Mam juz swoje lata i nerwy na wyczerpaniu
Prosze o nieskomplikowane sugestie, co dalej. Oto moj Logfile of HijackThis:
Mam juz swoje lata i nerwy na wyczerpaniu
Prosze o nieskomplikowane sugestie, co dalej. Oto moj Logfile of HijackThis:
tadeooo proszę o zastosowanie się do tych tematów:
http://forum.dobreprogramy.pl/viewtopic.php?t=66889
http://forum.dobreprogramy.pl/viewtopic.php?t=36654
Opisz dokładnie, jaki masz problem.
Logi obejmuj tagami quote.
Przepraszam, jestem raczej uzytkownikiem komputera, nie jego znawca
Wydawalo mi sie, ze wkleilem “log-a” w calosci, nic nie obcialem.
Oczekiwalem porady, ktore wpisy usunac i co jeszcze zrobic, by komputer zaczal dzialac normalnie po problemie zwiazanym z “simpler.exe”
Z instrukcja obslugi HiJackThis raczej sie zapoznalem.
Objawy: po starcie wyskakuje od razu okno logowania do gg, system antywir. nod32 wykrywa wirusa i go usuwa, ale po ponownym uruchomieniu sytuacja powtarza sie, lacze internetowe dziala niezmiernie wolno - ledwie moge z niego korzystac (i to chyba jest najwieksza bolaczka)
Z gory dziekuje za zrozumienie i pomoc
Złączono Posta : 28.11.2006 (Wto) 22:54
Pewnie wywolalem smiech, ale nic nie poradze
Uruchamiasz narzędzie KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:
C:\WINDOWS\System32\rpcc.dll
Klikasz X i restart kompa
Start -> wszystkie programy -> autostart -> z prawokliku kasujesz Uninstall.exe.
Usuwasz Hijackiem te wpisy:
Po zabiegach nowy log z Hijacka + log z Silent Runners
nie pomoglo, gg sie nie uruchamia, ale w folderze:
C:\Documents and Settings\Admin
tkwia pliki
gg.dll
NTUSER
ntuser.dat
a nod32 wykrywa wirusa
Złączono Posta : 28.11.2006 (Wto) 23:19
na wszelki wypadek wklejam ponownego “loga”, moze cos sie zmienilo:
Hijack jest już czysty
Wrzuć koniecznie log z Silenta:)
tadeooo jak wklejasz loga, obejmuj go tagiem quote.
Instrukcję jak to zrobić i jak wkleić loga z Silent Runners masz w tematach wyżej
log z silent runners:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“C-Media Mixer” = “Mixer.exe /startup” [“C-Media Electronic Inc. (http://www.cmedia.com.tw)”]
“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“NeroCheck” = “C:\WINDOWS\System32\NeroCheck.exe” [“Ahead Software Gmbh”]
“Adobe Photo Downloader” = ““C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”]
“nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "]
“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k”
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS]
“{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]
“{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension”
-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> rpcc\DLLName = “C:\WINDOWS\System32\rpcc.dll” [file not found]
Czy powinien pozostać wpis :
tadeooo zapomniałeś znowu “quote”
Złączono Posta : 28.11.2006 (Wto) 23:29
Sorki za takie pytanie ale próbuje troche skumać z tych logów
oto silent runners (poprzednio nie caly wkleilem - przez niecierpliwosc)
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“C-Media Mixer” = “Mixer.exe /startup” [“C-Media Electronic Inc. (http://www.cmedia.com.tw)”]
“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“NeroCheck” = “C:\WINDOWS\System32\NeroCheck.exe” [“Ahead Software Gmbh”]
“Adobe Photo Downloader” = ““C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”]
“nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "]
“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k”
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS]
“{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]
“{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension”
-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> rpcc\DLLName = “C:\WINDOWS\System32\rpcc.dll” [file not found]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}”
-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}”
-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\System32\ssbezier.scr” [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\System32\imon.dll ["Eset "], 01 - 05, 17
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Messenger”
“Exec” = “C:\Program Files\Messenger\MSMSGS.EXE” [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS]
<>: Suspicious data at a malware launch point.
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 156 seconds, including 4 seconds for message boxes)
W folderze C:\Documents and Settings\Admin
tkwia nadal pliki
gg.dll
NTUSER
ntuser.dat
Moze tak pozostac?
Otwórz notatnik i wklej w nim to:
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
Usuń z dysku plik, ktory zaznaczyłem na czerwono - pozostałe są OK
Zrobilem wedle wskazowek, serdecznie dziekuje za cierpliwosc i czas
Mam nadzieje, ze juz teraz bedzie wzszystko OK.
Pozdrowienia