You Computer Might Be At Risk

[r0bu$]

raz na dwie godziny a czasmi nawet czesciej pracy z komputerem i internetem pokazuje mi sie balonik z pismem You computer might be at risk ... reszte zobaczcie na scrimie !!:(

 

 

pokazuje mi sie tak po dwuch godzinach a potym baloniku pokazuje mi sie druga tabelka ktora zobaczycie na screenie 1 :( i jest do wyboru yes i No

 

 

mam Kerio Personal Firewall , SP2 [w czym FW jest wyłączony] wiec to nie ejst windowsoski FW bo by nie byl angielski mysle ze ejste to jakis SPY czy co jakis robak moze wirus skanowalem adawarem spybot avastem i nie usunelo tego nawet nie znalazlo :( pomozcie co mam robic :( :(:( POMOCY

Edytowane 13 Września 2005 przez r0bu$

[alcapone]

Start -> Panel Sterowania -> Centrum Zabezpieczen -> Ostatnia pozycja po Lewej (Zmien sposob informowania mnie przez Centrum Zabezpieczen)

 

odchacz wszystko

[Kolobos]

Wklej log (zawartosc pliku txy) z hijackthis, a sam hijackthis znajdziesz na google.

[r0bu$]

to jest moj log z WINDOWS 98

 

Logfile of HijackThis v1.99.1Scan saved at 16:56:25, on 05-09-14Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RACONFIG.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\WINDOWS\REGEDIT.EXEC:\WINDOWS\REGEDIT.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\PULPIT\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=2594R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=2594R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=2594R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Właśnie siedzisz sobie w necie u ..::rObjoz'a::.. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\SYSTEM\HLWIN.DLL  (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLLO2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FLASHFXP\IEFLASH.DLLO2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKCU\..\Run: [Gadu-Gadu] "F:\GADU-GADU\GG.EXE" /trayO4 - Startup: RaConfig.lnk = C:\WINDOWS\SYSTEM\RaConfig.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cabO17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = khjkO17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = 194.204.159.1O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.161.131,85.255.112.14

[r0bu$]

A to moj z XP [ mam prboelmy na dwoch systemach lecz ten balonik jest na XP ] powiedzcie co mam usunac jak usunac czym itd

 

Logfile of HijackThis v1.99.1Scan saved at 16:59:57, on 2005-09-14Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\csrss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\Explorer.EXED:\WINDOWS\system32\spoolsv.exeD:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exeD:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exeD:\WINDOWS\System32\alg.exeF:\Gadu-Gadu\gg.exeD:\WINDOWS\system32\RaConfig.exeD:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exeC:\WINDOWS\Pulpit\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = właśnie siedzisz sobie w necie u .::r0bjoz'a::.R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO1 - Hosts: localhost 127.0.0.1O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - D:\Program Files\iMesh\iMesh5\iMeshBHO.dllO2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLLO2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dllO3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLLO4 - HKLM\..\RunServices: [RegisterDropHandler] D:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exeO4 - HKCU\..\Run: [Gadu-Gadu] "F:\Gadu-Gadu\gg.exe" /trayO4 - Global Startup: RaConfig.lnk = D:\WINDOWS\system32\RaConfig.exeO8 - Extra context menu item: Download All by FlashGet - D:\PROGRA~1\FLASHGET\jc_all.htmO8 - Extra context menu item: Download using FlashGet - D:\PROGRA~1\FLASHGET\jc_link.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{695EC3E2-030A-41A7-AC37-157D6BE6D40E}: NameServer = 69.50.161.131,85.255.112.14O17 - HKLM\System\CS1\Services\Tcpip\..\{695EC3E2-030A-41A7-AC37-157D6BE6D40E}: NameServer = 69.50.161.131,85.255.112.14O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

[tata1959]

witam

tak...log nr 1,do wywalenia:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=2594

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=2594

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=2594

 

O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\SYSTEM\HLWIN.DLL  (file missing)

 

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.161.131,85.255.112.14

log nr 2,do wywalenia :

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - D:\Program Files\iMesh\iMesh5\iMeshBHO.dll

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

 

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{695EC3E2-030A-41A7-AC37-157D6BE6D40E}: NameServer = 69.50.161.131,85.255.112.14

O17 - HKLM\System\CS1\Services\Tcpip\..\{695EC3E2-030A-41A7-AC37-157D6BE6D40E}: NameServer = 69.50.161.131,85.255.112.14

hm....017 to twoje DNS-y ....no co ty z Ukrainy jesteś :lol2:

 

pozdrawiam

 

.