Pomóźcie!!
Przyplątał mi się wirus Trojan.StartPage i nie wiem jak go wywalić :( Ściągnęłam Hijackthis, zeskanowałam, ale nic nie pomogło :/
Powiedzcie co z tego wywalić?? :
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\sysvcs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\szczepionki.exe
C:\Documents and Settings\Administrator\Moje dokumenty\Unzipped\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/space.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/space.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: (no name) – {97A968C8–9CF1–464D–A579–9E49024381EF} – C:\WINDOWS\System32\cekp.dll
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 – HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123354302020
O17 – HKLM\System\CCS\Services\Tcpip\..\{F5D1F1CE–6106–47F2–B647–D24CAC8BC29A}: NameServer = 194.204.152.34 217.98.63.164
O18 – Filter: text/html – {4B4AA70E–8AF4–41D6–9CCB–659451741381} – C:\WINDOWS\System32\cekp.dll
O18 – Filter: text/plain – {4B4AA70E–8AF4–41D6–9CCB–659451741381} – C:\WINDOWS\System32\cekp.dll
O21 – SSODL: DCA00DFD – {439E5B81–3025–2CC2–1900–78F34A402558} – C:\WINDOWS\System32\Qmqiji32.dll (file missing)
O21 – SSODL: ovrZTzwiS – {DCA003FE–760A–A954–001F–425CB7E604D1} – C:\WINDOWS\System32\jsmk.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Powiedzcie co z tego wywalić?? :
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\sysvcs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\szczepionki.exe
C:\Documents and Settings\Administrator\Moje dokumenty\Unzipped\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/space.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/space.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: (no name) – {97A968C8–9CF1–464D–A579–9E49024381EF} – C:\WINDOWS\System32\cekp.dll
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 – HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123354302020
O17 – HKLM\System\CCS\Services\Tcpip\..\{F5D1F1CE–6106–47F2–B647–D24CAC8BC29A}: NameServer = 194.204.152.34 217.98.63.164
O18 – Filter: text/html – {4B4AA70E–8AF4–41D6–9CCB–659451741381} – C:\WINDOWS\System32\cekp.dll
O18 – Filter: text/plain – {4B4AA70E–8AF4–41D6–9CCB–659451741381} – C:\WINDOWS\System32\cekp.dll
O21 – SSODL: DCA00DFD – {439E5B81–3025–2CC2–1900–78F34A402558} – C:\WINDOWS\System32\Qmqiji32.dll (file missing)
O21 – SSODL: ovrZTzwiS – {DCA003FE–760A–A954–001F–425CB7E604D1} – C:\WINDOWS\System32\jsmk.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Odpowiedzi: 13
dobra spox wiem juź na czym to polega :) wyzbyłam się juź tego wirusa. Wielkie dzięki za pomoc :*
Po tym jak właczyłam ten program, komputer mi się zrestartował i potem pokazało mi czy zamknąć czy rozpocząć proces i jak nacisnęłam źe rozpocząć to mi znowu zrestartowało komputer, więc nie wiem co z tym zrobić
Ponowie pytanie Bobiego: uzylas tego –> http://forum.centrumxp.pl/viewtopic.php?t=33138 ?mychaa:
Dalej nie moge zmienić srtony startowej :(
heh... a moźe nie jest dobrze... Dalej nie moge zmienić srtony startowej :(
dzieki, zobaczymy co z tego wyjdzie bo chwilowo log po przeskanowaniu jest dobry :) w razie co się odezwę jeszcze :]
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll,DllInstall
O21 – SSODL: ovrZTzwiS – {DCA003FE–760A–A954–001F–425CB7E604D1} – C:\WINDOWS\System32\jsmk.dll
Znowu syfy do wywałki
i ciągle mam problemy z tą głupią stroną startową i jeszcze ciągle mi wyskakują ostrzeźenia
Tak... wszystko zrobione :/
Obecny log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Moje dokumenty\Unzipped\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 – HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 – HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123354302020
O17 – HKLM\System\CCS\Services\Tcpip\..\{F5D1F1CE–6106–47F2–B647–D24CAC8BC29A}: NameServer = 194.204.152.34 217.98.63.164
O21 – SSODL: ovrZTzwiS – {DCA003FE–760A–A954–001F–425CB7E604D1} – C:\WINDOWS\System32\jsmk.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Obecny log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Moje dokumenty\Unzipped\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 – HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 – HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123354302020
O17 – HKLM\System\CCS\Services\Tcpip\..\{F5D1F1CE–6106–47F2–B647–D24CAC8BC29A}: NameServer = 194.204.152.34 217.98.63.164
O21 – SSODL: ovrZTzwiS – {DCA003FE–760A–A954–001F–425CB7E604D1} – C:\WINDOWS\System32\jsmk.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Uźyłaś tego automatycznego fixa usuwającego se.dll?
Oprózniłaś katalog Temp?
Jeśli to wszystko było zrobione i nie dało efekatu podaj nowe logi z Hijacka I Silenta.
Oprózniłaś katalog Temp?
Jeśli to wszystko było zrobione i nie dało efekatu podaj nowe logi z Hijacka I Silenta.
Uźyłaś tego automatycznego fixa usuwającego se.dll?
Oprózniłaś katalog Temp?
Jeśli to wszystko było zrobione i nie dało efekatu podaj nowe logi z Hijacka I Silenta.
Oprózniłaś katalog Temp?
Jeśli to wszystko było zrobione i nie dało efekatu podaj nowe logi z Hijacka I Silenta.
wywaliłam to wszystko, ale jak znowu zeskanowałam to spowrotem to jest :(
To wszystko równieź do usunięcia:
Skocz w rejestrze do klucza HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon z prawej wybierz wartość Shell i za dane wpisz jej: Explorer.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 – BHO: (no name) – {97A968C8–9CF1–464D–A579–9E49024381EF} – C:\WINDOWS\System32\cekp.dll
O18 – Filter: text/html – {4B4AA70E–8AF4–41D6–9CCB–659451741381} – C:\WINDOWS\System32\cekp.dll
O18 – Filter: text/plain – {4B4AA70E–8AF4–41D6–9CCB–659451741381} – C:\WINDOWS\System32\cekp.dll
O21 – SSODL: ovrZTzwiS – {DCA003FE–760A–A954–001F–425CB7E604D1} – C:\WINDOWS\System32\jsmk.dll
F2 – REG:system.ini: Shell=explorer.exe
Skocz w rejestrze do klucza HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon z prawej wybierz wartość Shell i za dane wpisz jej: Explorer.exe
a przyklejonego FAQ'a czytałaś?. Jest o zmianie startowej strony.
usuwasz:
usuwasz:
C:\WINDOWS\System32\sysvcs.exe
D:\szczepionki.exe –– znasz to??
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/space.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/space.htm
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O21 – SSODL: DCA00DFD – {439E5B81–3025–2CC2–1900–78F34A402558} – C:\WINDOWS\System32\Qmqiji32.dll (file missing)
Strona 1 / 1