Problem......
witam
mam problem tego typu iz po zamknieciu przegladarki internetowej wyskakuje cos takiego:
Acrobal IEHelper: iexplorer.exe – Bład aplikacji
Instrukcja spod "0x01aa3795" odwoluje sie do pamieci pod adresem "0x013af238". Pamiec nie moze byc "read"
Prosze o pomoc co to jest i jak sie tego pozbyc, tytaj jeszcze podaje logi z hijacka
Logfile of HijackThis v1.99.1
Scan saved at 11:50, on 2006–03–27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\PROemule\PROemule.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\Bec\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 – HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 – HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 – HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [EService] C:\Program Files\Common Files\System\EService\svchost.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra button: (no name) – SolidConverterPDF – (no file) (HKCU)
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7F3A5D23–0ACB–41B3–A868–9196F56B3153}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) – Unknown owner – C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
mam problem tego typu iz po zamknieciu przegladarki internetowej wyskakuje cos takiego:
Acrobal IEHelper: iexplorer.exe – Bład aplikacji
Instrukcja spod "0x01aa3795" odwoluje sie do pamieci pod adresem "0x013af238". Pamiec nie moze byc "read"
Prosze o pomoc co to jest i jak sie tego pozbyc, tytaj jeszcze podaje logi z hijacka
Logfile of HijackThis v1.99.1
Scan saved at 11:50, on 2006–03–27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\PROemule\PROemule.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\Bec\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 – HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 – HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 – HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [EService] C:\Program Files\Common Files\System\EService\svchost.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra button: (no name) – SolidConverterPDF – (no file) (HKCU)
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7F3A5D23–0ACB–41B3–A868–9196F56B3153}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) – Unknown owner – C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
Odpowiedzi: 4
Na razie moźesz tą kontrolkę wyłączyć w IE. Sugerowałbym spróbować przeinstalować Acrobata.
usunalem to i nic.
zastanawiajace jest to ze wyskakuje to tylko po tym jak cos wpisuje do wyszukiwarki, lub cos szukam na allegro i tylko pok explorerem.
pod opera jest wszystko ok.
co to teraz moze byc?
zastanawiajace jest to ze wyskakuje to tylko po tym jak cos wpisuje do wyszukiwarki, lub cos szukam na allegro i tylko pok explorerem.
pod opera jest wszystko ok.
co to teraz moze byc?
Nie licząc kupy niepotrzebnego badziewia od Realteka jeden wpis mnie zaciekawił:
Wiesz co to jest? Jeśli podszywa się pod svchosta to z reguły nic dobrego.
O4 – HKCU\..\Run: [EService] C:\Program Files\Common Files\System\EService\svchost.exe
Wiesz co to jest? Jeśli podszywa się pod svchosta to z reguły nic dobrego.
trojany usunalem avastem
pamiec ok
a to nadal sie pojawia.
podpowiedzcie co zrobic
pamiec ok
a to nadal sie pojawia.
podpowiedzcie co zrobic
Strona 1 / 1