Log do sprawdzenia

Dla specjalistów Bezpieczeństwo
#1

komputer troche zwolnil

Logfile of HijackThis v1.99.1

Scan saved at 16:46:04, on 2006-02-08

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

E:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\rundll32.exe

e:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

e:\Program Files\Alwil Software\Avast4\ashWebSv.exe

e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe

E:\Program Files\BearShare\BearShare.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Tomasz\Pulpit\hijackt9his\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll

O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O8 - Extra context menu item: &Download by NetAnts - E:\PROGRA~1\NetAnts\NAGet.htm

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html

O8 - Extra context menu item: Download &All by NetAnts - E:\PROGRA~1\NetAnts\NAGetAll.htm

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html

O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe

O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - e:\Program Files\IrfanView\Ebay\Ebay.htm

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D7E98A69-0A83-464A-8E07-DC142473D6ED}: NameServer = 192.168.3.1,193.193.75.1

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

wiem ze to jest zle:

O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM…\Run: [TkBellExe] "C:\Program Files\Common

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

ale jak to zmazac bo powraca ,moze potrzeba jakis program?

#2

w trybie awaryjnym usun wpisy a folder recznie usuń

Odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik newdotnet7_22.dll i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish

#3

ten wpis tez jest lewy?

O4 - HKLM…\Run: [TkBellExe] "C:\Program Files\Common

dlaczego trzeba z trybu awaryjnego a jak zmaze normalnie to co sie stanie ? POwruci?

#4

Nie usuniesz w trybie tzw. normalnym :wink:

od Realteka wpis jest ok :wink: