Norton wykrywa mi “W32.Banwarum@mm”-nie wiem jak to usunąć. :olaboga: Robal spowalnia mi kompa i jest to uciązliwe. Mam neta od prawie tygodnia a nie mogę z niego korzystać przez tego stwora. Załączam loga HijackThis (mam nadzieję że wkleiłam to prawidłowo). Problem w tym że nie bardzo jestem biegła w obsłudze tych wspaniałych programów. Proszę o dokładne instrukcje. Z góry dziękuję za pomoc. Pozdrawiam

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

C:\WINDOWS\System32\ntos.exe

C:\WINDOWS\system32\mszsrn32.dll

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Usuń wpisy HJT.

Po wykonaniu proszę pokazać nowy log z HijackThis plus z SilentRunners.

Mam tylko nadzieję że zastosowałam się do podanych wskazówek…

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

---

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]

“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0\bin\jusched.exe” [“Sun Microsystems, Inc.”]

“NeroCheck” = “C:\WINDOWS\System32\NeroCheck.exe” [“Ahead Software Gmbh”]

“ccApp” = “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [“Symantec Corporation”]

“ccRegVfy” = “C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe” [“Symantec Corporation”]

“MSConfig” = “C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto” [MS]

“!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx” [empty string]

{BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = “NAV Helper”

-> {HKLM…CLSID} = “CNavExtBho Class”

\InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5”

-> {HKLM…CLSID} = “CShellExecuteHookImpl Object”

\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”

-> {HKLM…CLSID} = “CContextScan Object”

\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”]

MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}”

-> {HKLM…CLSID} = “MkS_Vir Shell Extension”

\InProcServer32(Default) = “/u\mksshell.dll” [file not found]

Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}”

-> {HKLM…CLSID} = “IEContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”

-> {HKLM…CLSID} = “CContextScan Object”

\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}”

-> {HKLM…CLSID} = “MkS_Vir Shell Extension”

\InProcServer32(Default) = “/u\mksshell.dll” [file not found]

Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}”

-> {HKLM…CLSID} = “IEContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {GPedit.msc branch and setting}:

---

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“DisableRegistryTools” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

---

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “G:\Fotki Zuzanki\samsung\Fotki\STA60202.JPG”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Enabled Screen Saver:

---

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\System32\ssmypics.scr” [MS]

Startup items in “Administrator” & “All Users” startup folders:

---

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS]

Enabled Scheduled Tasks:

---

“Norton AntiVirus - Skanuj komputer” -> launches: “C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca” [“Symantec Corporation”]

“Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”]

Winsock2 Service Provider DLLs:

---

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

---

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

“{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}”

-> {HKLM…CLSID} = “Norton AntiVirus”

\InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” = “Norton AntiVirus”

-> {HKLM…CLSID} = “Norton AntiVirus”

\InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}”

-> {HKLM…CLSID} = “Java Plug-in 1.5.0”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll” [“Sun Microsystems, Inc.”]

Running Services (Display Name, Service Name, Path {Service DLL}):

---

Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”]

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”]

Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS]

Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”]

Usługa Auto-Protect w programie Norton AntiVirus, navapsvc, “C:\Program Files\Norton AntiVirus\navapsvc.exe” [“Symantec Corporation”]

---

<>: Suspicious data at a malware launch point.

• This report excludes default entries except where indicated.

• To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

• To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 184 seconds, including 108 seconds for message boxes)

Złączono Posta : 09.03.2007 (Pią) 23:16

chyba to powinno być tak:

Złączono Posta : 10.03.2007 (Sob) 0:21

nie ma reakcji na moją odpowiedź może żle ją wysłałam?

Już jest OK.

Proponuję zainstalować dodatek Service Pack 2.

http://dobreprogramy.pl/index.php?dz=2&t=35&id=795

Brak odpowiedzi oznacza to, że aktualnie nie ma na Forum nikogo kto mógłby sprawdzić Twoje logi.

Kosmetyka:

Panel sterowania => Java Plug-in => Update => odznacz opcję Check for updates automatically.

Start => uruchom => msconfig => zakładka Uruchamianie => możesz odznaczyć w/w.

Podczas startu systemu na okienku, które się pojawia zaznacz dostępną tam opcję, aby się nie pokazywało.

Jeśli nie korzystasz z zaawansowanych usług tekstowych to je wyłącz: Panel sterowania => Opcje regionalne => Języki => Szczegóły => Zaawansowane => zaznacz wyłącz zaawansowane usługi tekstowe.

Start => programy => autostart => kasacja z prawokliku.

Proponuję przeczyścić rejestr ponieważ masz kilka pustych kluczy, opis.