Prosze o sprawdzenie Loga.Dziekuje


(Haha) #1

Witam.Prosze o sprawdzenie loga.. gdy norton mi przeskanował dyski nie umiał usunąć takich plików jak:

Źródło: C:\Program Files\NewDotNet\uninstall7_14.exe

Opis: Plik C:\Program Files\NewDotNet\uninstall7_14.exe to zagrożenie Adware.

Źródło: C:\WINDOWS\NDNuninstall6_98.exe

Opis: Plik C:\WINDOWS\NDNuninstall6_98.exe to zagrożenie Adware.

Źródło: C:\Program Files\NewDotNet\newdotnet7_14.dll

Opis: Plik C:\Program Files\NewDotNet\newdotnet7_14.dll to zagrożenie Adware.

Źródło: C:\WINDOWS\NDNuninstall7_14.exe

Opis: Plik C:\WINDOWS\NDNuninstall7_14.exe to zagrożenie Adware.

Źródło: C:\WINDOWS\system32\rlvknlg.exe

Opis: Plik C:\WINDOWS\system32\rlvknlg.exe to zagrożenie Spyware.

Źródło: C:\WINDOWS\system32\rk.bin

Opis: Plik C:\WINDOWS\system32\rk.bin to zagrożenie Spyware.

Źródło: C:\WINDOWS\system32\rlls.dll

Opis: Plik C:\WINDOWS\system32\rlls.dll to zagrożenie Spyware.

daje Loga:

Logfile of HijackThis v1.99.1 

Scan saved at 18:53:07, on 2006-01-27 

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 


Running processes: 

C:\WINDOWS\System32\smss.exe 

C:\WINDOWS\system32\winlogon.exe 

C:\WINDOWS\system32\services.exe 

C:\WINDOWS\system32\lsass.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\System32\svchost.exe 

C:\WINDOWS\Explorer.EXE 

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe 

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 

C:\WINDOWS\system32\spoolsv.exe 

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe 

C:\Program Files\Common Files\Symantec Shared\ccApp.exe 

C:\WINDOWS\system32\rundll32.exe 

C:\windows\system32\rlvknlg.exe 

C:\WINDOWS\system32\ctfmon.exe 

C:\WINDOWS\system32\RUNDLL32.EXE 

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 

C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe 

C:\Program Files\Zone Labs\ZoneAlarm\zapro.GID 

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe 

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe 

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE 

C:\WINDOWS\System32\nvsvc32.exe 

C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE 

C:\WINDOWS\System32\svchost.exe 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 

C:\WINDOWS\system32\ZoneLabs\vsmon.exe 

C:\Program Files\DC++\DCPlusPlus.exe 

C:\Program Files\Gadu-Gadu\gg.exe 

C:\Program Files\WinRAR\WinRAR.exe 

C:\DOCUME~1\Jacek\USTAWI~1\Temp\Rar$EX00.078\HijackThis.exe 

C:\Program Files\Messenger\msmsgs.exe 


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza 

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file) 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx 

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll 

O2 - BHO: (no name) - {D571BB31-16A6-4BD0-A322-4A62DF8A6368} - (no file) 

O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file) 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll 

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup 

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" 

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer 

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 

O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot 

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit 

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray 

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz 

O4 - Global Startup: BTTray.lnk = ? 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE 

O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe 

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm 

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm 

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm 

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm 

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O15 - Trusted Zone: http://skaner.mks.com.pl 

O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab 

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_63.cab 

O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002 Plk\InstFred.ocx 

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab 

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129033870625 

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://C:\Program Files\AutoCAD LT 2002 Plk\AcDcToday.ocx 

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab 

O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002 Plk\InstBanr.ocx 

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab 

O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab 

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002 Plk\AcPreview.ocx 

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab 

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab 

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe 

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe 

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe 

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe 

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe 

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe 

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

(Gutek) #2

  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  4. Skasować z dysku plik i folder, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:

Usun rowniez ten pliki nie usuniete przez Nortona

Odpal LSP-Fix zaznacz "I know what I'm doing" następnie w okienku Keep zaznacz plik newdotnet7_14.dll i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish


(Kuz5) #3

Log wyglada ok