NewDotNet
usuwałem wirusa VBS:Redlof spod WinMe i usunelem takźe pliki z folderu NewDotNet na partycji d gdzie mam Win XP.teraz przy uruchomieniu WinXP otrzymuje komunikat :"wystopił błąd podczas ładowania D:/program Files/NewDotNet 1/NewDotNet 3dll."–i dalej tak jak bym mial zablokowany internet,niby jestem połączony a nie moge otwierac stron czy pobierac danych. :?
Odpowiedzi: 5
Zakoncz w tasku:
TBPS.exe
PIB.exe
Wyłacz przywracanie
Usun z HDD (byc moze trzeba w safe mode):
foldery:
Napraw:
Czy w tej lokalizacji masz HijackThis??
:arrow: D:DOCUME~1BacaUSTAWI~1TempRar$EX00.141HijackThis.exe
To Twoj program??
Jesli nie to zamknij procesy
odinstaluj program/wywal katalog
Włacz Przywracanie
TBPS.exe
PIB.exe
Wyłacz przywracanie
Usun z HDD (byc moze trzeba w safe mode):
foldery:
- D:Program FilesQuickSearch
- D:PROGRAM FILESToolbar
- D:PROGRA~1COMMON~1WinTools
- D:Program FilesWeb_Rebates
- D:program files
ewdotnet
- D:Program FilesQuickSearch
- D:PROGRA~1COMMON~1WinTools
- D:PROGRA~1Toolbar
Napraw:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = res://D:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = res://D:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = £¹cza
R3 – URLSearchHook: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – D:PROGRA~1Toolbar oolbar.dll
O2 – BHO: QuickSearch SearchBar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – D:Program FilesQuickSearchQuickSearchBar3_28.dll
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – D:PROGRA~1COMMON~1WinToolsWToolsB.dll
O2 – BHO: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – D:PROGRA~1Toolbar oolbar.dll
O3 – Toolbar: &Search Toolbar – {339BB23F–A864–48C0–A59F–29EA915965EC} – D:PROGRA~1Toolbar oolbar.dll
O3 – Toolbar: QuickSearch SearchBar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – D:Program FilesQuickSearchQuickSearchBar3_28.dll
O4 – HKLM..Run: [TBPS] D:PROGRA~1ToolbarTBPS.exe
O4 – HKLM..Run: [WinTools] D:PROGRA~1COMMON~1WinToolsWToolsA.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [WebRebates0] "D:Program FilesWeb_RebatesWebRebates0.exe"
O8 – Extra context menu item: Web Rebates – file://D:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O10 – Broken Internet access because of LSP provider 'd:program files ewdotnet ewdotnet6_38–1.dll' missing
O18 – Protocol: tpro – {FF76A5DA–6158–4439–99FF–EDC1B3FE100C} – D:PROGRA~1Toolbar oolbar.dll
Czy w tej lokalizacji masz HijackThis??
:arrow: D:DOCUME~1BacaUSTAWI~1TempRar$EX00.141HijackThis.exe
To Twoj program??
D:Program FilesDU Super ControlerDUSuperControler.exe
D:Program FilesDU Super ControlerDUSuperControler.exe
O4 – Global Startup: DUSuperControler.lnk = D:Program FilesDU Super ControlerDUSuperControler.exe
Jesli nie to zamknij procesy
odinstaluj program/wywal katalog
Włacz Przywracanie
przeskanowałem jeszcze adaware i spybot–wszysko co znalazły udało mi sie usunąc no ale niestety bez efektu dla korzystania z neta.A to mój log:
Logfile of HijackThis v1.98.2
Scan saved at 18:59:18, on 2004–10–28
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D:Program FilesTGTSoftStyleXPStyleXPService.exe
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSExplorer.EXE
D:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
D:Program FilesAlwil SoftwareAvast4ashServ.exe
D:WINDOWSSystem32CTsvcCDA.EXE
D:WINDOWSSystem32 vsvc32.exe
D:WINDOWSSystem32MsPMSPSv.exe
D:PROGRA~1ToolbarTBPS.exe
D:PROGRA~1ALWILS~1Avast4ashDisp.exe
D:PROGRA~1ALWILS~1Avast4ashmaisv.exe
D:WINDOWSSystem32CTHELPER.EXE
D:Program FilesD–Toolsdaemon.exe
D:PROGRA~1ToolbarPIB.exe
D:WINDOWSSystem32RUNDLL32.EXE
D:WINDOWSSystem32ctfmon.exe
D:Program FilesGadu–Gadugg.exe
D:Program FilesTlen.pl len.exe
D:Program FilesDU Super ControlerDUSuperControler.exe
D:Program FilesDU Super ControlerDUSuperControler.exe
D:Program FilesMP3DancerMP3Dancer.exe
D:WINDOWSSystem32dwwin.exe
D:Program FilesOperaopera.exe
D:WINDOWSSystem32wuauclt.exe
D:Program FilesWinRARWinRAR.exe
D:DOCUME~1BacaUSTAWI~1TempRar$EX00.141HijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = res://D:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = res://D:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = £¹cza
R3 – URLSearchHook: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – D:PROGRA~1Toolbar oolbar.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:Program FilesSpybot – Search & DestroySDHelper.dll
O2 – BHO: QuickSearch SearchBar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – D:Program FilesQuickSearchQuickSearchBar3_28.dll
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – D:PROGRA~1COMMON~1WinToolsWToolsB.dll
O2 – BHO: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – D:PROGRA~1Toolbar oolbar.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:PROGRA~1FLASHGETjccatch.dll
O2 – BHO: TGTSoft Explorer Toolbar Changer – {C333CF63–767F–4831–94AC–E683D962C63C} – D:Program FilesTGTSoftStyleXPTGT_BHO.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETfgiebar.dll
O3 – Toolbar: &Search Toolbar – {339BB23F–A864–48C0–A59F–29EA915965EC} – D:PROGRA~1Toolbar oolbar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: QuickSearch SearchBar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – D:Program FilesQuickSearchQuickSearchBar3_28.dll
O4 – HKLM..Run: [TBPS] D:PROGRA~1ToolbarTBPS.exe
O4 – HKLM..Run: [WinTools] D:PROGRA~1COMMON~1WinToolsWToolsA.exe
O4 – HKLM..Run: [avast!] D:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [ashMaiSv] D:PROGRA~1ALWILS~1Avast4ashmaisv.exe
O4 – HKLM..Run: [CTHelper] CTHELPER.EXE
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [WebRebates0] "D:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [DAEMON Tools–1033] "D:Program FilesD–Toolsdaemon.exe" –lang 1033
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE D:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKCU..Run: [CTFMON.EXE] D:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "D:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Komunikator] D:Program FilesTlen.pl len.exe
O4 – HKCU..Run: [STYLEXP] D:Program FilesTGTSoftStyleXPStyleXP.exe –Hide
O4 – Startup: MP3 Dancer.lnk = D:Program FilesMP3DancerMP3Dancer.exe
O4 – Global Startup: DUSuperControler.lnk = D:Program FilesDU Super ControlerDUSuperControler.exe
O8 – Extra context menu item: Web Rebates – file://D:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O8 – Extra context menu item: Œci¹gnij przy pomocy FlashGet'a – D:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Œci¹gnij wszystko przy pomocy FlashGet'a – D:Program FilesFlashGetjc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETflashget.exe
O10 – Broken Internet access because of LSP provider 'd:program files ewdotnet ewdotnet6_38–1.dll' missing
O17 – HKLMSystemCCSServicesTcpip..{BDD3E422–6970–43EA–B0E9–FF19432284BA}: NameServer = 194.204.152.34 194.204.159.1
O18 – Protocol: tpro – {FF76A5DA–6158–4439–99FF–EDC1B3FE100C} – D:PROGRA~1Toolbar oolbar.dll
[/url]
Logfile of HijackThis v1.98.2
Scan saved at 18:59:18, on 2004–10–28
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D:Program FilesTGTSoftStyleXPStyleXPService.exe
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSExplorer.EXE
D:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
D:Program FilesAlwil SoftwareAvast4ashServ.exe
D:WINDOWSSystem32CTsvcCDA.EXE
D:WINDOWSSystem32 vsvc32.exe
D:WINDOWSSystem32MsPMSPSv.exe
D:PROGRA~1ToolbarTBPS.exe
D:PROGRA~1ALWILS~1Avast4ashDisp.exe
D:PROGRA~1ALWILS~1Avast4ashmaisv.exe
D:WINDOWSSystem32CTHELPER.EXE
D:Program FilesD–Toolsdaemon.exe
D:PROGRA~1ToolbarPIB.exe
D:WINDOWSSystem32RUNDLL32.EXE
D:WINDOWSSystem32ctfmon.exe
D:Program FilesGadu–Gadugg.exe
D:Program FilesTlen.pl len.exe
D:Program FilesDU Super ControlerDUSuperControler.exe
D:Program FilesDU Super ControlerDUSuperControler.exe
D:Program FilesMP3DancerMP3Dancer.exe
D:WINDOWSSystem32dwwin.exe
D:Program FilesOperaopera.exe
D:WINDOWSSystem32wuauclt.exe
D:Program FilesWinRARWinRAR.exe
D:DOCUME~1BacaUSTAWI~1TempRar$EX00.141HijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = res://D:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = res://D:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = £¹cza
R3 – URLSearchHook: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – D:PROGRA~1Toolbar oolbar.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:Program FilesSpybot – Search & DestroySDHelper.dll
O2 – BHO: QuickSearch SearchBar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – D:Program FilesQuickSearchQuickSearchBar3_28.dll
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – D:PROGRA~1COMMON~1WinToolsWToolsB.dll
O2 – BHO: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – D:PROGRA~1Toolbar oolbar.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:PROGRA~1FLASHGETjccatch.dll
O2 – BHO: TGTSoft Explorer Toolbar Changer – {C333CF63–767F–4831–94AC–E683D962C63C} – D:Program FilesTGTSoftStyleXPTGT_BHO.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETfgiebar.dll
O3 – Toolbar: &Search Toolbar – {339BB23F–A864–48C0–A59F–29EA915965EC} – D:PROGRA~1Toolbar oolbar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: QuickSearch SearchBar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – D:Program FilesQuickSearchQuickSearchBar3_28.dll
O4 – HKLM..Run: [TBPS] D:PROGRA~1ToolbarTBPS.exe
O4 – HKLM..Run: [WinTools] D:PROGRA~1COMMON~1WinToolsWToolsA.exe
O4 – HKLM..Run: [avast!] D:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [ashMaiSv] D:PROGRA~1ALWILS~1Avast4ashmaisv.exe
O4 – HKLM..Run: [CTHelper] CTHELPER.EXE
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [WebRebates0] "D:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [DAEMON Tools–1033] "D:Program FilesD–Toolsdaemon.exe" –lang 1033
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE D:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKCU..Run: [CTFMON.EXE] D:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "D:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Komunikator] D:Program FilesTlen.pl len.exe
O4 – HKCU..Run: [STYLEXP] D:Program FilesTGTSoftStyleXPStyleXP.exe –Hide
O4 – Startup: MP3 Dancer.lnk = D:Program FilesMP3DancerMP3Dancer.exe
O4 – Global Startup: DUSuperControler.lnk = D:Program FilesDU Super ControlerDUSuperControler.exe
O8 – Extra context menu item: Web Rebates – file://D:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O8 – Extra context menu item: Œci¹gnij przy pomocy FlashGet'a – D:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Œci¹gnij wszystko przy pomocy FlashGet'a – D:Program FilesFlashGetjc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETflashget.exe
O10 – Broken Internet access because of LSP provider 'd:program files ewdotnet ewdotnet6_38–1.dll' missing
O17 – HKLMSystemCCSServicesTcpip..{BDD3E422–6970–43EA–B0E9–FF19432284BA}: NameServer = 194.204.152.34 194.204.159.1
O18 – Protocol: tpro – {FF76A5DA–6158–4439–99FF–EDC1B3FE100C} – D:PROGRA~1Toolbar oolbar.dll
[/url]
Baca777:
usunołem klucze i przy uruchomieniu nie ma juź komunikatu ale korzystanie z neta jest nadal niemoźliwe :?
Wklej loga z HijackThisa
Mozliwe ze cos zostało po NewDotNet albo przyplataly sie jakies inne smieci
usunołem klucze i przy uruchomieniu nie ma juź komunikatu ale korzystanie z neta jest nadal niemoźliwe :?
Wyłącz przywracanie systemu w WinXP i usuń następujące klucze z rejestru :
HKEY_CLASSES_ROOTCLSID – usunąć
4A2AACF3–ADF6–11D5–98A9–00E018981B9E
HKEY_CLASSES_ROOTCLSID – usunąć
DD521A1D–1F98–11D4–9676–00E018981B9E
HKEY_CLASSES_ROOTCLSID – usunąć
DD770A75–CE18–11D5–98D8–00E018981B9E
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun – usunąć
NewDotNet
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects – usunąć
4A2AACF3–ADF6–11D5–98A9–00E018981B9E
HKLMSoftware – usunąć NewDotNet
HKCR – usunąć tldctl2
Moźesz takźe uźyć tego narzędzia :
:arrow: http://www.new.net/support/uninstall6_38.exe.
HKEY_CLASSES_ROOTCLSID – usunąć
4A2AACF3–ADF6–11D5–98A9–00E018981B9E
HKEY_CLASSES_ROOTCLSID – usunąć
DD521A1D–1F98–11D4–9676–00E018981B9E
HKEY_CLASSES_ROOTCLSID – usunąć
DD770A75–CE18–11D5–98D8–00E018981B9E
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun – usunąć
NewDotNet
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects – usunąć
4A2AACF3–ADF6–11D5–98A9–00E018981B9E
HKLMSoftware – usunąć NewDotNet
HKCR – usunąć tldctl2
Moźesz takźe uźyć tego narzędzia :
:arrow: http://www.new.net/support/uninstall6_38.exe.
Strona 1 / 1