Witam skanuje programem Spybot[…] co jakies 3 dni i za każdym razem to samo. Jak skasuje wirusy zaraz wracają czy ktos mógłby mi pomóc ??
tu jest raport ze skanu:
Command Service: Ustawienia (Klucz rejestru, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService Command Service: Ustawienia (Klucz rejestru, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService CasaleMedia: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) DoubleClick: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) SexList: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Statcounter: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Statcounter: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Statcounter: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Tradedoubler: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Tradedoubler: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Tradedoubler: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Tradedoubler: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Tradedoubler: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Zedo: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) — Spybot - Search & Destroy version: 1.4 (build: 20050523) — 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2006-10-26 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2007-01-02 advcheck.dll (1.2.0.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2007-01-02 Tools.dll (2.0.1.0) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-01-12 Includes\Cookies.sbi (*) 2006-12-08 Includes\Dialer.sbi (*) 2007-01-12 Includes\DialerC.sbi (*) 2006-11-24 Includes\Hijackers.sbi (*) 2007-01-12 Includes\HijackersC.sbi (*) 2006-10-27 Includes\Keyloggers.sbi (*) 2007-01-12 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2007-01-12 Includes\Malware.sbi (*) 2007-01-12 Includes\MalwareC.sbi (*) 2006-10-20 Includes\PUPS.sbi (*) 2007-01-12 Includes\PUPSC.sbi (*) 2007-01-12 Includes\Revision.sbi (*) 2006-12-08 Includes\Security.sbi (*) 2007-01-12 Includes\SecurityC.sbi (*) 2006-10-13 Includes\Spybots.sbi (*) 2007-01-12 Includes\SpybotsC.sbi (*) 2005-02-17 Includes\Tracks.uti 2006-12-08 Includes\Trojans.sbi (*) 2007-01-12 Includes\TrojansC.sbi (*)
Do tego mam problem jeszcze w HijackThis
ponieważ nie moge wykasować 3 procesów (zaznaczone na zielono)
Logfile of HijackThis v1.99.1 Scan saved at 23:20:39, on 2007-01-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\l\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\RunOnce: [spybotSnD] “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe” /autocheck O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip…{F32ADEB0-58A7-4594-94BE-71CCBE5348A1}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\G DATA\AntiVirus 2007\AVK\AVKService.exe (file missing) O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Czy mógłby mi ktos doradzić jakiś skuteczny program antywirusowy który by był skuteczny na wszystkie rodzaje wirusów i działałby w czasie rzeczywistym. Tylko ja mam słaby PC wiec jakiś w miarę nie obciążający System…
Z góry THX za pomoc
adam9870
(adam9870)
12 Styczeń 2007 22:32
#2
Log pod kątem syfu masz ok więc nie rozumiem dlatego spybot wykrywa usługę cmdService.
Co do wpisów, które zaznaczyłeś. Otóż każdą usługę, którą widać w wpisie O23 i chcemy wyłączyć trzeba najpierw zatrzymać i wyłączyć W tym celu Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz usługi AVG Anti-Spyware Guard, AVK Service, Strażnik AVK. A wpisy usuń w hjt.
Możesz pokazać jeszcze log z SilentRunners .
O wyborze programu antyvirusowego poczytaj tutaj:
http://forum.dobreprogramy.pl/viewtopic.php?t=60116
a co z wirusami z Spybota ??
adam9870
(adam9870)
12 Styczeń 2007 22:36
#4
Przeskanuj skanerem on-line dostępnym tutaj -> http://www.ewido.net/en/
Ewentualnie zrób tak:
start => Uruchom => wpisz services.msc => sprawdź czy masz usługę Command Service, a jeśli tak to ją wyłącz.
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Po wykonaniu przeskanuj na nowo spybotem i pokaż nowe logi, o które prosiłem.
Gutek
(Gutek)
13 Styczeń 2007 01:33
#5
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ
Pozdrawiam Gutek2222
a wiec : HijackThis
log z Logfile of HijackThis v1.99.1 Scan saved at 12:38:48, on 2007-01-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\l\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O17 - HKLM\System\CCS\Services\Tcpip…{F32ADEB0-58A7-4594-94BE-71CCBE5348A1}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Skasowałem 2 procesy a ten trzeci (kolor pomarańczowy) ciągle się pojawia a w services.msc pisze żę wyłączony ;/
Mam pytanko odnoście 2 procesów (niebieskie) Do czego one potrzebne są PC ???
Log z SilentRunners :
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ “{7CE60175-069E-1045-1113-010724010030}” = ““C:\Program Files\Common Files{7CE60175-069E-1045-1113-010724010030}\Update.exe” mc-110-12-0000137” [file not found] HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play” -> {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play” \InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “NVDESK32.DLL” [file not found] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”| [file not found]| [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoRemoteRecursiveEvents” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\l\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp” Enabled Scheduled Tasks: ------------------------ “Advanced WindowsCare” -> launches: “C:\Program Files\IObit\Advanced WindowsCare V2\AutoCare.exe /care” [file not found] “AwcUpdate” -> launches: “C:\Program Files\IObit\Advanced WindowsCare V2\AutoUpdate.exe /schedule” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{1CE4EE89-2D5C-4361-AF3B-D902AB545381}” -> {HKLM…CLSID} = “Alcohol Soft - Alcohol 120% Toolbar” \InProcServer32(Default) = “C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll” [file not found] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}(Default) = “PrintView” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL” [file not found] HKLM\Software\Classes\CLSID{90FE6C53-F8B4-4631-B42A-02D63D1C949C}(Default) = “PrintView” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL” [file not found] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Intel® Active Monitor, imonNT, “C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe” [“Intel Corp.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] PCTEL Speaker Phone, Pctspk, “C:\WINDOWS\system32\pctspk.exe” [“PCtel, Inc.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 168 seconds. ---------- (total run time: 420 seconds)
i log z antywirusa ktorego mi podales:
adam9870
(adam9870)
13 Styczeń 2007 12:12
#7
Co do Twoich obaw:
start >>> uruchom >>> cmd >>> w konsoli wpisz:
sc stop AVKWCtl
sc delete AVKWCtl
poza tym usuń folder od programu.
Opcja dostępna po kliknięciu prawym klawiszem myszki w Internecie Explolerze.
Zajrzyj tutaj .
Otwórz Notatnik i wklej w nim to:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] “{7CE60175-069E-1045-1113-010724010030}”=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] “AppInit_DLLs”="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{1CE4EE89-2D5C-4361-AF3B-D902AB545381}”=- HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}] [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID{90FE6C53-F8B4-4631-B42A-02D63D1C949C}]
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym.
Po wykonaniu wklej nowe logi.
a co z spywarem ??
czyżby format mnie czekał ??
znowu to samo log z SpyBota:
vCommand Service: Ustawienia (Klucz rejestru, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService Command Service: Ustawienia (Klucz rejestru, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService Command Service: Ustawienia (Klucz rejestru, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService Avenue A, Inc.: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) CasaleMedia: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) DoubleClick: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) SexList: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Statcounter: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Statcounter: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Statcounter: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Tradedoubler: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Tradedoubler: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Tradedoubler: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Tradedoubler: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Tradedoubler: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) Zedo: Cookie wyszukujące (Firefox: default) (Cookie, nothing done) — Spybot - Search & Destroy version: 1.4 (build: 20050523) — 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2006-10-26 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2007-01-02 advcheck.dll (1.2.0.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2007-01-02 Tools.dll (2.0.1.0) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-01-12 Includes\Cookies.sbi (*) 2006-12-08 Includes\Dialer.sbi (*) 2007-01-12 Includes\DialerC.sbi (*) 2006-11-24 Includes\Hijackers.sbi (*) 2007-01-12 Includes\HijackersC.sbi (*) 2006-10-27 Includes\Keyloggers.sbi (*) 2007-01-12 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2007-01-12 Includes\Malware.sbi (*) 2007-01-12 Includes\MalwareC.sbi (*) 2006-10-20 Includes\PUPS.sbi (*) 2007-01-12 Includes\PUPSC.sbi (*) 2007-01-12 Includes\Revision.sbi (*) 2006-12-08 Includes\Security.sbi (*) 2007-01-12 Includes\SecurityC.sbi (*) 2006-10-13 Includes\Spybots.sbi (*) 2007-01-12 Includes\SpybotsC.sbi (*) 2005-02-17 Includes\Tracks.uti 2006-12-08 Includes\Trojans.sbi (*) 2007-01-12 Includes\TrojansC.sbi (*)
adam9870
(adam9870)
13 Styczeń 2007 12:48
#9
Czy zrobiłeś to, co wczoraj radziłem ??
adam9870:
1. start => Uruchom => wpisz services.msc => sprawdź czy masz usługę Command Service, a jeśli tak to ją wyłącz. 2. Otwórz Notatnik i wklej w nim to: Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Jeśli nie to wykonaj.
czy ta operacja miała być w trybie awaryjnym ??
Joan
(Joan Sunshine)
13 Styczeń 2007 12:54
#11
Nie, dodajesz do rejestru w normalnym
JNJN
(JNJN)
13 Styczeń 2007 13:23
#12
paluszekpl
Byłeś o coś proszony,następnej prośby nie będzie tylko kosz.JNJN
zrobilem o co mnie prosiłeś i jest to samo… Wirusy wróciły a command Service nadal się pojawia…
ok
Logfile of HijackThis v1.99.1 Scan saved at 17:51:48, on 2007-01-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\l\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O17 - HKLM\System\CCS\Services\Tcpip…{F32ADEB0-58A7-4594-94BE-71CCBE5348A1}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
i :
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ “{7CE60175-069E-1045-1113-010724010030}” = ““C:\Program Files\Common Files{7CE60175-069E-1045-1113-010724010030}\Update.exe” mc-110-12-0000137” [file not found] HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “AVG7_CC” = “C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play” -> {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play” \InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”] “{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension” -> {HKLM…CLSID} = “AVG7 Find Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”| [file not found]| [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoRemoteRecursiveEvents” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\l\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp” Enabled Scheduled Tasks: ------------------------ “Advanced WindowsCare” -> launches: “C:\Program Files\IObit\Advanced WindowsCare V2\AutoCare.exe /care” [file not found] “AwcUpdate” -> launches: “C:\Program Files\IObit\Advanced WindowsCare V2\AutoUpdate.exe /schedule” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{1CE4EE89-2D5C-4361-AF3B-D902AB545381}” -> {HKLM…CLSID} = “Alcohol Soft - Alcohol 120% Toolbar” \InProcServer32(Default) = “C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll” [file not found] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG E-mail Scanner, AVGEMS, “C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe” [“GRISOFT, s.r.o.”] AVG7 Alert Manager Server, Avg7Alrt, “C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe” [“GRISOFT, s.r.o.”] AVG7 Update Service, Avg7UpdSvc, “C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe” [“GRISOFT, s.r.o.”] Intel® Active Monitor, imonNT, “C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe” [“Intel Corp.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] PCTEL Speaker Phone, Pctspk, “C:\WINDOWS\system32\pctspk.exe” [“PCtel, Inc.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 58 seconds. ---------- (total run time: 176 seconds)
postanowiłem wyczyścić Foldery Firefoxa wszystkie i od nowa go postawić może pomoże…
adam9870
(adam9870)
13 Styczeń 2007 16:55
#16
Start => uruchom => wpisz regedit i kliknij OK => przejdź do klucza:
HKEY_CURRENT_UER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
i skasuj z prawokliku wartość {7CE60175-069E-1045-1113-010724010030}
przejdź do klucza:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
kliknij dwa razy na wartość BootExecute i w okienku które się otworzy skasuj wszystko poza autocheck autochk *
przejdź najpierw do:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
potem:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
a następnie:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
i skasuj cmdService
Uruchom ponownie komputer i pokaż nowe logi.
chodzi Ci o kasacje całego foldefu cmdService ??
adam9870
(adam9870)
13 Styczeń 2007 17:25
#18
Tak, chodzi o kasację całego folderu (klucza) o nazwie cmdService
pisze ze:
Błąd przy usuwaniu klucza
nie można usunąć cmdService: błąd przy usuwaniu klucza.
adam9870
(adam9870)
13 Styczeń 2007 19:11
#20
Spróbuj usunąć będąc w trybie awaryjnym. A jeśli także się nie uda to otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Skoro jest wykrywa usługa i nie możesz jej usunąć, to wcześniej ją zatrzymaj. W tym celu start >>> uruchom >>> cmd >>> w konsoli wpisz:
sc stop cmdService
sc delete cmdService
Ewentualnie spróbuj usunąć tym automatem:
http://downloads.subratam.org/Lon/ren-cmdservice.zip
Po wykonaniu przeskanuj jeszcze raz i pokaż nowe logi.