sukuwuzudu utworzono 13 września 2008 utworzono 13 września 2008 witam mam problem na pasku wyskakuje mi dymek z napisem ,,you have a security probem" i nie umiem sie tego pozbyc w HijackThis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:14:39, on 2008-09-14Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\All Users\Dane aplikacji\febcbohq\rwbcbgtq.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\cssrss.exeC:\Program Files\Gadu-Gadu\gg.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\DOCUME~1\WACICI~1\USTAWI~1\Temp\video1018.cfg.exeC:\WINDOWS\system32\huvwtgjm.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\UAService7.exeC:\WINDOWS\system32\sessmgr.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Gadu-Gadu\gg.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\RDSHOST.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\Crawler\CToolbar.exeC:\Program Files\Internet Explorer\iexplore.exeC:\DOCUME~1\WACICI~1\USTAWI~1\Temp\c.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dllO2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dllO3 - Toolbar: (no name) - {F0993251-2512-4710-AF6E-0A13EA199D02} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dllO4 - HKCU\..\Run: [admdsc] C:\WINDOWS\system32\huvwtgjm.exeO4 - HKCU\..\Run: [somefox] C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\video1018.cfg.exeO4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video AX Object\bpmon.exeO4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video AX Object\smmain.exeO4 - HKLM\..\Policies\Explorer\Run: [iJf6yNojB4] C:\Documents and Settings\All Users\Dane aplikacji\febcbohq\rwbcbgtq.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: .protectedO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: .protectedO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exeO8 - Extra context menu item: Add to AMV Converter... - E:\MP4\MP4 Covernenter\AMVConverter\grab.htmlO8 - Extra context menu item: Crawler Search - tbr:iemenuO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: MediaManager tool grab multimedia file - E:\MP4\MP4 Covernenter\MediaManager\grab.htmlO8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cabO16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_35.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{01A94E11-863A-41CB-ABCC-4AB3D3FC185A}: NameServer = 85.255.113.130,85.255.112.113O17 - HKLM\System\CCS\Services\Tcpip\..\{33307AFB-9F4A-41FE-90A4-9BD321C78838}: NameServer = 85.255.113.130,85.255.112.113O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113O17 - HKLM\System\CS1\Services\Tcpip\..\{01A94E11-863A-41CB-ABCC-4AB3D3FC185A}: NameServer = 85.255.113.130,85.255.112.113O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113O17 - HKLM\System\CS2\Services\Tcpip\..\{01A94E11-863A-41CB-ABCC-4AB3D3FC185A}: NameServer = 85.255.113.130,85.255.112.113O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dllO22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - (no file)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exeO24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/WACICI~1/USTAWI~1/Temp/msohtml1/01/clip_image001.jpg--End of file - 8308 bytes co mam robic?? prosze pomocy
Psycholandia komentarz 13 września 2008 komentarz 13 września 2008 C:\Documents and Settings\All Users\Dane aplikacji\febcbohq\rwbcbgtq.exeC:\WINDOWS\system32\cssrss.exeC:\DOCUME~1\WACICI~1\USTAWI~1\Temp\video1018.cfg.exeC:\WINDOWS\system32\huvwtgjm.exeC:\DOCUME~1\WACICI~1\USTAWI~1\Temp\c.exeO2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dllO3 - Toolbar: (no name) - {F0993251-2512-4710-AF6E-0A13EA199D02} - (no file)O4 - HKCU\..\Run: [admdsc] C:\WINDOWS\system32\huvwtgjm.exeO4 - HKCU\..\Run: [somefox] C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\video1018.cfg.exeO4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video AX Object\bpmon.exeO4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video AX Object\smmain.exeO4 - HKLM\..\Policies\Explorer\Run: [iJf6yNojB4] C:\Documents and Settings\All Users\Dane aplikacji\febcbohq\rwbcbgtq.exeO4 - Startup: .protectedO4 - Global Startup: .protectedO24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/WACICI~1/USTAWI~1/Temp/msohtml1/01/clip_image001.jpg Zaznacz i Fix.
sukuwuzudu komentarz 14 września 2008 Autor komentarz 14 września 2008 dzieki wielkie juz tego nie ma (i niech nie wraca) dzieki jeszcze raz
Mateusz J. komentarz 14 września 2008 komentarz 14 września 2008 Widać szkodliwe DNS, które mogą powodować spowolnienie internetu: O17 - HKLM\System\CCS\Services\Tcpip\..\{01A94E11-863A-41CB-ABCC-4AB3D3FC185A}: NameServer = 85.255.113.130,85.255.112.113O17 - HKLM\System\CCS\Services\Tcpip\..\{33307AFB-9F4A-41FE-90A4-9BD321C78838}: NameServer = 85.255.113.130,85.255.112.113O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113O17 - HKLM\System\CS1\Services\Tcpip\..\{01A94E11-863A-41CB-ABCC-4AB3D3FC185A}: NameServer = 85.255.113.130,85.255.112.113O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113O17 - HKLM\System\CS2\Services\Tcpip\..\{01A94E11-863A-41CB-ABCC-4AB3D3FC185A}: NameServer = 85.255.113.130,85.255.112.113O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - (no file) Fixujesz te wpisy. dzieki wielkie juz tego nie ma (i niech nie wraca)dzieki jeszcze raz Pokaż log z ComboFix, takim sposobem na pewno nie usunąłeś wszystkiego.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.