregor.republika.pl/
          • bydgosc Re: Tapeta nie do usunięcia (SPYWARE??) 06.06.05, 18:18
            ladne na tej stronie... ale mozna inaczej...

            1. bierzesz plyte instalacyjna Linux'a ....

            .
            .
            .
            .
            .
            7. Jestes szczesliwy(a)
            • Gość: Aga do bygdosc IP: *.neoplus.adsl.tpnet.pl 06.06.05, 18:28
              Dzięki za radę... no cóż nie każdy jest informatykiem żeby sobie poradzić w
              taki sposób jaki go przedstawiasz... Komputer to dla mnie (na razie ) maszyna
              do pisania i komunikator ;)
              Pozdrawiam..
              • bydgosc Re: do bygdosc 07.06.05, 12:30
                nic osobistego.... po prostu tez mialem problemy z Win i sie przesiadlem
    • Gość: A Re: Tapeta nie do usunięcia (SPYWARE??) IP: *.neoplus.adsl.tpnet.pl 06.06.05, 18:30
      Logfile of HijackThis v1.99.1
      Scan saved at 18:21:15, on 2005-06-06
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
      E:\Program Files\InCD\InCD.exe
      C:\WINDOWS\System32\paytime.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\WINDOWS\System32\RUNDLL32.EXE
      C:\WINDOWS\System32\newdial1.exe
      E:\Program Files\Gadu-Gadu\gg.exe
      C:\WINDOWS\System32\paytime.exe
      C:\WINDOWS\System32\l?gonui.exe
      C:\WINDOWS\System32\newdial1.exe
      C:\bsw.exe
      E:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\windows\system32\qusrktz.exe
      C:\Documents and Settings\Agnieszka\Pulpit\hijackthis\HijackThis.exe
      C:\WINDOWS\System32\newdial1.exe
      C:\WINDOWS\System32\newdial1.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      195.95.218.172/index.php
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      szukaj.wp.pl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      195.95.218.172/index.php
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      195.95.218.172/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      195.95.218.172/index.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      195.95.218.172/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      195.95.218.172/index.php
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no
      file)
      R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
      file)
      F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} -
      C:\WINDOWS\System32\vbrundll.dll
      O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} -
      C:\WINDOWS\SYSTEM\Loader.dll
      O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} -
      c:\windows\system\BHOmod.dll
      O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32
      \nsl4E.dll
      O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
      Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
      C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
      E:\PROGRA~1\FlashGet\fgiebar.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
      \NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
      Shared\ccApp.exe"
      O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
      Shared\ccRegVfy.exe"
      O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
      Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06
      \bin\jusched.exe
      O4 - HKLM\..\Run: [InCD] E:\Program Files\InCD\InCD.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
      Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
      O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
      O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
      O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security
      iGuard.exe
      O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
      O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
      O4 - HKLM\..\Run: [nzslfvm] c:\windows\system32\qusrktz.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
      \NVMCTRAY.DLL,NvTaskbarInit
      O4 - HKCU\..\Run: [IncrediMail] E:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
      O4 - HKCU\..\Run: [Acun] C:\Program Files\peos\ldor.exe
      O4 - HKCU\..\Run: [Ize] C:\WINDOWS\System32\l?gonui.exe
      O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office\OSA9.EXE
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
      E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O8 - Extra context menu item: &Search -
      bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYPL
      O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program
      Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
      E:\Program Files\FlashGet\jc_all.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
      E:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
      0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra button: Microsoft AntiSpyware helper - {4D257333-2F44-4F92-9632-
      04BAF906E991} - (no file) (HKCU)
      O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4D257333-2F44-4F92-
      9632-04BAF906E991} - (no file) (HKCU)
      O15 - Trusted Zone: *.bestcounter.biz
      O15 - Trusted Zone: *.clickspring.net
      O15 - Trusted Zone: *.mt-download.com
      O15 - Trusted Zone: *.my-internet.info
      O15 - Trusted Zone: *.searchmiracle.com
      O15 - Trusted Zone: *.skoobidoo.com
      O15 - Trusted Zone: *.slotchbar.com
      O15 - Trusted Zone: *.windupdates.com
      O15 - Trusted Zone: *.ysbweb.com
      O15 - Trusted Zone: *.clickspring.net (HKLM)
      O15 - Trusted Zone: *.mt-download.com (HKLM)
      O15 - Trusted Zone: *.my-internet.info (HKLM)
      O15 - Trusted Zone: *.searchmiracle.com (HKLM)
      O15 - Trusted Zone: *.skoobidoo.com (HKLM)
      O15 - Trusted Zone: *.slotchbar.com (HKLM)
      O15 - Trusted Zone: *.windupdates.com (HKLM)
      O15 - T
      • Gość: Aga Jeszcze raz... coś chyba nie wyszło IP: *.neoplus.adsl.tpnet.pl 06.06.05, 18:44
        Logfile of HijackThis v1.99.1
        Scan saved at 18:40:31, on 2005-06-06
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Norton AntiVirus\navapsvc.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
        C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
        E:\Program Files\InCD\InCD.exe
        C:\WINDOWS\System32\paytime.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\WINDOWS\System32\RUNDLL32.EXE
        C:\WINDOWS\System32\newdial1.exe
        E:\Program Files\Gadu-Gadu\gg.exe
        C:\WINDOWS\System32\paytime.exe
        C:\WINDOWS\System32\l?gonui.exe
        C:\WINDOWS\System32\newdial1.exe
        C:\bsw.exe
        E:\PROGRA~1\INCRED~1\bin\IMApp.exe
        c:\windows\system32\qusrktz.exe
        C:\WINDOWS\System32\newdial1.exe
        C:\WINDOWS\System32\newdial1.exe
        C:\Documents and Settings\Agnieszka\Pulpit\hijackthis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        195.95.218.172/index.php
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        szukaj.wp.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        195.95.218.172/index.php
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        195.95.218.172/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        195.95.218.172/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        195.95.218.172/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        195.95.218.172/index.php
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no
        file)
        R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
        file)
        F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} -
        C:\WINDOWS\System32\vbrundll.dll
        O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} -
        C:\WINDOWS\SYSTEM\Loader.dll
        O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} -
        c:\windows\system\BHOmod.dll
        O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32
        \nsl4E.dll
        O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
        Files\Norton AntiVirus\NavShExt.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
        C:\Program Files\Norton AntiVirus\NavShExt.dll
        O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
        E:\PROGRA~1\FlashGet\fgiebar.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
        Shared\ccApp.exe"
        O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
        Shared\ccRegVfy.exe"
        O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
        Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
        O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
        O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06
        \bin\jusched.exe
        O4 - HKLM\..\Run: [InCD] E:\Program Files\InCD\InCD.exe
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
        Shared\Security Center\UsrPrmpt.exe
        O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
        O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
        O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
        O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security
        iGuard.exe
        O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
        O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
        O4 - HKLM\..\Run: [nzslfvm] c:\windows\system32\qusrktz.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
        \NVMCTRAY.DLL,NvTaskbarInit
        O4 - HKCU\..\Run: [IncrediMail] E:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
        O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
        O4 - HKCU\..\Run: [Acun] C:\Program Files\peos\ldor.exe
        O4 - HKCU\..\Run: [Ize] C:\WINDOWS\System32\l?gonui.exe
        O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
        E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
        O8 - Extra context menu item: &Search -
        bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYPL
        O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program
        Files\FlashGet\jc_link.htm
        O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
        E:\Program Files\FlashGet\jc_all.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
        O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
        E:\PROGRA~1\FlashGet\flashget.exe
        O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
        0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
        O9 - Extra button: Microsoft AntiSpyware helper - {4D257333-2F44-4F92-9632-
        04BAF906E991} - (no file) (HKCU)
        O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4D257333-2F44-4F92-
        9632-04BAF906E991} - (no file) (HKCU)
        O15 - Trusted Zone: *.bestcounter.biz
        O15 - Trusted Zone: *.clickspring.net
        O15 - Trusted Zone: *.mt-download.com
        O15 - Trusted Zone: *.my-internet.info
        O15 - Trusted Zone: *.searchmiracle.com
        O15 - Trusted Zone: *.skoobidoo.com
        O15 - Trusted Zone: *.slotchbar.com
        O15 - Trusted Zone: *.windupdates.com
        O15 - Trusted Zone: *.ysbweb.com
        O15 - Trusted Zone: *.clickspring.net (HKLM)
        O15 - Trusted Zone: *.mt-download.com (HKLM)
        O15 - Trusted Zone: *.my-internet.info (HKLM)
        O15 - Trusted Zone: *.searchmiracle.com (HKLM)
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted Zone: *.ysbweb.com (HKLM)
        O15 - Trusted I
        • Gość: barracuda7110 Re: Jeszcze raz... coś chyba nie wyszło IP: *.dsl.telepac.pt 06.06.05, 19:29
          Doklej tylko brakującą część.
        • Gość: barracuda7110 Re: Jeszcze raz... coś chyba nie wyszło IP: *.dsl.telepac.pt 06.06.05, 19:34
          To leci:
          > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          > 195.95.218.172/index.php
          > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          > szukaj.wp.pl
          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          > 195.95.218.172/index.php
          > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          > 195.95.218.172/index.php
          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          > 195.95.218.172/index.php
          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          > 195.95.218.172/index.php
          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          > 195.95.218.172/index.php
          > F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
          Kolobos podawał na forum sposób usunięcia nail.exe
          > O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
          > O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
          > O4 - HKCU\..\Run: [Acun] C:\Program Files\peos\ldor.exe
          > O4 - HKCU\..\Run: [Ize] C:\WINDOWS\System32\l?gonui.exe
          > O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe
          O15 - Trusted Zone: *.bestcounter.biz
          O15 - Trusted Zone: *.clickspring.net
          O15 - Trusted Zone: *.mt-download.com
          O15 - Trusted Zone: *.my-internet.info
          O15 - Trusted Zone: *.searchmiracle.com
          O15 - Trusted Zone: *.skoobidoo.com
          O15 - Trusted Zone: *.slotchbar.com
          O15 - Trusted Zone: *.windupdates.com
          O15 - Trusted Zone: *.ysbweb.com
          O15 - Trusted Zone: *.clickspring.net (HKLM)
          O15 - Trusted Zone: *.mt-download.com (HKLM)
          O15 - Trusted Zone: *.my-internet.info (HKLM)
          O15 - Trusted Zone: *.searchmiracle.com (HKLM)
          O15 - Trusted Zone: *.skoobidoo.com (HKLM)
          O15 - Trusted Zone: *.slotchbar.com (HKLM)
          O15 - Trusted Zone: *.windupdates.com (HKLM)
          O15 - Trusted Zone: *.ysbweb.com (HKLM)
          O15 - Trusted I


          Później zainstaluj poprawki do windowsa, firewalla, antywirusa, alternatywną
          przeglądarkę i nową wersję javy.

          ps nie wiem czy wszystko wyłapałem. Strasznie dużo śmieci masz w logu.
          • Gość: AGA Re: Jeszcze raz... coś chyba nie wyszło IP: *.neoplus.adsl.tpnet.pl 06.06.05, 19:49
            Sorki że zawracam głowę... ale co mam wkleic... to było wszystko co miałam w
            tym pliku... a może jednak nie?....
            i co dalej... ratunku....
            Aga gg 4506686

            PS mam antywira; nortona, ad-aware... czy to za mało???
            • Gość: Aga ech.. prosze tamte usunąć. TO teraz chyba wszystko IP: *.neoplus.adsl.tpnet.pl 06.06.05, 19:54
              Logfile of HijackThis v1.99.1
              Scan saved at 18:40:31, on 2005-06-06
              Platform: Windows XP (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 (6.00.2600.0000)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              C:\Program Files\Norton AntiVirus\navapsvc.exe
              C:\WINDOWS\System32\nvsvc32.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\PROGRA~1\NEOSTR~1\CnxMon.exe
              C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
              C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
              C:\WINDOWS\SOUNDMAN.EXE
              C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
              E:\Program Files\InCD\InCD.exe
              C:\WINDOWS\System32\paytime.exe
              C:\WINDOWS\System32\ctfmon.exe
              C:\WINDOWS\System32\RUNDLL32.EXE
              C:\WINDOWS\System32\newdial1.exe
              E:\Program Files\Gadu-Gadu\gg.exe
              C:\WINDOWS\System32\paytime.exe
              C:\WINDOWS\System32\l?gonui.exe
              C:\WINDOWS\System32\newdial1.exe
              C:\bsw.exe
              E:\PROGRA~1\INCRED~1\bin\IMApp.exe
              c:\windows\system32\qusrktz.exe
              C:\WINDOWS\System32\newdial1.exe
              C:\WINDOWS\System32\newdial1.exe
              C:\Documents and Settings\Agnieszka\Pulpit\hijackthis\HijackThis.exe

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              195.95.218.172/index.php
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
              szukaj.wp.pl
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              195.95.218.172/index.php
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              195.95.218.172/index.php
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
              195.95.218.172/index.php
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              195.95.218.172/index.php
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
              195.95.218.172/index.php
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no
              file)
              R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
              file)
              F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
              C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
              O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} -
              C:\WINDOWS\System32\vbrundll.dll
              O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} -
              C:\WINDOWS\SYSTEM\Loader.dll
              O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} -
              c:\windows\system\BHOmod.dll
              O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32
              \nsl4E.dll
              O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
              O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
              Files\Norton AntiVirus\NavShExt.dll
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
              C:\WINDOWS\System32\msdxm.ocx
              O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
              C:\Program Files\Norton AntiVirus\NavShExt.dll
              O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
              E:\PROGRA~1\FlashGet\fgiebar.dll
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
              \NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
              Shared\ccApp.exe"
              O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
              Shared\ccRegVfy.exe"
              O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
              O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
              Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
              O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
              O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
              O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
              O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06
              \bin\jusched.exe
              O4 - HKLM\..\Run: [InCD] E:\Program Files\InCD\InCD.exe
              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
              Shared\Security Center\UsrPrmpt.exe
              O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
              O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
              O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
              O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security
              iGuard.exe
              O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
              O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
              O4 - HKLM\..\Run: [nzslfvm] c:\windows\system32\qusrktz.exe
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
              O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
              \NVMCTRAY.DLL,NvTaskbarInit
              O4 - HKCU\..\Run: [IncrediMail] E:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
              O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
              O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
              O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
              O4 - HKCU\..\Run: [Acun] C:\Program Files\peos\ldor.exe
              O4 - HKCU\..\Run: [Ize] C:\WINDOWS\System32\l?gonui.exe
              O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
              Office\Office\OSA9.EXE
              O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
              E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
              O8 - Extra context menu item: &Search -
              bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYPL
              O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program
              Files\FlashGet\jc_link.htm
              O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
              E:\Program Files\FlashGet\jc_all.htm
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
              C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
              00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
              O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
              E:\PROGRA~1\FlashGet\flashget.exe
              O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
              0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
              O9 - Extra button: Microsoft AntiSpyware helper - {4D257333-2F44-4F92-9632-
              04BAF906E991} - (no file) (HKCU)
              O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4D257333-2F44-4F92-
              9632-04BAF906E991} - (no file) (HKCU)
              O15 - Trusted Zone: *.bestcounter.biz
              O15 - Trusted Zone: *.clickspring.net
              O15 - Trusted Zone: *.mt-download.com
              O15 - Trusted Zone: *.my-internet.info
              O15 - Trusted Zone: *.searchmiracle.com
              O15 - Trusted Zone: *.skoobidoo.com
              O15 - Trusted Zone: *.slotchbar.com
              O15 - Trusted Zone: *.windupdates.com
              O15 - Trusted Zone: *.ysbweb.com
              O15 - Trusted Zone: *.clickspring.net (HKLM)
              O15 - Trusted Zone: *.mt-download.com (HKLM)
              O15 - Trusted Zone: *.my-internet.info (HKLM)
              O15 - Trusted Zone: *.searchmiracle.com (HKLM)
              O15 - Trusted Zone: *.skoobidoo.com (HKLM)
              O15 - Trusted Zone: *.slotchbar.com (HKLM)
              O15 - Trusted Zone: *.windupdates.com (HKLM)
              O15 - Trusted Zone: *.ysbweb.com (HKLM)
              O15 - Trusted I
              • Gość: Kolobos Re: ech.. prosze tamte usunąć. TO teraz chyba wsz IP: *.warszawa.sdi.tpnet.pl 06.06.05, 20:12
                Zrob to co napisalem w innym poscie w tym watku, a log z hijackthis sie nie
                miesci caly w jednym poscie bo jest ograniczenie ilosci wierszy/znakow na
                gazecie i musisz dokleic brakujacy koniec w drugim poscie ;-)
                Ale najpierw zrob to co napisalem tutaj:
                forum.gazeta.pl/forum/72,2.html?f=430&w=24837187&a=24845456
        • Gość: Kolobos Re: Jeszcze raz... coś chyba nie wyszło IP: *.warszawa.sdi.tpnet.pl 06.06.05, 19:45
          Opis usuwania tepety jest tutaj:
          www.searchengines.pl/phpbb203/index.php?showtopic=31936

          Przeskanuj sobie system tym:
          download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe

          I usun to co znajdzie.

          Zamknij porty tym:
          www.firewallleaktester.com/tools/wwdc.exe
          Jak juz to zrobisz to wklej nowy log z hijackthis.
Pełna wersja