Nie mogę uzunąć złośliwych plików
W laptopie córki czyściłem system(WinXP Prof)
W logu HijackThis znalazłem złośliwe pliki które nie mogę usunąć.
A oto log:
Logfile of HijackThis v1.99.1
Scan saved at 11:15:33, on 2006–01–07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Piotr\Pulpit\NAPRAWCZE\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [WOOKIT] C:\Program Files\Neostrada TP\NeostradaTP.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Odkurzacz–MCD] E:\Programy naprawcze\Odkurzacz 10.1 Pro\odk_mcd.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O15 – Trusted Zone: http://skaner.mks.com.pl
O16 – DPF: {65D72393–E210–4A2A–B8E0–10AC45986770} – http://megapanel.gem.pl/WebInstaller.dll
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{C5411E4E–70E1–4F71–ABAA–73EF50C1CF85}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 – Winlogon Notify: WRNotifier – C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 – Service: Webroot Spy Sweeper Engine (svcWRSSSDK) – Webroot Software, Inc. – C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Sprawdzałem na stronie http://www.hijackthis.de/en gdzie pliki wykazane jako "nasty"ale nie mogę ich wyfixować.Proszę o poradę
W logu HijackThis znalazłem złośliwe pliki które nie mogę usunąć.
A oto log:
Logfile of HijackThis v1.99.1
Scan saved at 11:15:33, on 2006–01–07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Piotr\Pulpit\NAPRAWCZE\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [WOOKIT] C:\Program Files\Neostrada TP\NeostradaTP.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Odkurzacz–MCD] E:\Programy naprawcze\Odkurzacz 10.1 Pro\odk_mcd.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O15 – Trusted Zone: http://skaner.mks.com.pl
O16 – DPF: {65D72393–E210–4A2A–B8E0–10AC45986770} – http://megapanel.gem.pl/WebInstaller.dll
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{C5411E4E–70E1–4F71–ABAA–73EF50C1CF85}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 – Winlogon Notify: WRNotifier – C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 – Service: Webroot Spy Sweeper Engine (svcWRSSSDK) – Webroot Software, Inc. – C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Sprawdzałem na stronie http://www.hijackthis.de/en gdzie pliki wykazane jako "nasty"ale nie mogę ich wyfixować.Proszę o poradę
Odpowiedzi: 8
Zobacz tu podobny problem miał user
http://www.searchengines.pl/phpbb203/index.php?showtopic=23317&hl=autoprotect
http://www.searchengines.pl/phpbb203/index.php?showtopic=23317&hl=autoprotect
Dzięki Wiewa. Norton antywirus – funkcja "autoprotect" w dalszym ciągu nie mogę załączyć,ale to nie problem przeinstaluję go i na pewno będzie ok. Jeszcze raz dzięki i do następnego....
Jest ok :)
Usunąłem zgodnie z sugestią zapisy w kluczu
A oto log:
Logfile of HijackThis v1.99.1
Scan saved at 19:00:12, on 2006–01–10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
E:\Kalendarz XP\Kalendarz.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\English Translator 3.1 [polish]\HANDYDICT.EXE
C:\Documents and Settings\Piotr\Pulpit\NAPRAWCZE\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [WOOKIT] C:\Program Files\Neostrada TP\NeostradaTP.exe
O4 – Global Startup: Kalendarz XP.lnk = E:\Kalendarz XP\Kalendarz.exe
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Si&milar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O17 – HKLM\System\CCS\Services\Tcpip\..\{C5411E4E–70E1–4F71–ABAA–73EF50C1CF85}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Oraz log:
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WOOKIT" = "C:\Program Files\Neostrada TP\NeostradaTP.exe" ["France Tlcom R&D"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{AA58ED58–01DD–4d91–8333–CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{e57ce731–33e8–4c51–8354–bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{0A082D00–EC93–11D0–B1E6–80580BC10627}" = "Corel Media Folder Root Menu Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{0FBF99C1–4127–11D1–B1E6–C17E96D9180A}" = "Folder To Corel Media Folder Menu Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{854AF161–1AE1–11D1–AB9B–00C0F00683EB}" = "Corel Media Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{E856F161–1AE5–11d1–AB9B–00C0F00683EB}" = "Corel Media Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{CDB89701–262F–11D1–AB9C–00C0F00683EB}" = "Corel Media Find Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{F8152501–455F–11D1–B1E6–444553540000}" = "Corel Media Folder Copy Hook Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{8E524B0D–04F0–11D1–B74A–00A0C90646A4}" = "IconFactTemp.NSIconHandlerFactory"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CNSFlt80.dll" ["Corel Corporation"]
"{A2AC368A–F883–11D0–B745–00A0C90646A4}" = "NSFiltManDll.FiltManCom"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CNSFlt80.dll" ["Corel Corporation"]
"{B63FCD5A–2396–11D1–B762–00A0C90646A4}" = "*g" (unwritable string)
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFnd80.dll" ["Corel Corporation"]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
FolderToCorelMediaFolder\(Default) = "{0FBF99C1–4127–11D1–B1E6–C17E96D9180A}"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS]
Startup items in "Piotr" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Kalendarz XP" –> shortcut to: "E:\Kalendarz XP\Kalendarz.exe" [null data]
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Norton AntiVirus – Skanuj komputer" –> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" –> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 04, 07 – 29
%SystemRoot%\system32\rsvpsp.dll [MS], 05 – 06
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{01002DB2–8170–4D9B–A8B1–DDC9DD114E03}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27–C764–4E1A–A6F4–62F7A7E5E51C}\ = "ToolBand Class"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0–931E–4A4F–B33F–456D07137EAA}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Password Validation Service, ccPwdSvc, ""C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
Usługa Auto–Protect w programie Norton AntiVirus, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Usługa Pomocnik IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe –k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 42 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 14 seconds.
–––––––––– (total run time: 81 seconds)
A oto log:
Logfile of HijackThis v1.99.1
Scan saved at 19:00:12, on 2006–01–10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
E:\Kalendarz XP\Kalendarz.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\English Translator 3.1 [polish]\HANDYDICT.EXE
C:\Documents and Settings\Piotr\Pulpit\NAPRAWCZE\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [WOOKIT] C:\Program Files\Neostrada TP\NeostradaTP.exe
O4 – Global Startup: Kalendarz XP.lnk = E:\Kalendarz XP\Kalendarz.exe
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Si&milar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O17 – HKLM\System\CCS\Services\Tcpip\..\{C5411E4E–70E1–4F71–ABAA–73EF50C1CF85}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Oraz log:
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WOOKIT" = "C:\Program Files\Neostrada TP\NeostradaTP.exe" ["France Tlcom R&D"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{AA58ED58–01DD–4d91–8333–CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{e57ce731–33e8–4c51–8354–bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{0A082D00–EC93–11D0–B1E6–80580BC10627}" = "Corel Media Folder Root Menu Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{0FBF99C1–4127–11D1–B1E6–C17E96D9180A}" = "Folder To Corel Media Folder Menu Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{854AF161–1AE1–11D1–AB9B–00C0F00683EB}" = "Corel Media Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{E856F161–1AE5–11d1–AB9B–00C0F00683EB}" = "Corel Media Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{CDB89701–262F–11D1–AB9C–00C0F00683EB}" = "Corel Media Find Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{F8152501–455F–11D1–B1E6–444553540000}" = "Corel Media Folder Copy Hook Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{8E524B0D–04F0–11D1–B74A–00A0C90646A4}" = "IconFactTemp.NSIconHandlerFactory"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CNSFlt80.dll" ["Corel Corporation"]
"{A2AC368A–F883–11D0–B745–00A0C90646A4}" = "NSFiltManDll.FiltManCom"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CNSFlt80.dll" ["Corel Corporation"]
"{B63FCD5A–2396–11D1–B762–00A0C90646A4}" = "*g" (unwritable string)
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFnd80.dll" ["Corel Corporation"]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
FolderToCorelMediaFolder\(Default) = "{0FBF99C1–4127–11D1–B1E6–C17E96D9180A}"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS]
Startup items in "Piotr" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Kalendarz XP" –> shortcut to: "E:\Kalendarz XP\Kalendarz.exe" [null data]
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Norton AntiVirus – Skanuj komputer" –> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" –> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 04, 07 – 29
%SystemRoot%\system32\rsvpsp.dll [MS], 05 – 06
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{01002DB2–8170–4D9B–A8B1–DDC9DD114E03}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27–C764–4E1A–A6F4–62F7A7E5E51C}\ = "ToolBand Class"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0–931E–4A4F–B33F–456D07137EAA}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Password Validation Service, ccPwdSvc, ""C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
Usługa Auto–Protect w programie Norton AntiVirus, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Usługa Pomocnik IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe –k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 42 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 14 seconds.
–––––––––– (total run time: 81 seconds)
Proszę otworzyć edytor rejestru Start >>> Uruchom >>> regedit i przejść do klucza HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager Tam kliknąć podwójnie na wartość BootExecute i z okienka usunąć wszystko z wyjątkiem autocheck autochk *.
Po tym daj log z hijacka i silenta jeszcze raz
Po tym daj log z hijacka i silenta jeszcze raz
Dzięki Ci Wiewia.Tak niewiele a jak pomogło.Czytałem dość duźo na ten temat ale Twój post najbardziej mi pomógł.Teraz wydaje mi się źe podczas czyszczenia systemu, programy pousuwały mi wszystkie wpisy w autostarcie.Nortona antywirusa nie mogę załączyć.Czyźby jeszcze coś nie tak?
Na wszelki wypadek wrzucam log SilentRunners na którym się wogóle nie znam:
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{e57ce731–33e8–4c51–8354–bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{0A082D00–EC93–11D0–B1E6–80580BC10627}" = "Corel Media Folder Root Menu Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{0FBF99C1–4127–11D1–B1E6–C17E96D9180A}" = "Folder To Corel Media Folder Menu Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{854AF161–1AE1–11D1–AB9B–00C0F00683EB}" = "Corel Media Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{E856F161–1AE5–11d1–AB9B–00C0F00683EB}" = "Corel Media Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{CDB89701–262F–11D1–AB9C–00C0F00683EB}" = "Corel Media Find Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{F8152501–455F–11D1–B1E6–444553540000}" = "Corel Media Folder Copy Hook Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{8E524B0D–04F0–11D1–B74A–00A0C90646A4}" = "IconFactTemp.NSIconHandlerFactory"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CNSFlt80.dll" ["Corel Corporation"]
"{A2AC368A–F883–11D0–B745–00A0C90646A4}" = "NSFiltManDll.FiltManCom"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CNSFlt80.dll" ["Corel Corporation"]
"{B63FCD5A–2396–11D1–B762–00A0C90646A4}" = "*g" (unwritable string)
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFnd80.dll" ["Corel Corporation"]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
FolderToCorelMediaFolder\(Default) = "{0FBF99C1–4127–11D1–B1E6–C17E96D9180A}"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS]
Startup items in "Piotr" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Kalendarz XP" –> shortcut to: "E:\Kalendarz XP\Kalendarz.exe" [null data]
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Norton AntiVirus – Skanuj komputer" –> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" –> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 04, 07 – 29
%SystemRoot%\system32\rsvpsp.dll [MS], 05 – 06
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{01002DB2–8170–4D9B–A8B1–DDC9DD114E03}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27–C764–4E1A–A6F4–62F7A7E5E51C}\ = "ToolBand Class"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0–931E–4A4F–B33F–456D07137EAA}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Password Validation Service, ccPwdSvc, ""C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
Usługa Auto–Protect w programie Norton AntiVirus, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Usługa Pomocnik IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe –k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 35 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 10 seconds.
–––––––––– (total run time: 69 seconds)
Proszę o sprawdzenie czy coś nie zostało
Na wszelki wypadek wrzucam log SilentRunners na którym się wogóle nie znam:
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{e57ce731–33e8–4c51–8354–bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{0A082D00–EC93–11D0–B1E6–80580BC10627}" = "Corel Media Folder Root Menu Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{0FBF99C1–4127–11D1–B1E6–C17E96D9180A}" = "Folder To Corel Media Folder Menu Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{854AF161–1AE1–11D1–AB9B–00C0F00683EB}" = "Corel Media Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{E856F161–1AE5–11d1–AB9B–00C0F00683EB}" = "Corel Media Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{CDB89701–262F–11D1–AB9C–00C0F00683EB}" = "Corel Media Find Folder"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{F8152501–455F–11D1–B1E6–444553540000}" = "Corel Media Folder Copy Hook Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
"{8E524B0D–04F0–11D1–B74A–00A0C90646A4}" = "IconFactTemp.NSIconHandlerFactory"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CNSFlt80.dll" ["Corel Corporation"]
"{A2AC368A–F883–11D0–B745–00A0C90646A4}" = "NSFiltManDll.FiltManCom"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CNSFlt80.dll" ["Corel Corporation"]
"{B63FCD5A–2396–11D1–B762–00A0C90646A4}" = "*g" (unwritable string)
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFnd80.dll" ["Corel Corporation"]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
FolderToCorelMediaFolder\(Default) = "{0FBF99C1–4127–11D1–B1E6–C17E96D9180A}"
–> {CLSID}\InProcServer32\(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS]
Startup items in "Piotr" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Kalendarz XP" –> shortcut to: "E:\Kalendarz XP\Kalendarz.exe" [null data]
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Norton AntiVirus – Skanuj komputer" –> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" –> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 04, 07 – 29
%SystemRoot%\system32\rsvpsp.dll [MS], 05 – 06
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{01002DB2–8170–4D9B–A8B1–DDC9DD114E03}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27–C764–4E1A–A6F4–62F7A7E5E51C}\ = "ToolBand Class"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0–931E–4A4F–B33F–456D07137EAA}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Password Validation Service, ccPwdSvc, ""C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
Usługa Auto–Protect w programie Norton AntiVirus, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Usługa Pomocnik IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe –k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 35 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 10 seconds.
–––––––––– (total run time: 69 seconds)
Proszę o sprawdzenie czy coś nie zostało
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
Wyłącz przywracanie systemu. Uruchom kompa w trybie awaryjnym
Odpalasz narzędzie LSP–Fix zaznacz "I know what I'm doing" następnie w okienku Keep zaznacz plik newdotnet6_38.dll(prawdopodobnie taki albo bedzie maił 3, 7 ale z napisem newdotnet...) i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish
Nie ma sensu pisać po raz setny więc poczytaj tu:
http://www.google.pl/search?hl=pl&q=+Hijacked+Internet+access+by+New.Net&btnG=Szukaj+w+Google&lr=lang_pl
http://www.google.pl/search?hl=pl&q=+Hijacked+Internet+access+by+New.Net&btnG=Szukaj+w+Google&lr=lang_pl
Strona 1 / 1