Brak aktualizacji definicji wirusów
Coś się dzieje z komputerem bo po włączeniu systemu wyświetla się komunikat źe komp.jest źle chroniony,brak aktualnej bazy wirusów.Mam winXP prof.Norton AntiVirus.Po uruchomieniu LiveUpdate okazuje się źe baza wirusów aktualna.Sprawdziłem system progr Ad–Avare oraz Spybot–Search,ostatnie skanowanie systemu Nortonem wczoraj i nic nie znalazłem.
proszę o sprawdzenie log
Logfile of HijackThis v1.99.1
Scan saved at 18:57:52, on 2005–09–19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\drivers\crauto.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\drivers\IMountSRV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sp2fzw\Pulpit\Naprawa\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegro.pl/showcat.php?id=5061&order=t&view=gtext
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:\Pliki naprawcze\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar4.dll
O2 – BHO: CNavExtBho Class – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar4.dll
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup –s
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar4.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107908481889
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://www.creative.com/su/ocx/15010/CTPID.cab
O18 – Protocol: wpmsg – {2E0AC5A0–3597–11D6–B3ED–0001021DC1C3} – C:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: crauto – Unknown owner – C:\WINDOWS\System32\drivers\crauto.exe
O23 – Service: Diskeeper – Executive Software International, Inc. – C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 – Service: IMountSRV – Unknown owner – C:\WINDOWS\System32\drivers\IMountSRV.exe
O23 – Service: InCD Helper (InCDsrv) – Nero AG – C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: PMounter – Unknown owner – C:\WINDOWS\system32\PMounter.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
proszę o sprawdzenie log
Logfile of HijackThis v1.99.1
Scan saved at 18:57:52, on 2005–09–19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\drivers\crauto.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\drivers\IMountSRV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sp2fzw\Pulpit\Naprawa\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegro.pl/showcat.php?id=5061&order=t&view=gtext
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:\Pliki naprawcze\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar4.dll
O2 – BHO: CNavExtBho Class – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar4.dll
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup –s
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar4.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107908481889
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://www.creative.com/su/ocx/15010/CTPID.cab
O18 – Protocol: wpmsg – {2E0AC5A0–3597–11D6–B3ED–0001021DC1C3} – C:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: crauto – Unknown owner – C:\WINDOWS\System32\drivers\crauto.exe
O23 – Service: Diskeeper – Executive Software International, Inc. – C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 – Service: IMountSRV – Unknown owner – C:\WINDOWS\System32\drivers\IMountSRV.exe
O23 – Service: InCD Helper (InCDsrv) – Nero AG – C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: PMounter – Unknown owner – C:\WINDOWS\system32\PMounter.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Odpowiedzi: 4
Prosze bardzo.
Wszystko ok.Dzięki EL NINO –pozdrawiam
Co napisalem w poscie do ktorego dostales link ? Uzyc www.google.comhenry:
Nie wiem co zrobić z:
...
crauto.exe i IMountSRV.exe sa z Paragon Software, czyli nic groznego.
Wykonaj ponownie log i porownaj do pierwszego, poddaj znowu analizie na stronce. Zobaczysz czy cos przypadkiem nie wraca.
Masz NewDotNeta –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Strona 1 / 1