Prosze o sprawdz log'a i pomoc w usunieciu nrctrl.exe i in.
Bardzo prosze szanownych forumowiczow o pomoc w usunieciu badziewia... Nie jestem zbyt biegla w kwestiach pozauzytkowniczych, wiec ...no wiecie, jak babie na miedzy – kawe na lawe poprosze... ;)
Przeszlam przez hijackthis i z log'a (zamieszczonego ponizej) wysnulam wnioski, iz mam 3 badziewia
1)mssearchnet.exe – czyli Trojan.Zlob.D (?)
2)nrctrl.exe –
3)hp.F42D.tmp
Jak sie tego pozbyc???
Oto log:
Logfile of HijackThis v1.99.1
Scan saved at 12:59:04, on 2006–03–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tygrysek\Desktop\HijackThis.exe
O2 – BHO: HomepageBHO – {4da4616d–7e6e–4fd9–a2d5–b6c535733e22} – C:\WINDOWS\System32\hpF42D.tmp
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 – HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {43A848AB–928D–43A0–8B8A–81D953E9F3EE} (XMLFileSaver Class) – https://www.brebrokers.pl/res/EPMXMLFILESAVERCOM.cab
O16 – DPF: {AFD8ED36–EA54–11D6–AC3F–00105ADCF632} (Ntw4 Control) – https://www.brebrokers.pl/res/ntw4.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{0D5B2A5F–EDCE–43FE–82F9–4237CD870FB3}: NameServer = 212.68.193.110
O17 – HKLM\System\CS1\Services\Tcpip\..\{0D5B2A5F–EDCE–43FE–82F9–4237CD870FB3}: NameServer = 212.68.193.110
O17 – HKLM\System\CS2\Services\Tcpip\..\{0D5B2A5F–EDCE–43FE–82F9–4237CD870FB3}: NameServer = 212.68.193.110
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Wielkie dzieki!
Przeszlam przez hijackthis i z log'a (zamieszczonego ponizej) wysnulam wnioski, iz mam 3 badziewia
1)mssearchnet.exe – czyli Trojan.Zlob.D (?)
2)nrctrl.exe –
3)hp.F42D.tmp
Jak sie tego pozbyc???
Oto log:
Logfile of HijackThis v1.99.1
Scan saved at 12:59:04, on 2006–03–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tygrysek\Desktop\HijackThis.exe
O2 – BHO: HomepageBHO – {4da4616d–7e6e–4fd9–a2d5–b6c535733e22} – C:\WINDOWS\System32\hpF42D.tmp
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 – HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {43A848AB–928D–43A0–8B8A–81D953E9F3EE} (XMLFileSaver Class) – https://www.brebrokers.pl/res/EPMXMLFILESAVERCOM.cab
O16 – DPF: {AFD8ED36–EA54–11D6–AC3F–00105ADCF632} (Ntw4 Control) – https://www.brebrokers.pl/res/ntw4.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{0D5B2A5F–EDCE–43FE–82F9–4237CD870FB3}: NameServer = 212.68.193.110
O17 – HKLM\System\CS1\Services\Tcpip\..\{0D5B2A5F–EDCE–43FE–82F9–4237CD870FB3}: NameServer = 212.68.193.110
O17 – HKLM\System\CS2\Services\Tcpip\..\{0D5B2A5F–EDCE–43FE–82F9–4237CD870FB3}: NameServer = 212.68.193.110
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Wielkie dzieki!
Odpowiedzi: 1
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
O2 – BHO: HomepageBHO – {4da4616d–7e6e–4fd9–a2d5–b6c535733e22} – C:\WINDOWS\System32\hpF42D.tmp
Poczytaj i zastosuj Usuwanie SpyAxe http://forum.twojastrefapc.pl/index.php?showtopic=214
Wyłacz przywracanie systemu. Wejdz w tryb awaryjny i usuń pliki na czerwono ręcznie z dysku a wpis w hijack this poleceniem fix checked. Potem najlepiej uźyj narzędzia SmitRem masz tam opisane w tym linku co ci dałem
Strona 1 / 1