czy wszystko ok z moim kompem?juź zedytowany–log poprawiony
moja maszyna świruje ostatnio i strasznie sie muli,czy ktos moglby sprawdzic loga?(mam nadzieje,ze zamieszczam to,co trzeba:))
a w załączniku problem z svchost...coś go za duźo u mnie...
Logfile of HijackThis v1.99.1
Scan saved at 16:17:08, on 2005–07–22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\netPanel\NetPanel.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Kasia\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – (no file)
O1 – Hosts: 64.91.255.87 www.dcsresearch.com
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: Quick! – {4E7BD74F–2B8D–469E–C0FF–FD67B79CAF2C} – C:\PROGRA~1\quickbar\quickbar.dll
O2 – BHO: IEHlprObj Class – {CE7C3CF0–4B15–11D1–ABED–709549C10000} – C:\Program Files\netPanel\IEHelper.dll
O2 – BHO: BrowserHelper Class – {EBCDDA60–2A68–11D3–8A43–0060083CFB9C} – C:\WINDOWS\system32\nzdd.dll
O3 – Toolbar: Quick! – {4E7BD74F–2B8D–469E–C0FF–FD67B79CAF2C} – C:\PROGRA~1\quickbar\quickbar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [netPanel] "C:\Program Files\netPanel\Starter.exe" /path="C:\Program Files\netPanel"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup –s
O4 – HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 – HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: Reboot.exe
O4 – Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Research – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110405280017
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
a w załączniku problem z svchost...coś go za duźo u mnie...
Logfile of HijackThis v1.99.1
Scan saved at 16:17:08, on 2005–07–22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\netPanel\NetPanel.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Kasia\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – (no file)
O1 – Hosts: 64.91.255.87 www.dcsresearch.com
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: Quick! – {4E7BD74F–2B8D–469E–C0FF–FD67B79CAF2C} – C:\PROGRA~1\quickbar\quickbar.dll
O2 – BHO: IEHlprObj Class – {CE7C3CF0–4B15–11D1–ABED–709549C10000} – C:\Program Files\netPanel\IEHelper.dll
O2 – BHO: BrowserHelper Class – {EBCDDA60–2A68–11D3–8A43–0060083CFB9C} – C:\WINDOWS\system32\nzdd.dll
O3 – Toolbar: Quick! – {4E7BD74F–2B8D–469E–C0FF–FD67B79CAF2C} – C:\PROGRA~1\quickbar\quickbar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [netPanel] "C:\Program Files\netPanel\Starter.exe" /path="C:\Program Files\netPanel"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup –s
O4 – HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 – HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: Reboot.exe
O4 – Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Research – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110405280017
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
Odpowiedzi: 3
Wyłączasz przywracanie
Odinstalowywujesz New.Net
Usuwasz z dysku wyboldowane pliki/katalogi, wpisy zaznaczasz i FIX:
Dobrze ze sie przypomniałas, bo jakos uwagi nie zwróciłem, źe post wyedytowany.
Odinstalowywujesz New.Net
Usuwasz z dysku wyboldowane pliki/katalogi, wpisy zaznaczasz i FIX:
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – (no file)
O1 – Hosts: 64.91.255.87 www.dcsresearch.com
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: Quick! – {4E7BD74F–2B8D–469E–C0FF–FD67B79CAF2C} – C:\PROGRA~1\quickbar\quickbar.dll
O2 – BHO: BrowserHelper Class – {EBCDDA60–2A68–11D3–8A43–0060083CFB9C} – C:\WINDOWS\system32\nzdd.dll
To niby od Reala, ale jednak mozna wykosić
O3 – Toolbar: Quick! – {4E7BD74F–2B8D–469E–C0FF–FD67B79CAF2C} – C:\PROGRA~1\quickbar\quickbar.dll
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup –s
O4 – Startup: Reboot.exe
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
Dobrze ze sie przypomniałas, bo jakos uwagi nie zwróciłem, źe post wyedytowany.
Chciałabym ponowic prośbę o sprawdzenie loga...czekam i czekam...nie źeby mi sie tak strasznie spieszyło,ale juź nie mam siły do tego mojego mulastego kompa!!! :evil:
Z góry wielkie thx!!!
Z góry wielkie thx!!!
Raz ze to Silent Runners lepszym rozwiazaniem jest HijackThis i pozniej ew. Silent, dwa to źe log nie jest dokonczony trzeba poczekać jak skrypt da znać ze skończył, trzy to widac na pierwszy rzut oka syfiastego NewDotNet
To tak na poczatek
BTW, zdecyduj się w którym temacie kontynuujesz, na jednym z nich bedzie kłódka.
To tak na poczatek
BTW, zdecyduj się w którym temacie kontynuujesz, na jednym z nich bedzie kłódka.
Strona 1 / 1