Pojawia sie i znika (msconfig, regedit, menedźer, Hijackthis
Nie moge nic zrobić bo uruchamia sie i od razu zamyka kaźde polecenie wpisane do "uruchom".
To samo dzieje sie z menedźerem zadań i Hijack this
Przez to nie moge nic zrobic z tego co jest napisane przy usuwaniu spysheriffa.
Jak temu zaradzić?
To samo dzieje sie z menedźerem zadań i Hijack this
Przez to nie moge nic zrobic z tego co jest napisane przy usuwaniu spysheriffa.
Jak temu zaradzić?
Odpowiedzi: 14
No i lala.
W końcu jakos ten komputer chodzi.
Wielkie dzięki.
W końcu jakos ten komputer chodzi.
Wielkie dzięki.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"MS–patch333" = "winservices.exe" [file not found]
"dmhqh.exe" = "C:\WINDOWS\System32\dmhqh.exe" [file not found]
"dmvaw.exe" = "C:\WINDOWS\System32\dmvaw.exe" [null data]
Wyboldowane pliki usuwasz z dysku w konsoli odzyskiwania, nastepnie otwierasz regedit i z podanego na górze klucza usuwasz wartości na czerwono
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csnhy.exe" [null data]
Usuwasz pogrubiony plik, wartosc System edytujesz usuwajac z niej wszystkie dane.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "NoBandCustomize"=dword:00000001
Usuń tą restrykcję z rejestru.
Powiedzmy, źe wiem dlaczego svchost zajmuje 100% mocy procesora, to sprawka:
Remote Procedure Call (RPC) Extensions, RpcxSs, "C:\WINDOWS\System32\svchost.exe –k netsvcs" {"RpcxSs.Dll" [MS]}
Konkretniej tej wyboldowanej biblioteki podpiętej pod svchosta.
Usuń ja w konsoli odzyskiwania przy pomocy polecenia:
DISABLE RpcxSs
CD C:\WINDOWS\system32
ATTRIB –R–S–H RpcxSs.Dll
DEL RpcxSs.Dll
W rejestrze trzeba będzie usunąć jeszcze takie klucze jak:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcxSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RpcxSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcxSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCXSS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RPCXSS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RPCXSS
Niekiedy trzeba będzie sobie nadac odpowiednie uprawnienia przed kasacją.
Bobi:
Rebe, co Ty nie powiesz :wink:
Wyobraź sobie, źe o tym samym pomyślałem :mrgreen:
Widzisz jaki zbawienny wpływ na Ciebie wywieram :lol:
Log z silen runners
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"PcSync" = "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray" ["Nokia"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"MS–patch333" = "winservices.exe" [file not found]
"LXSUPMON" = "C:\WINDOWS\System32\LXSUPMON.EXE RUN" ["Lexmark International Inc."]
"dmhqh.exe" = "C:\WINDOWS\System32\dmhqh.exe" [file not found]
"DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."]
"dmvaw.exe" = "C:\WINDOWS\System32\dmvaw.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Eksplorator pulpitów"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{AC1DB655–4F9A–4c39–8AD2–A65324A4C446}" = "Autodesk Drawing Preview"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
"{36A21736–36C2–4C11–8ACB–D4136F2B57BD}" = "Ikona obsługi nakładki Podpisów cyfrowych AutoCAD"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\AcSignIcon.dll" ["Autodesk"]
"{A5110426–177D–4e08–AB3F–785F10B4439C}" = "My Phones"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{7EFFF3DD–71B3–11D4–A25E–005056DCFB89}" = "DIALux 2.0 ULDShellHandler Class"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\DIALux\DLXShellExtension.dll" ["DIAL GmbH, Germany"]
"{7889C2D5–D128–43e2–A8D8–A7590A12C8B3}" = "DIALux 2.0 DLXShellHandler Class"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\DIALux\DLXShellExtension.dll" ["DIAL GmbH, Germany"]
"{416651E4–9C3C–11D9–8BDE–F66BAD1E3F3A}" = "PhoneBrowser"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{C0C4375A–5B72–4efe–929D–3B848C3A1E91}" = "Message View"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csnhy.exe" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720–84ee–11d0–b5c0–00001b3ca278}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
DIALux20\(Default) = "{7EFFF3DD–71B3–11D4–A25E–005056DCFB89}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\DIALux\DLXShellExtension.dll" ["DIAL GmbH, Germany"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720–84ee–11d0–b5c0–00001b3ca278}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies [Description] {enabled Group Policy setting}:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "NoBandCustomize"=dword:00000001
[disables toolbar status changes in Internet Explorer|View|Toolbars]
{User Configuration|Administrative Templates|Windows Components|
Internet Explorer|Toolbars|Disable customizing browser toolbars}
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Tomuś\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp"
Startup items in "Tomuś" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Microsoft Office" –> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE –b –l" [MS]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590–48F4–11D9–9669–0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
C–DillaCdaC11BA, C–DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
Kerio Personal Firewall 4, KPF4, "C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe" ["Kerio Technologies"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Remote Procedure Call (RPC) Extensions, RpcxSs, "C:\WINDOWS\System32\svchost.exe –k netsvcs" {"RpcxSs.Dll" [MS]}
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 156 seconds, including 4 seconds for message boxes)
Log z hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 23:48:12, on 2005–12–05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\mswindtc.exe
c:\htinst.exe
D:\net pliki\hijackthis.com
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MS–patch333] winservices.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [dmhqh.exe] C:\WINDOWS\System32\dmhqh.exe
O4 – HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 – HKLM\..\Run: [win msdt service] mswindtc.exe
O4 – HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 – HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O16 – DPF: {5D86DDB5–BDF9–441B–9E9E–D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {EF791A6B–FC12–4C68–99EF–FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss–loc/mcfscan/2,1,0,4642/mcfscan.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O17 – HKLM\System\CS1\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O18 – Protocol: dialux – {8352FA4C–39C6–11D3–ADBA–00A0244FB1A2} – C:\Program Files\DIALux\DLXToolBox.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Powiedzmy ze po paru próbach udało mi sie ustalic źe głównym winowajcą moich problemów jest mswindtc.exe
Usuwałem go juź z 10 razy i nic. Za kaźdym razem gdy tylko połącze sie z internetem on pojawia sie od nowa.
Po za tym svchost.exe mam 100% pomimo źe zrobiłem wszystko jak radza na forum.
I Co tu dalej robić?????
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"PcSync" = "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray" ["Nokia"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"MS–patch333" = "winservices.exe" [file not found]
"LXSUPMON" = "C:\WINDOWS\System32\LXSUPMON.EXE RUN" ["Lexmark International Inc."]
"dmhqh.exe" = "C:\WINDOWS\System32\dmhqh.exe" [file not found]
"DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."]
"dmvaw.exe" = "C:\WINDOWS\System32\dmvaw.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Eksplorator pulpitów"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{AC1DB655–4F9A–4c39–8AD2–A65324A4C446}" = "Autodesk Drawing Preview"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
"{36A21736–36C2–4C11–8ACB–D4136F2B57BD}" = "Ikona obsługi nakładki Podpisów cyfrowych AutoCAD"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\AcSignIcon.dll" ["Autodesk"]
"{A5110426–177D–4e08–AB3F–785F10B4439C}" = "My Phones"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{7EFFF3DD–71B3–11D4–A25E–005056DCFB89}" = "DIALux 2.0 ULDShellHandler Class"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\DIALux\DLXShellExtension.dll" ["DIAL GmbH, Germany"]
"{7889C2D5–D128–43e2–A8D8–A7590A12C8B3}" = "DIALux 2.0 DLXShellHandler Class"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\DIALux\DLXShellExtension.dll" ["DIAL GmbH, Germany"]
"{416651E4–9C3C–11D9–8BDE–F66BAD1E3F3A}" = "PhoneBrowser"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{C0C4375A–5B72–4efe–929D–3B848C3A1E91}" = "Message View"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csnhy.exe" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720–84ee–11d0–b5c0–00001b3ca278}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
DIALux20\(Default) = "{7EFFF3DD–71B3–11D4–A25E–005056DCFB89}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\DIALux\DLXShellExtension.dll" ["DIAL GmbH, Germany"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720–84ee–11d0–b5c0–00001b3ca278}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies [Description] {enabled Group Policy setting}:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "NoBandCustomize"=dword:00000001
[disables toolbar status changes in Internet Explorer|View|Toolbars]
{User Configuration|Administrative Templates|Windows Components|
Internet Explorer|Toolbars|Disable customizing browser toolbars}
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Tomuś\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp"
Startup items in "Tomuś" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Microsoft Office" –> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE –b –l" [MS]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590–48F4–11D9–9669–0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
C–DillaCdaC11BA, C–DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
Kerio Personal Firewall 4, KPF4, "C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe" ["Kerio Technologies"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Remote Procedure Call (RPC) Extensions, RpcxSs, "C:\WINDOWS\System32\svchost.exe –k netsvcs" {"RpcxSs.Dll" [MS]}
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 156 seconds, including 4 seconds for message boxes)
Log z hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 23:48:12, on 2005–12–05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\mswindtc.exe
c:\htinst.exe
D:\net pliki\hijackthis.com
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MS–patch333] winservices.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [dmhqh.exe] C:\WINDOWS\System32\dmhqh.exe
O4 – HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 – HKLM\..\Run: [win msdt service] mswindtc.exe
O4 – HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 – HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O16 – DPF: {5D86DDB5–BDF9–441B–9E9E–D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {EF791A6B–FC12–4C68–99EF–FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss–loc/mcfscan/2,1,0,4642/mcfscan.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O17 – HKLM\System\CS1\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O18 – Protocol: dialux – {8352FA4C–39C6–11D3–ADBA–00A0244FB1A2} – C:\Program Files\DIALux\DLXToolBox.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Powiedzmy ze po paru próbach udało mi sie ustalic źe głównym winowajcą moich problemów jest mswindtc.exe
Usuwałem go juź z 10 razy i nic. Za kaźdym razem gdy tylko połącze sie z internetem on pojawia sie od nowa.
Po za tym svchost.exe mam 100% pomimo źe zrobiłem wszystko jak radza na forum.
I Co tu dalej robić?????
Usuwałem juz to badziewie ze trzy razy. Tylko ręcznie bo w konsoli odzyskiwania wyskakiwało źe nie ma takiego pliku.
Zobaczymy co bedzie jak zeskanuje paroma antyvirusami i wgram od nowa poprawki na blastera i sassera.
Po tym wszystkim dam jeszcze raz loga.
A Silent Runners nie chodzi.
Nie znam tych DNs.
Zobaczymy co bedzie jak zeskanuje paroma antyvirusami i wgram od nowa poprawki na blastera i sassera.
Po tym wszystkim dam jeszcze raz loga.
A Silent Runners nie chodzi.
Nie znam tych DNs.
No niestety, nie wiem czy Ty nie usuwasz czy robaki same się odnawiają
Ponawiam pytanie, adresy serwerów DNs są Ci znane?
Uaktualnij bazy sygnatur antywirusa i przeskjanuj system. Jakiś skanerów on–line tez nie zawadzi uzyc.
O4 – HKLM\..\Run: [Windows ASN Services] atme.exe
O4 – HKLM\..\Run: [win msdt service] mswindtc.exe
O4 – HKLM\..\Run: [MS–patch333] winservices.exe
Ponawiam pytanie, adresy serwerów DNs są Ci znane?
Uaktualnij bazy sygnatur antywirusa i przeskjanuj system. Jakiś skanerów on–line tez nie zawadzi uzyc.
Nie moge uruchomić Silent Runners wyskakuje błąd w 623 lini.
Jak narazie programy z pierszego postu uruchamiaja sie.
Logfile of HijackThis v1.99.1
Scan saved at 12:22:37, on 2005–12–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Documents and Settings\Tomuś\Pulpit\HijackThis.exe
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 – HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 – HKLM\..\Run: [Windows ASN Services] atme.exe
O4 – HKLM\..\Run: [win msdt service] mswindtc.exe
O4 – HKLM\..\Run: [MS–patch333] winservices.exe
O4 – HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O17 – HKLM\System\CS1\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O18 – Protocol: dialux – {8352FA4C–39C6–11D3–ADBA–00A0244FB1A2} – C:\Program Files\DIALux\DLXToolBox.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
jeszcze mam svchost.exe 100% CPU ale to spróbuje tak jak radzą w FAQ usunąc.
Jak narazie programy z pierszego postu uruchamiaja sie.
Logfile of HijackThis v1.99.1
Scan saved at 12:22:37, on 2005–12–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Documents and Settings\Tomuś\Pulpit\HijackThis.exe
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 – HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 – HKLM\..\Run: [Windows ASN Services] atme.exe
O4 – HKLM\..\Run: [win msdt service] mswindtc.exe
O4 – HKLM\..\Run: [MS–patch333] winservices.exe
O4 – HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O17 – HKLM\System\CS1\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O18 – Protocol: dialux – {8352FA4C–39C6–11D3–ADBA–00A0244FB1A2} – C:\Program Files\DIALux\DLXToolBox.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
jeszcze mam svchost.exe 100% CPU ale to spróbuje tak jak radzą w FAQ usunąc.
Sposub powinien działąć tylko procedura usuwania zostałą źle przeprowadzona.
Masz do wyboru albo podrzucasz log z l2mfix z opcji 1, albo probujesz poprzez SpySweepera.
Chociaź Look2me juz nie widać.
pmnol.dll to będzie Vundo, prawdopodobnie 017 to jego DNSy.
Masz dwa programiki–automaty:
VundoFix
FixVundo
Uruchamiasz konsole odzyskiwania i wpisujesz:
cd C:\Windows\system32
del atme.exe
del winservices.exe
del pmnol.dll
Następnie korzystasz z tych fixów.
Programy z pierwszego postu juz uruchamiają sie prawidłowo?
Masz do wyboru albo podrzucasz log z l2mfix z opcji 1, albo probujesz poprzez SpySweepera.
Chociaź Look2me juz nie widać.
pmnol.dll to będzie Vundo, prawdopodobnie 017 to jego DNSy.
Masz dwa programiki–automaty:
VundoFix
FixVundo
O2 – BHO: MSEvents Object – {CE70731D–F28D–4D81–9D61–C8EE60378401} – C:\WINDOWS\System32\pmnol.dll
O4 – HKLM\..\Run: [MS–patch333] winservices.exe
O4 – HKLM\..\Run: [Windows ASN Services] atme.exe
O4 – HKLM\..\RunServices: [MS–patch333] winservices.exe
O4 – HKLM\..\RunServices: [Windows ASN Services] atme.exe
O20 – Winlogon Notify: pmnol – C:\WINDOWS\System32\pmnol.dll
Uruchamiasz konsole odzyskiwania i wpisujesz:
cd C:\Windows\system32
del atme.exe
del winservices.exe
del pmnol.dll
Następnie korzystasz z tych fixów.
Programy z pierwszego postu juz uruchamiają sie prawidłowo?
Tego pmnol.dll nie udało mi sie usunąć bo ten sposób podany w FAQ nie działa nawet ręcznie.
A teraz wyglada to tak:
Logfile of HijackThis v1.99.1
Scan saved at 01:05:18, on 2005–12–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\winservices.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\System32\atme.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\ctfmon.exe
D:\net pliki\hijackthis.com
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: MSEvents Object – {CE70731D–F28D–4D81–9D61–C8EE60378401} – C:\WINDOWS\System32\pmnol.dll
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MS–patch333] winservices.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 – HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 – HKLM\..\Run: [Windows ASN Services] atme.exe
O4 – HKLM\..\RunServices: [MS–patch333] winservices.exe
O4 – HKLM\..\RunServices: [Windows ASN Services] atme.exe
O4 – HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 – Protocol: dialux – {8352FA4C–39C6–11D3–ADBA–00A0244FB1A2} – C:\Program Files\DIALux\DLXToolBox.dll
O20 – Winlogon Notify: pmnol – C:\WINDOWS\System32\pmnol.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
A teraz wyglada to tak:
Logfile of HijackThis v1.99.1
Scan saved at 01:05:18, on 2005–12–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\winservices.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\System32\atme.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\ctfmon.exe
D:\net pliki\hijackthis.com
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: MSEvents Object – {CE70731D–F28D–4D81–9D61–C8EE60378401} – C:\WINDOWS\System32\pmnol.dll
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MS–patch333] winservices.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 – HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 – HKLM\..\Run: [Windows ASN Services] atme.exe
O4 – HKLM\..\RunServices: [MS–patch333] winservices.exe
O4 – HKLM\..\RunServices: [Windows ASN Services] atme.exe
O4 – HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 – Protocol: dialux – {8352FA4C–39C6–11D3–ADBA–00A0244FB1A2} – C:\Program Files\DIALux\DLXToolBox.dll
O20 – Winlogon Notify: pmnol – C:\WINDOWS\System32\pmnol.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Zapomniałbym, DNSy 85.255.115.82,85.255.112.121 są Twoje? Mnie to śmierdzi jakimś rootkitem.
A z miesiąc temu było to na forum i okazało się źe rootkit. Serwerki teź juź mnie znane
Niby coś pousuwałeś, ale sporo zostało.
1. Wyłącz przywracanie systemu.
2. Uruchom system w trybie awaryjnym.
3. Usuń z dysku pliki/katalogi zaznaczone pogrubioną czcionką.
4. W HJT zaznaczasz wymienione niźej wpisy i klikasz fix checked.
3–ech ostatnich wpisów poźbeziesz się uruchamiając wiersz poleceń i wpisując:
sc delete cmdService
sc delete Srv32
sc delete WinMedia
Po całej zabawie podajesz nowego loga z Hijacka i dodatkowo z Silent Runners.
Ogólnie to masz niezły burdel brzydko mówiąc, trudno się będzie z tego wygrzebać do końca.
Rebe, co Ty nie powiesz :wink:
Wyobraź sobie, źe o tym samym pomyślałem :mrgreen:
Zapomniałbym, DNSy 85.255.115.82,85.255.112.121 są Twoje? Mnie to śmierdzi jakimś rootkitem.
1. Wyłącz przywracanie systemu.
2. Uruchom system w trybie awaryjnym.
3. Usuń z dysku pliki/katalogi zaznaczone pogrubioną czcionką.
4. W HJT zaznaczasz wymienione niźej wpisy i klikasz fix checked.
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 – URLSearchHook: (no name) – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – (no file)
O2 – BHO: MSEvents Object – {CE70731D–F28D–4D81–9D61–C8EE60378401} – C:\WINDOWS\System32\pmnol.dll
O4 – HKLM\..\Run: [Windows update] C:\WINDOWS\System32\wudupdate.exe
O4 – HKLM\..\Run: [win msdt service] mswindtc.exe
O4 – HKLM\..\Run: [ScHost] svchosts32.exe
04 – HKLM\..\Run: [PieceCrap] mybreak.exe
O4 – HKLM\..\Run: [microsft windows updates] mswupdate32.exe
O4 – HKLM\..\Run: [microsft Updates] msupdate32.exe
O4 – HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\smmss.exe
# Uwaźaj źebyś się nie machnął, w tym katalogu jest jeszcze smss.exe – to plik systemowy
O4 – HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 – HKLM\..\RunServices: [microsft Updates] msupdate32.exe
O4 – HKLM\..\RunServices: [PieceCrap] mybreak.exe
O4 – HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 – HKLM\..\RunServices: [ScHost] svchosts32.exe
O4 – HKLM\..\RunServices: [microsft windows updates] mswupdate32.exe
O4 – HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
# Odinstaluj ten program, to jakaś ściema.
O4 – HKCU\..\Run: [win msdt service] mswindtc.exe
O4 – HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 – HKCU\..\RunServices: [PieceCrap] mybreak.exe
O4 – HKCU\..\RunServices: [win msdt service] mswindtc.exe
O20 – Winlogon Notify: avpe32 – avpe32.dll (file missing)
# Było ostatnio na forum, Żółty wynalazł removera.
O20 – Winlogon Notify: Extensions – C:\WINDOWS\system32\uhdmxfrm.dll (file missing)
O20 – Winlogon Notify: pmnol – C:\WINDOWS\System32\pmnol.dll
# Wyglada na look2me, w FAQ masz opis usuwania.
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\Kioq\command.exe
O23 – Service: Srv32 – Unknown owner – C:\WINDOWS\system32\srv32.exe (file missing)
O23 – Service: WinMedia – Unknown owner – C:\WINDOWS\msmedia32.exe (file missing)
3–ech ostatnich wpisów poźbeziesz się uruchamiając wiersz poleceń i wpisując:
sc delete cmdService
sc delete Srv32
sc delete WinMedia
Po całej zabawie podajesz nowego loga z Hijacka i dodatkowo z Silent Runners.
Ogólnie to masz niezły burdel brzydko mówiąc, trudno się będzie z tego wygrzebać do końca.
Rebe, co Ty nie powiesz :wink:
Wyobraź sobie, źe o tym samym pomyślałem :mrgreen:
Zapomniałbym, DNSy 85.255.115.82,85.255.112.121 są Twoje? Mnie to śmierdzi jakimś rootkitem.
Sprawdzałem w automacie i juź troche pousuwałem.
Logfile of HijackThis v1.99.1
Scan saved at 14:52:17, on 2005–12–01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\mswindtc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\mswupdate32.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe
c:\htinst.exe
C:\WINDOWS\Kioq\command.exe
C:\PROGRA~1\WEBOFF~1\wo.exe
D:\net pliki\hijackthis.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 – URLSearchHook: (no name) – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – (no file)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: MSEvents Object – {CE70731D–F28D–4D81–9D61–C8EE60378401} – C:\WINDOWS\System32\pmnol.dll
O4 – HKLM\..\Run: [Windows update] C:\WINDOWS\System32\wudupdate.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [win msdt service] mswindtc.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [ScHost] svchosts32.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [PieceCrap] mybreak.exe
O4 – HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [microsft windows updates] mswupdate32.exe
O4 – HKLM\..\Run: [microsft Updates] msupdate32.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 – HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\smmss.exe
O4 – HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 – HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 – HKLM\..\RunServices: [microsft Updates] msupdate32.exe
O4 – HKLM\..\RunServices: [PieceCrap] mybreak.exe
O4 – HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 – HKLM\..\RunServices: [ScHost] svchosts32.exe
O4 – HKLM\..\RunServices: [microsft windows updates] mswupdate32.exe
O4 – HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 – HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [win msdt service] mswindtc.exe
O4 – HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 – HKCU\..\RunServices: [PieceCrap] mybreak.exe
O4 – HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O17 – HKLM\System\CCS\Services\Tcpip\..\{EF699B63–D03B–43CD–802F–D08982AD61E5}: NameServer = 85.255.115.82,85.255.112.121
O17 – HKLM\System\CS1\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O18 – Protocol: dialux – {8352FA4C–39C6–11D3–ADBA–00A0244FB1A2} – C:\Program Files\DIALux\DLXToolBox.dll
O20 – Winlogon Notify: avpe32 – avpe32.dll (file missing)
O20 – Winlogon Notify: Extensions – C:\WINDOWS\system32\uhdmxfrm.dll (file missing)
O20 – Winlogon Notify: pmnol – C:\WINDOWS\System32\pmnol.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\Kioq\command.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Srv32 – Unknown owner – C:\WINDOWS\system32\srv32.exe (file missing)
O23 – Service: WinMedia – Unknown owner – C:\WINDOWS\msmedia32.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 14:52:17, on 2005–12–01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\mswindtc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\mswupdate32.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe
c:\htinst.exe
C:\WINDOWS\Kioq\command.exe
C:\PROGRA~1\WEBOFF~1\wo.exe
D:\net pliki\hijackthis.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 – URLSearchHook: (no name) – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – (no file)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: MSEvents Object – {CE70731D–F28D–4D81–9D61–C8EE60378401} – C:\WINDOWS\System32\pmnol.dll
O4 – HKLM\..\Run: [Windows update] C:\WINDOWS\System32\wudupdate.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [win msdt service] mswindtc.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [ScHost] svchosts32.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [PieceCrap] mybreak.exe
O4 – HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [microsft windows updates] mswupdate32.exe
O4 – HKLM\..\Run: [microsft Updates] msupdate32.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 – HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\smmss.exe
O4 – HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 – HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 – HKLM\..\RunServices: [microsft Updates] msupdate32.exe
O4 – HKLM\..\RunServices: [PieceCrap] mybreak.exe
O4 – HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 – HKLM\..\RunServices: [ScHost] svchosts32.exe
O4 – HKLM\..\RunServices: [microsft windows updates] mswupdate32.exe
O4 – HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 – HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [win msdt service] mswindtc.exe
O4 – HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 – HKCU\..\RunServices: [PieceCrap] mybreak.exe
O4 – HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O17 – HKLM\System\CCS\Services\Tcpip\..\{EF699B63–D03B–43CD–802F–D08982AD61E5}: NameServer = 85.255.115.82,85.255.112.121
O17 – HKLM\System\CS1\Services\Tcpip\..\{3BD1BB06–58A3–4D49–86A2–F9CD354A8534}: NameServer = 85.255.115.82 85.255.112.121
O18 – Protocol: dialux – {8352FA4C–39C6–11D3–ADBA–00A0244FB1A2} – C:\Program Files\DIALux\DLXToolBox.dll
O20 – Winlogon Notify: avpe32 – avpe32.dll (file missing)
O20 – Winlogon Notify: Extensions – C:\WINDOWS\system32\uhdmxfrm.dll (file missing)
O20 – Winlogon Notify: pmnol – C:\WINDOWS\System32\pmnol.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\Kioq\command.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Srv32 – Unknown owner – C:\WINDOWS\system32\srv32.exe (file missing)
O23 – Service: WinMedia – Unknown owner – C:\WINDOWS\msmedia32.exe (file missing)
A moźe jednak najpierw się odrobaczyć wypada? Objaw jest dla działania wirusa klasyczny.
Pobiez Hijackthis.com i spróbuj go uruchomić.
Jeśli się uda podaj z niego log, ściągnij teź Silent Runners.
Jeśli się uda podaj z niego log, ściągnij teź Silent Runners.
Strona 1 / 1