mousecm.exe
 

već par dana mi je taj proces u task manageru i ne mogu ga kilnuti :confused:
jel ima tko ideju kako se toga riješiti?

http://castlecops.com/o23list-795.html
Izgleda da imaš nekog crva.

da..ali s čim ga maknut? :confused: čim je bitdefender 'otišao' :D eto što se desi..jebo avast :grrr: :rambo:

Posalji HijackThisov log.

Imas ovdje opisano:
http://forum.pcekspert.com/showthrea...&threadid=9637

Evo:
Logfile of HijackThis v1.99.1
Scan saved at 7:08:35, on 29.6.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Applications\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
D:\Applications\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
D:\Applications\Diskeeper\DkService.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Applications\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vip.hr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] D:\Applications\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{49D9C73C-8AA4-4A7D-9DF1-65C042A9C88A}: NameServer = 213.191.128.8 213.191.128.9
O20 - Winlogon Notify: WB - D:\APPLIC~1\WINDOW~2\fastload.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Applications\Avast\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Applications\Diskeeper\DkService.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe

već sam bila skenirala sa ht, ali sam imala neku stariju verziju koja mi nije ni registrirala taj mousecm (a ja se naravno nisam sjetila pogledat na netu jel izašla nova :rolleyes: )

Starije verzije nisu prikazivale servise a taj crv ti se tako starta.

Sredi
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Applications\Avast\aswUpdSv.exe (file missing)
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe

Ima nesto na Sophosu o tome:
http://www.sophos.co.uk/virusinfo/an...32sdbotzq.html

Na stranici im pod "advanced" pise sto sve crv promjeni u registriju tako da si to mozes ispraviti

ta dva sam već probala srediti, ali ne ide..svaki put kad ponovno skeniram opet su tu :confused:

da u registriju samo promijenim to 'n' u 'y' i 00000001 u 00000000 ?

Tako je.

Ako neide preko HT-a onda ga rucno:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOUSECM
HKLM\SYSTEM\CurrentControlSet\Services\mousecm

Izbrisi oba kljuca.

Za Avast bi trebao biti:
HKLM\SYSTEM\CurrentControlSet\Services\aswUpdSv

S tim da ti to i nije toliko bitno jer cim nema filea on ti vise ne predstavlja opasnost. Ovo je samo ciscenje ostataka.

ovaj pod 'services' sam obrisala, ali ovaj pod root ne ide..kaže cannot delete: error while deleting key :eek: i još je na tri mjesta-current control set, control set 001 i 002..i ne da se nigdje obrisati.. :rambo:

ups..dupli post.. :rolleyes:
----------
evo, uspjela sam ga ubit u task manageru :D valjda se ne bude opet vratio
još samo ovo u registriju..

Pogledaj da li ti dozvoljava brisanje nakon restarta kompa.

i dalje ne mogu :mad:
ali proces više nije u task manageru :D

safe mode maybe?

brise i neizbrisivo :)

*čini mi se* da sam još prije bila probala u safe modu..al probat ću opet ;)

hmm..al ovo neće :mad:

Ostavi, ne smeta.