jak se zbavit services.exe

[guesto009]

log právě v pořádku není, neboť ty co jsi napsal před tím, tak to smazalo, ale tyhle jsou nové

[Reklama]

[sakiri]

No trošku netradiční vypnutí obnovy systému.

Stáhni si Deckard's System Scanner.
- Zavři všechna spuštěná okna a spusť program, potvrď licenční podmínky a postupuj podle pokynů. Začne scanování.
- Až program skončí tak by program měl vytvořit 2 logy proto se ti 2krát otevře notepad. Jeden log bude mít název main.txt a druhý extra.txt. Tak sem zkopíruj pouze ten main.txt

Smázni taky celý obsah Tempu:
C:\DOCUME~1\ADMIN~1.MAC\LOCALS~1\Temp

Jinak jen tak dej Start - Spustit a do volného řádku napiš services.msc a stiskni enter.
Pokud se to normálně otevře tak okno zavře.
Pokud ti to zahlásí chybovou hlášku tak napiš jakou.

Jde o to aby jsme zjistily jestli náhodou nefungujou *.msc soubory.

[Baron Prášil]

C:\Documents and Settings\admin.MACEK\Data aplikací\install.dat
ještě toto smaž
exe.corrupted by měl bejt poškozenej soubor.

co ten problém.
zkus ty restarty zastavit
1. Pravym tlacitkem na Tento pocitac a Vlastnosti.
2. Zalozka Upresnit.
3. V casti Spusteni a zotaveni systemu tlacitko Nastaveni.
4. Zrus zaskrtnuti u polozky Automaticky restartovat

[guesto009]

services.msc mi jde normálně spustit, ta Obnova byla pokus, kterej se nezdařil, pořád mi totiž nejde nijak vypnout

Deckard's System Scanner v20070729.57
Run by admin on 2007-07-30 at 20:08:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-07-30 18:08:51 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-07-30 17:00:56 UTC - RP1 - Kontrolní bod systému


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:47, on 30.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\admin.MACEK\Plocha\Markéta\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\ADMIN~1.MAC\Plocha\MARKTA~2\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AED2A194-2854-4D9B-9680-F3FA244A1532}: NameServer = 10.78.1.1
O22 - SharedTaskScheduler: OpenGL additional - {8A5849C4-93F3-429D-FF34-660A2068897C} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6781 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\ADMIN~1.MAC\Plocha\MARKTA~2\backups\) -

backup-20070723-211328-393 O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\ADMIN~1.MAC\LOCALS~1\Temp\svchost.exe
backup-20070723-211328-621 O20 - Winlogon Notify: winlcs32 - winlcs32.dll (file missing)
backup-20070723-211328-841 O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
backup-20070723-214319-670 O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\ADMIN~1.MAC\LOCALS~1\Temp\svchost.exe
backup-20070723-214319-708 O20 - Winlogon Notify: winlcs32 - winlcs32.dll (file missing)
backup-20070723-214319-928 O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
backup-20070723-221009-220 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20070723-221009-395 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

-- File Associations -----------------------------------------------------------

.txt - txtfile - shell\open\command - Notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S2 ntio256 (Input and output operations) - c:\windows\system32\ntio256.sys (file missing)
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 MsaSvc (Microsoft authenticate service) - c:\windows\system32\msasvc.exe (file missing)
S4 OneStep Search Service - "c:\program files\onestepsearch\onestep.exe" "c:\program files\onestepsearch\onestep.dll" service (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-07-30 18:23:00 570 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Prověřit tento počítač - admin.job
2007-07-02 13:28:55 386 --a------ C:\WINDOWS\Tasks\rpc.job


-- Files created between 2007-06-30 and 2007-07-30 -----------------------------

2020-12-27 19:50:36 545 --a------ C:\WINDOWS\UC.PIF
2020-12-27 19:50:36 545 --a------ C:\WINDOWS\RAR.PIF
2020-12-27 19:50:36 545 --a------ C:\WINDOWS\PKZIP.PIF
2020-12-27 19:50:36 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2020-12-27 19:50:36 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2020-12-27 19:50:36 545 --a------ C:\WINDOWS\LHA.PIF
2020-12-27 19:50:36 545 --a------ C:\WINDOWS\ARJ.PIF
2020-12-27 19:50:35 0 d-------- C:\totalcmd
2020-12-27 18:32:13 0 d---s---- C:\WINDOWS\Tasks
2007-07-29 13:47:43 0 d-------- C:\Program Files\SymNetDrv
2007-07-29 13:28:49 0 d-------- C:\Program Files\Norton AntiVirus
2007-07-29 13:28:15 0 d-------- C:\Program Files\Symantec
2007-07-28 22:05:39 0 d-a------ C:\WINDOWS\zts2.exe
2007-07-28 22:05:39 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-07-28 22:05:39 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-07-28 22:05:39 0 d-a------ C:\WINDOWS\rundll16.exe
2007-07-28 22:05:39 0 d-a------ C:\WINDOWS\rundl132.dll
2007-07-28 22:05:39 0 d-a------ C:\WINDOWS\logo1_.exe
2007-07-24 00:05:11 0 d-------- C:\Program Files\uTorrent
2007-07-23 22:56:51 0 d-------- C:\Program Files\RegCleaner
2007-07-23 22:49:50 0 d-------- C:\Program Files\CCleaner
2007-07-23 12:39:24 0 d-------- C:\Program Files\QIP
2007-07-23 12:06:21 0 d-------- C:\Temp
2007-07-17 22:04:48 0 d-------- C:\Program Files\MOBILedit!
2007-07-08 14:07:45 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-05 23:37:29 0 d-------- C:\WINDOWS\system32\appmgmt
2007-07-05 23:37:29 0 d-------- C:\WINDOWS\msapps
2007-07-05 23:37:27 0 d-------- C:\WINDOWS\java
2007-07-02 13:40:54 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2007-07-01 17:25:43 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>


-- Find3M Report ---------------------------------------------------------------

2007-07-30 18:59:03 0 d-------- C:\Program Files\Common Files
2007-07-30 18:52:10 0 d-------- C:\Documents and Settings\admin.MACEK\Data aplikací\uTorrent
2007-07-30 11:29:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-29 21:05:06 0 d-------- C:\Documents and Settings\admin.MACEK\Data aplikací\Google
2007-07-29 19:05:57 0 d-------- C:\Documents and Settings\admin.MACEK\Data aplikací\Macromedia
2007-07-29 18:11:22 0 d-------- C:\Documents and Settings\admin.MACEK\Data aplikací\Symantec
2007-07-18 20:32:04 0 d-------- C:\Documents and Settings\admin.MACEK\Data aplikací\Image Zone Express
2007-06-30 15:34:14 281 --a------ C:\WINDOWS\EReg072.dat
2007-06-26 13:48:56 312970 --a------ C:\WINDOWS\system32\perfh005.dat
2007-06-26 13:48:56 47206 --a------ C:\WINDOWS\system32\perfc005.dat
2007-06-04 14:11:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-04 14:10:42 0 d-------- C:\Documents and Settings\admin.MACEK\Data aplikací\Mozilla
2007-05-11 18:25:27 22976 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 11:50]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [15.12.2005 12:18]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [25.04.2007 20:01]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22.02.2007 10:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [29.07.2007 13:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [02.03.2006 14:00]
"QIP2005"="C:\Program Files\QIP\qip.exe" [15.07.2007 12:43]

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

*Newly Created Service* - SYSMONLOG



-- End of Deckard's System Scanner: finished at 2007-07-30 at 20:11:31 ---------

[sakiri]

Dobře k tomu proč ti nejde spustiti gpedit.msc jsem něco našel na netu zkus použít toto

[guesto009]

takhle to taky nepůjde, neboť já mám Windows XP Home Edition a tamto je na Professional a bohužel jsem udělala tu blbost, že jsem to nedočetla do konce a změnila to podle toho, ale naštěstí se vlastně nic nestalo, vše funguje pořád tak jak to fungovalo před tím než jsem to odsouhlasila, jenom se změněným Pathem

[guesto009]

to Baron Prášil : install.dat smazán, restarty zastaveny (proč jsem měla zastavit restarty?); tím problémem myslíš ten services.exe? jestli ano, tak ten se mi tu od sobotní půlnoci neobjevil a jestli myslíš to Obnovení, tak to pořád nevím, jak vypnout

[Baron Prášil]

takže hlavní problém byl odstraněn.asi zůstal trochu nakopnutej systém.

k tomu logu z combofixu

použij avenger
http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35

Files to delete:
C:\WINDOWS\system32\emptyregdb.dat
C:\WINDOWS\msapps

[guesto009]

ani nevím, že jsem dělala něco v Combofixu, jinak to první bylo úspěšně vymazáno a to druhé
Error: C:\WINDOWS\msapps is a folder, not a file!
Deletion of file C:\WINDOWS\msapps failed!

[Baron Prášil]

tak že znova avenger

skript

Folders to delete:
C:\WINDOWS\msapps

[guesto009]

úsměšně vymazáno

[guesto009]

mám si udělat pro jistotu novej test v MWAV?