C:secury32.html

[Gość: Zielony]

Jestem zielony z naprawy komp. Mam proble. Jak wlaczam IE pojawia sie napis
file:///c:/secure32.html Co mam zrobic by komp działał poprawnie. Podaje log
z Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:41:46, on 2006-01-29
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\AVPersonal\AVGUARD.EXE
F:\Program Files\AVPersonal\AVWUPSRV.EXE
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\HPZipm12.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\dllhost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Winamp\winampa.exe
F:\WINDOWS\Mixer.exe
F:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
F:\Program Files\AVPersonal\AVGNT.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\System32\paytime.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Gadu-Gadu\gg.exe
F:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\DOCUME~1\bmc\USTAWI~1\Temp\Rar$EX00.469\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_05
\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] "F:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [PayTime] F:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Komunikator] F:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Shell] "F:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00001.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = F:\Program
Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
F:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - F:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
F:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - F:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: F:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
components.viewpoint.com/MTSInstallers/MetaStream3.cab?
url=www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?
1&4&04.00.07.02&unknown&unknown&www.bcgis.com.pl/ww.html
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{89879426-DB34-4778-8746-
E4878C8223A1}: NameServer = 192.168.1.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
F:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
F:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe

Pomocy

[barracuda7110]

tinyurl.com/dldzq

[barracuda7110]

www.windowsupdate.com; zmiana przeglądarki na alternatywną; instalacja firewalla
i antywirusa.

[Gość: Zielony]

Dziekuje ale nie poskutkowalo a na stronie ktora podales/as jako pierwsza nie
ma nikc o moim problemie Pomocy

[Gość: k]

W menadzerze zadan zakoncz:
F:\WINDOWS\System32\paytime.exe

W hijackthis usun:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html <- usun plik
O4 - HKLM\..\Run: [PayTime] F:\WINDOWS\System32\paytime.exe <- usun plik
O4 - HKCU\..\Run: [Shell] "F:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00001.exe" <- usun plik
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
F:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - F:\WINDOWS\web\related.htm

Skan tym:
ftp://download.hirekmedia.hu/ssfsetup1_0.exe <- zrob update przed skanowaniem,
po przeskanowaniu odinstaluj.
download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
przeskanowaniu odinstaluj.
Zamknij porty w wwdc:
www.firewallleaktester.com/tools/wwdc.exe
Zmien przegladarke na Opere lub Firefox i nie uzywaj IE.

ratunku

[Gość: evcik1]

ratunku ludzie !!! ja mam cos takiego i kompletnie nie wiem co z tym zrobic -
zaznaczam za jestem zielona jesli chodzi o te sprawy. plisss mozek tos bedzie
na tyle dobry zeby mi pomoc


Logfile of HijackThis v1.99.1
Scan saved at 19:06:44, on 29-01-2006
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\S3TRAY.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\PROGRAM FILES\SONY ERICSSON\WIRELESS MANAGER\GCXXMANAGER.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\PAYTIME.EXE
C:\WINSTALL.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINDOWS\dslaunch.exe
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless
Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4
\ashServ.exe
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
O4 - Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80
\Tools\Binn\sqlmangr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O15 - Trusted Zone: skaner.mks.com.pl
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/d013/mailcfg.ocx
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
67.15.101.3/g_bin/pl/cards_2_0_0_64.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_23.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) -
67.15.101.3/g_bin/pl/mahjong_2_0_0_20.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O16 - DPF: {11111111-1111-1111-1111-111111111111} -
www.akty.pl/www/oral.exe
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) -
static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab

[barracuda7110]

1. windowsy 95, 98, 98 SE, Millenium nie nadają się do kompów, do których jest
podłączony net.

To tniesz:
> C:\WINDOWS\SYSTEM\PAYTIME.EXE
> C:\WINSTALL.EXE
Usuń pliki winstall.exe i paytime.exe

> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> c:\secure32.html
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> c:\secure32.html
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> c:\secure32.html
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> c:\secure32.html
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
> c:\secure32.html
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
> c:\secure32.html
Usuń plik secure32.html

> O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
> O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
Usuń plik ibm00001.exe

Nie wiem czy nie będzie trzeba pozakańczać w menedżerze zadań powyższych procesów.

Jeżeli masz w miarę mocną maszynę to zmień system. Ewentualnie zainstaluj
firewalla, i alternatywną przeglądarkę.