Igor_B
(Igi13)
13 Grudzień 2006 09:16
#1
Witam,
proszę o pomoc w tej sprawie (proszę tłumaczyć “dużymi literami”), bo kiepsko śmigam w rejestrach itd. boję się że coś sknocę i trzeba będzie system ładować.
Problem polega na tym, że miałem jakiegoś trojana i od czasu usunięcia go przez program symantec ciagle pojawia mi się po odpaleniu komputera komuniakt, że jest problem z aplikacją simpler.exe oraz winntdll.exe i że zostaną zamknięte.
Oto, z hijack’a ten mój log (mam nadzieje że dobrze go wkleiłem i nikt nie bedzie na mnie zły):
Logfile of HijackThis v1.99.1 Scan saved at 10:10:05, on 2006-12-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Tlen.pl\tlen.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Igor\Pulpit\Użytki\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pai.net.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.pai.net.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM…\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM…\Run: [Atomic Time Synchronizer] “C:\Program Files\a-TimeSync\TimeSync.exe” /auto O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Startup: Komunikator Tlen.pl.lnk = C:\Program Files\Tlen.pl\tlen.exe O4 - Global Startup: Uninstall.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe … loader.cab O17 - HKLM\System\CCS\Services\Tcpip…{84767E38-3671-41F6-A469-A96B4522E8CB}: NameServer = 172.16.1.1,172.16.2.1 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Joan
(Joan Sunshine)
13 Grudzień 2006 10:05
#2
Sam to ustawiałeś?
Wyłączasz przywracanie systemu (Panel sterowania -> System -> Przywracanie systemu -> zaznaczasz „Wyłącz przywracanie systemu” ).
W HJT odpalonym z trybie awaryjnym zaznaczasz wpisy i klikasz na dole “Fix checked” , to co na czerwono usuwasz ręcznie z dysku:
simpler.exe oraz winntdll.exe > znajdujesz te pliki na dysku i kasujesz w trybie awaryjnym.
Po zabiegach nowe logi z HiJacka oraz Silent Runners (zaznaczasz No i czekasz aż skończy pracować w tle).
Igor_B
(Igi13)
13 Grudzień 2006 13:29
#3
Witam,
dziękuje za szybką reakcję.
Właściwie to nie wiem czemu ma niby służyć to:
nic takiego raczej nie ustawiałem, parametry do netu mam inne. MAsz pomysł po co mi to mogłoby być potrzebne?
Zrobiłem wszystko jak napisałaś,czyli: bez przywracania systemu i tryb awaryjny. Zaznaczyłem w HiJAcku te trzy podane punkty i “Fix xhecked”, później ręcznie usunałem:
z folderu C:\Documents and Settings\Igor usunąłem plik “winnt.dll”
z folderu C:\WINDOWS\Prefetch usunąłem następujące pliki (wszystko w trybie awaryjnym):
SIMPLER.EXE-16CE2985.pf
UNINSTALL.EXE-15FBEEBF.pf
WINNTDLL.EXE-03A1E0BF.pf
WINNTDLL.EXE-2440E835.pf (wszystkie pliki lezą teraz w koszu, skasować je?)
Ile czasu idzie w tle “Silent Runners”? Bo trwa to i trwa (chyba). Obciążenie procesora strasznie się wacha od 0 do 100%. W aktywnych procesach w Menedżerze zadań jest aktywny plik “winlogon.exe”, to jest ok?
Czy ustawić ponownie “przywracanie systemu” w Panel ster.>System?
Oto dane z HiJacka po twojej poradzie:
Logfile of HijackThis v1.99.1 Scan saved at 14:17:06, on 2006-12-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Igor\Pulpit\Użytki\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pai.net.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.pai.net.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM…\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM…\Run: [Atomic Time Synchronizer] “C:\Program Files\a-TimeSync\TimeSync.exe” /auto O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Startup: Komunikator Tlen.pl.lnk = C:\Program Files\Tlen.pl\tlen.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe … loader.cab O17 - HKLM\System\CCS\Services\Tcpip…{84767E38-3671-41F6-A469-A96B4522E8CB}: NameServer = 172.16.1.1,172.16.2.1 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
a to z “Silent Runners”:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “PcSync” = “C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog” [“Time Information Services Ltd.”] “Komunikator” = “C:\Program Files\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “PCSuiteTrayApplication” = “C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray” [“Nokia”] “DataLayer” = “C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [“Nokia Mobile Phones Ltd.”] “Atomic Time Synchronizer” = ““C:\Program Files\a-TimeSync\TimeSync.exe” /auto” [“atsync.com ”] “ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”] “SSC_UserPrompt” = “C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe” [“Symantec Corporation”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}(Default) = “NAV Helper” -> {HKLM…CLSID} = “CNavExtBho Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{40950107-FEA6-4d53-A65F-B2DCBA57DD58}” = “Nokia Phone Browser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{FBFE7864-D495-41f0-B7DC-4BB601CC295E}” = “Contact View” -> {HKLM…CLSID} = “Contact View” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll” [“Nokia”] “{C0C4375A-5B72-4efe-929D-3B848C3A1E91}” = “Message View” -> {HKLM…CLSID} = “Message View” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll” [“Nokia”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\Igor\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Igor\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Igor” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\Igor\Menu Start\Programy\Autostart “Komunikator Tlen.pl” -> shortcut to: “C:\Program Files\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”] Enabled Scheduled Tasks: ------------------------ “Norton AntiVirus - Uruchom pełne skanowanie systemu - Igor” -> launches: “C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:“C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca”” [“Symantec Corporation”] “Norton AntiVirus - Uruchom szybkie skanowanie - Igor” -> launches: “C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:“C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\quick.sca”” [“Symantec Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 12 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{C4069E3A-68F1-403E-B40E-20066696354B}” = “Norton AntiVirus” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Messenger” “Exec” = “C:\Program Files\Messenger\MSMSGS.EXE” [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 2 domain names to IP addresses, 1 of the IP addresses is *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Harmonogram automatycznej usługi LiveUpdate, Harmonogram automatycznej usługi LiveUpdate, ““C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”” [“Symantec Corporation”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] Norton AntiVirus Firewall Monitor Service, NPFMntor, ““C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe”” [“Symantec Corporation”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] SPBBCSvc, SPBBCSvc, ““C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe”” [“Symantec Corporation”] Symantec Core LC, Symantec Core LC, ““C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe”” [“Symantec Corporation”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Network Drivers Service, SNDSrvc, ““C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] Usługa Auto-Protect programu Norton AntiVirus, navapsvc, ““C:\Program Files\Norton AntiVirus\navapsvc.exe”” [“Symantec Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 174 seconds. ---------- (total run time: 1900 seconds)
Jak wyszedłem z trybu awaryjnego i system się normalnie uruchomił to już nie było tych komunikatów dotyczących “simpler.exe” oraz “winntdll.exe”. Chyba będzie już OK. Wielkie, wielkie dziękuje za pomoc!!!JEseś Super!
Czekam na poradę co z tym 01-host 12.129.205… zrobić.
W porządku są te pliki z HiJAcka i Silent?
Joan
(Joan Sunshine)
13 Grudzień 2006 13:46
#4
Już jest ok
Pliki syfa z kosza usuwasz. Tę linijkę skoro nie Twoja - zafixuj w HJT, tak jak poprzednie wpisy.
Przywracanie możesz oczywiście już włączyć, jeśli używasz tej funkcji.
Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.
opis tutaj
Pozatym przejrzyj: Lista zbędników w autostarcie oraz Optymalizacja XP.
Wejdź: Start > uruchom > msconfig i w zakładce „Uruchamianie” odznacz, niepotrzebne według Ciebie, programy w autostarcie.
Igor_B
(Igi13)
13 Grudzień 2006 20:45
#5
Barszo się ciesze i serdecznie Ci dziękuję za pomoc. nie wiem co bym zrobił, pewnie by mi system padł jak kawka a ja razem z nim.
Zastosouje się do dalszych porad, mam teraz czas to powalcze, obym nic nie spartolił tylko. Jeszcze raz dziękuję.