services.exe
services.exe
toto mi beží v procesoch .. a je toho neúrekom .. asi do 30 toho tam mám .. Viete čo to znamená ??
-
hrban
Addict
- Príspevky: 4950
- Registrovaný: 14 júl 2005, 7:44
- Bydlisko: Almere
- Kontaktovať používateľa:
Re: services.exe
pár procesov z toho je windowsových ale asi 30 je moc (google praví, že je to jeden z najčastejších vírusov)
hoď sem log z HJT
http://www.filehippo.com/download_hijackthis/
buď to sem skopíruj celé čo ti vyhodí alebo daj do prílohy txt súbor
hoď sem log z HJT
http://www.filehippo.com/download_hijackthis/
buď to sem skopíruj celé čo ti vyhodí alebo daj do prílohy txt súbor
Re: services.exe
tuna to máš ...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:01:32, on 15.10.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\supequ.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\services.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\4862E393.exe
C:\WINDOWS\75932AE1.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15161&l=dis
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
R3 - URLSearchHook: (no name) - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pitazes] C:\WINDOWS\system32\supequ.exe
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\ondrej uhliairk\wuaucldt.exe
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\Ondrej Uhliairk\wffyt.exe \u
O4 - Startup: 0niozpa.exe
O4 - Startup: 1cyytkk.exe
O4 - Startup: 2lgg6ss.exe
O4 - Startup: 3bbx3dj.exe
O4 - Startup: 65sy69a.exe
O4 - Startup: 81mns3o.exe
O4 - Startup: 9a1wssn.exe
O4 - Startup: c3eezqql.exe
O4 - Startup: dyy6kk6ww.exe
O4 - Startup: g81iozpa2.exe
O4 - Startup: k6mns3o1.exe
O4 - Startup: lccxoe0aavm.exe
O4 - Startup: m1ieezqq.exe
O4 - Startup: nyjzfqbhc.exe
O4 - Startup: rnddzpplbb.exe
O4 - Startup: rsiozpa2bcd.exe
O4 - Startup: vl7h2nduz.exe
O4 - Startup: w9c1yuupgg.exe
O4 - Startup: wriiduup.exe
O4 - Startup: yy8fgrmn.exe
O4 - Startup: zu1qmmhyy9.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (og7t28axxirieg2) - Unknown owner - C:\WINDOWS\system32\bihyc.exe
--
End of file - 7525 bytes
-
hrban
Addict
- Príspevky: 4950
- Registrovaný: 14 júl 2005, 7:44
- Bydlisko: Almere
- Kontaktovať používateľa:
Re: services.exe
//autoeditácia príspevku (15 Okt 2010, 16:39)Ondro777 napísal:Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:01:32, on 15.10.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe toto je zdravý proces
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\supequ.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\services.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\4862E393.exe
C:\WINDOWS\75932AE1.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15161&l=dis
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
R3 - URLSearchHook: (no name) - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pitazes] C:\WINDOWS\system32\supequ.exe
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\ondrej uhliairk\wuaucldt.exe
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\Ondrej Uhliairk\wffyt.exe \u
O4 - Startup: 0niozpa.exe
O4 - Startup: 1cyytkk.exe
O4 - Startup: 2lgg6ss.exe
O4 - Startup: 3bbx3dj.exe
O4 - Startup: 65sy69a.exe
O4 - Startup: 81mns3o.exe
O4 - Startup: 9a1wssn.exe
O4 - Startup: c3eezqql.exe
O4 - Startup: dyy6kk6ww.exe
O4 - Startup: g81iozpa2.exe
O4 - Startup: k6mns3o1.exe
O4 - Startup: lccxoe0aavm.exe
O4 - Startup: m1ieezqq.exe
O4 - Startup: nyjzfqbhc.exe
O4 - Startup: rnddzpplbb.exe
O4 - Startup: rsiozpa2bcd.exe
O4 - Startup: vl7h2nduz.exe
O4 - Startup: w9c1yuupgg.exe
O4 - Startup: wriiduup.exe
O4 - Startup: yy8fgrmn.exe
O4 - Startup: zu1qmmhyy9.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (og7t28axxirieg2) - Unknown owner - C:\WINDOWS\system32\bihyc.exe
--
End of file - 7525 bytes
takto to čo je
červené je 100% vírus to tam nemá čo hľadať
žlté neviem posúdiť, ale ak vieš čo je to (ak si to inštaloval ty tak je to OK)
modré nemá vplyv na chod ale môžeš vymazať,možno urýchli systém o nejaké 0,1%
*****---->teraz postup ako to zmažeš čítaj pozorne<----*****
stlač ctrl+alt+delete
daj správca procesov
spusti HJT stači dať len scen netreba aj log (druhá možnosť z menu)
odklikaj všetky červené veci
daj fix checked
vyskočí pop-up okno bude sa ťa pýtať na yes/no nič nerob vydrž
vypni všetky procesy iexplorer, explorer, firefox, opera, chrome .... (všetky prehlaidače a explorer)
daj yes na to pop up
ak vyskočí ešte jedno skontroluj či neostal nejaký proces explorer a daj znova yes
v správcovi procesov daj novú ulohu a spusti explorer
vymaž tie súbory z adresára windows (iba tie červené) poprípade aj z iných miest kde sú (documents and settings)
reštart PC a hoď sem nový log tam by už malo byť všetko v poriadku