Witam,
przykro mi bardzo, ale niestety nie będę oryginalny :? ,
dostałem lwiadomość na gg, naiwnie odpaliłem linka i …itd.
Przy starcie systemu wyskakują 2 błędy związane z uruchomieniem winntdll.exe i simpler.exe. Oba pliki znajdują się na dysku. Na moje oko, wcześniej ich nie było, toteż postarałem się je usunąć, ale na niewiele się to zdaje, gdyż powracają po kolejnym uruchomieniu systemu.
Gadu-gadu odinstalowałem, i jakoś nie spieszy mi się aby je ponownie instalować… i do tego czuję sie wolny:-D
…nie wiem czy jest to spowodowane w/w paskudztwem, ale równocześnie pojawił mi się problem z wyłączeniem komputera. Po zamknięciu systemu, zamiast automatycznie się wyłączyć, komp zamyka wszystkie procesy, wygasza monitor…i zawisa.
a teraz log z HijackThis
Logfile of HijackThis v1.99.1 Scan saved at 16:46:11, on 2006-11-19 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\ESET\NOD32KRN.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\IRMON.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\ESET\NOD32KUI.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\LXSUPMON.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\SIMPLER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\WINDOWS\PULPIT\ANTYSZPIEGI\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O3 - Toolbar: @msdxmLC.dll ,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM…\Run: [internat.exe] internat.exe O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [irMon] irmon.exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [LexStart] LexStart.EXE O4 - HKLM…\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM…\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM…\RunServices: [NOD32kernel] “C:\Program Files\Eset\nod32krn.exe” O4 - HKLM…\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKCU…\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Uninstall.exe O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\PROGRAM FILES\FLASHGET\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\PROGRAM FILES\FLASHGET\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - file://C:\TEMP\203561.exe
…i log z Silent Runners
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows Me (Millennium Edition) Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NVIEW” = “rundll32.exe nview.dll,nViewLoadHook” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “internat.exe” = “internat.exe” [MS] “ScanRegistry” = “C:\WINDOWS\scanregw.exe /autorun” [MS] “TaskMonitor” = “C:\WINDOWS\taskmon.exe” [MS] “PCHealth” = “C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s” [MS] “SystemTray” = “SysTray.Exe” [MS] “IrMon” = “irmon.exe” [MS] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “QuickTime Task” = ““C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime” [“Apple Computer, Inc.”] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] “LexStart” = “LexStart.EXE” [“Lexmark International, Inc.”] “LXSUPMON” = “C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN” [“Lexmark International Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++} “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “SchedulingAgent” = “mstask.exe” [MS] “SSDPSRV” = “C:\WINDOWS\SYSTEM\ssdpsrv.exe” [MS] “*StateMgr” = “C:\WINDOWS\System\Restore\StateMgr.exe” [MS] “NOD32kernel” = ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] “StillImageMonitor” = “C:\WINDOWS\SYSTEM\STIMON.EXE” [MS] HKLM\Software\Microsoft\Active Setup\Installed Components\ PerUser_CVT_Inis(Default) = “Instalator systemu Windows — Konwerter FAT32” \StubPath = “rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Universal Plug and Play Devices” -> {HKLM…CLSID} = “Universal Plug and Play Devices” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\UPNPUI.DLL” [MS] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitów” -> {HKLM…CLSID} = “Eksplorator pulpitów” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVSHELL.DLL” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVSHELL.DLL” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\PROGRAM FILES\SONY ERICSSON\MOBILE\FILE MANAGER\FMGRGUI.DLL” [“Sony Ericsson Mobile Communications AB”] “{2E9D3540-211C-11d0-A5F2-00A0248C37BE}” = “Nero Shell Extension Property Sheet” -> {HKLM…CLSID} = “Nero Shell Extension Property Sheet” \InProcServer32(Default) = “C:\Program Files\Ahead\nero\neroshx.dll” [“Ahead Software AG”] “{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}” = “Skladnik rozszerzenia powloki CorelDRAW” -> {HKLM…CLSID} = “CorelDRAW Shell Extension Component” \InProcServer32(Default) = “C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll” [null data] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Startup items in “Startup” & “All Users…Startup” folders: ----------------------------------------------------------- C:\WINDOWS\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] C:\WINDOWS\All Users\Menu Start\Programy\Autostart <> “Uninstall.exe” [null data] Enabled Scheduled Tasks: ------------------------ “Rozpoczęcie aplikacji dostrajania” -> launches: “walign” [MS] “Harmonogram programu PCHealth dla zbierania danych” -> launches: “C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\SYSTEM\imon.dll [null data], 01 - 05, 13 C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 06 C:\WINDOWS\SYSTEM\msafd.dll [MS], 07 - 09 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 10 - 11 C:\WINDOWS\system32\wspirda.dll [MS], 12 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” -> {HKLM…CLSID} = “Web Browser Applet Control” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\MSJAVA.DLL” [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data) The Internet Explorer version cannot be found! C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) The contents of IERESET.INF cannot be reliably checked! Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome ” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome ” Missing lines (compared with English-language version): [strings]: 2 lines Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Printer Monitor\Driver = “LEXLMPM.DLL” [“Lexmark International, Inc.”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 59 seconds. ---------- (total run time: 127 seconds)
…proszę o pomoc w usunięciu, tego dziadostwa.
Dobroczyńcy stawiam wirtualne piwo, albo herabatke czy coś
pozdrawiam
PS…przepraszam, za tytuł poniosło mnie
Złączono Posta : 19.11.2006 (Nie) 17:44
korci mnie aby usunąć ten wpis:
…tak jak poradzono kilka wątków niżej, osobie z podobnym problemem, ale nie wiem, czy samemu to ruszać…