Problem z przegladarka IE?


(Przemek89k) #1

Witam mam taki problem od pewnego czasu, to znaczy od kilku dni mam taki problem przy kazdym otwarciu nowego okna przegladarki Internet Explorer ... uruchamia mi sie plik Iexplore.exe - widoczny jest jak daje ctr+alt+del... wiec gdy uruchomie przypuscmy 10 przegladarek IE - by wyswietlic na kazdej inna strone to tych pliczkow jest uruchomionych 10 ... pozatym jak zamkne okna przegladarki to te pliki zostaja i tak wkolko wkoncu sie ich robi 50 - w przypadku 50 otwarc przegladarki !!


(123448) #2

wklej log z Hijack this, może tam leży przyczyna


(boczi) #3

IE taki jest, że są z nim problemy :smiley:

http://www.hijackthis.prv.pl - zapoznaj się i wklej loga

http://www.browsehappy.pl


(Przemek89k) #4

Zatem zamieszczam tutaj loga ... kilka plikow juz usunalem ale ten problem wraca tzn. musze powiedziec ze ten wirus SE.dll takze wraca instaluje sie do tempa ...

Logfile of HijackThis v1.99.1

Scan saved at 15:32:07, on 05-02-19

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\MIXER.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

C:\WINDOWS\EXPLORER.EXE

C:\DOWNLOADS\HIJACKTHIS_199\HIJACKTHIS.EXE


O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\PROGRAM FILES\FLASHGET\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.crazywinnings.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: http://linktrader.cyberspacehq.com

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.crazywinnings.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted IP range: 69.50.161.82

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.globalphon.com/dialer/russia.CAB

O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://acces-direct.net/20222/adh1_sexarea.exe

(Qbek50) #5

do kasacji:

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.crazywinnings.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: http://linktrader.cyberspacehq.com

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.crazywinnings.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted IP range: 69.50.161.82

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)


(boczi) #6

Zrób to w trybie awaryjnym: [F8]

Usuwasz:

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.crazywinnings.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: http://linktrader.cyberspacehq.com

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.crazywinnings.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted IP range: 69.50.161.82

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.globalphon.com/dialer/russia.CAB

O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://acces-direct.net/20222/adh1_sexarea.exe

Potem daj na nowo loga.


(Musg) #7

jesli to usuniesz -to jestes bez netu

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

Naprawic naprawic a nie usunac :slight_smile:


(Damian) #8

To usuwa się programem LSP-fix


(boczi) #9

Dlatego musisz to usunąć, ale specjalnym narzędziem Lsp-Fix