Wirus???Dostep do rejestru zabroniony po kolejnym logowaniu
Witam.. :)
Mam problem z dostepem do rejestru i menadzera zadan.Sledzac historie forum udalo mi sie chwilowo to naprawic,lecz po restarcie i kolejnym zalogowanu jako ADMIN problem sie pojawia.Googlowalem neta i znalazlem podobny problem lecz do konca nie wiem jak mam pozbyc sie tego problemu.Przy logowaniu wyskakuje mi problem z plikiem syscom.exe
Jezeli ktos jest w stanie mi pomoc,bede wdzieczny.
Ponizej zamieszzam log z HIJack'a...
Pozdrawiam.
Logfile of HijackThis v1.99.1
Scan saved at 14:03:46, on 2005–10–24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Opera\Opera.exe
c:\Program Files\hi\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
F2 – REG:system.ini: UserInit=userinit.exe,syscom.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\Program Files\FlashGet\jccatch.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [syslogon] syslogon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\PowerGG.exe"
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Download with NetPumper – C:\Program Files\NetPumper\AddUrl.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\Program Files\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\Program Files\FlashGet\flashget.exe
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {EF791A6B–FC12–4C68–99EF–FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss–loc/vso/en–us/tools/mcfscan/2,0,0,4603/mcfscan.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{465A5BDA–BC45–4B6E–87A3–B18BD25379FF}: NameServer = 194.204.152.34,194.204.159.1
O17 – HKLM\System\CCS\Services\Tcpip\..\{4A960585–0083–45E6–9A88–244AC5612912}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Autodesk Licensing Service – Autodesk, Inc. – C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: C–DillaSrv – C–Dilla Ltd – C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZONELABS\vsmon.exe
Mam problem z dostepem do rejestru i menadzera zadan.Sledzac historie forum udalo mi sie chwilowo to naprawic,lecz po restarcie i kolejnym zalogowanu jako ADMIN problem sie pojawia.Googlowalem neta i znalazlem podobny problem lecz do konca nie wiem jak mam pozbyc sie tego problemu.Przy logowaniu wyskakuje mi problem z plikiem syscom.exe
Jezeli ktos jest w stanie mi pomoc,bede wdzieczny.
Ponizej zamieszzam log z HIJack'a...
Pozdrawiam.
Logfile of HijackThis v1.99.1
Scan saved at 14:03:46, on 2005–10–24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Opera\Opera.exe
c:\Program Files\hi\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
F2 – REG:system.ini: UserInit=userinit.exe,syscom.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\Program Files\FlashGet\jccatch.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [syslogon] syslogon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\PowerGG.exe"
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Download with NetPumper – C:\Program Files\NetPumper\AddUrl.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\Program Files\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\Program Files\FlashGet\flashget.exe
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {EF791A6B–FC12–4C68–99EF–FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss–loc/vso/en–us/tools/mcfscan/2,0,0,4603/mcfscan.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{465A5BDA–BC45–4B6E–87A3–B18BD25379FF}: NameServer = 194.204.152.34,194.204.159.1
O17 – HKLM\System\CCS\Services\Tcpip\..\{4A960585–0083–45E6–9A88–244AC5612912}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Autodesk Licensing Service – Autodesk, Inc. – C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: C–DillaSrv – C–Dilla Ltd – C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZONELABS\vsmon.exe
Odpowiedzi: 5
Dzieki.Wasze rady okazaly sie trafne i wszystko juz jest ok...
Pozdrawiam...
Pozdrawiam...
Bobi:
Spoko Żółty, ale 020 to od grafiki Intela :wink:
O kurna rzeczywiście. Jak koń w klapkach się zachowalem :oops: – za duźo tego 020 ostatnio widzę ...
Spoko Żółty, ale 020 to od grafiki Intela :wink:
Wyłącz przywracanie systemu.
To zaznacz do fixa a pliki pogrubione odnajdź na dysku i usuń.
Do tego poczytaj http://forum.centrumxp.pl/viewtopic.php?t=42065
F2 – REG:system.ini: UserInit=userinit.exe,syscom.exe
O4 – HKLM\..\Run: [syslogon] syslogon.exe
To zaznacz do fixa a pliki pogrubione odnajdź na dysku i usuń.
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
Do tego poczytaj http://forum.centrumxp.pl/viewtopic.php?t=42065
Przejdź w rejestrze do klucza HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon i zmień zapis w wartości Userinit z userinit.exe, syscom.exe na samo userinit.exe.
Potem oczywiście wykonaj dogłębne skanowanie programem antyszpiegowskim i antywirusowym.
Potem oczywiście wykonaj dogłębne skanowanie programem antyszpiegowskim i antywirusowym.
Strona 1 / 1