mousecm.exe

fairy · 29.06.2005., 00:46

već par dana mi je taj proces u task manageru i ne mogu ga kilnuti :confused:
jel ima tko ideju kako se toga riješiti?

Veki-os · 29.06.2005., 01:09

http://castlecops.com/o23list-795.html
Izgleda da imaš nekog crva.

fairy · 29.06.2005., 01:57

da..ali s čim ga maknut? :confused: čim je bitdefender 'otišao'

eto što se desi..jebo avast

Costa · 29.06.2005., 06:09

Posalji HijackThisov log.

Imas ovdje opisano:
http://forum.pcekspert.com/showthrea...&threadid=9637

fairy · 29.06.2005., 07:17

Evo:
Logfile of HijackThis v1.99.1
Scan saved at 7:08:35, on 29.6.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Applications\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
D:\Applications\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
D:\Applications\Diskeeper\DkService.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Applications\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vip.hr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] D:\Applications\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{49D9C73C-8AA4-4A7D-9DF1-65C042A9C88A}: NameServer = 213.191.128.8 213.191.128.9
O20 - Winlogon Notify: WB - D:\APPLIC~1\WINDOW~2\fastload.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Applications\Avast\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Applications\Diskeeper\DkService.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe

već sam bila skenirala sa ht, ali sam imala neku stariju verziju koja mi nije ni registrirala taj mousecm (a ja se naravno nisam sjetila pogledat na netu jel izašla nova

)

Costa · 29.06.2005., 07:47

Starije verzije nisu prikazivale servise a taj crv ti se tako starta.

Sredi
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Applications\Avast\aswUpdSv.exe (file missing)
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe

Ima nesto na Sophosu o tome:
http://www.sophos.co.uk/virusinfo/an...32sdbotzq.html

Na stranici im pod "advanced" pise sto sve crv promjeni u registriju tako da si to mozes ispraviti

fairy · 29.06.2005., 11:48

ta dva sam već probala srediti, ali ne ide..svaki put kad ponovno skeniram opet su tu :confused:

da u registriju samo promijenim to 'n' u 'y' i 00000001 u 00000000 ?

Costa · 29.06.2005., 12:06

Tako je.

Ako neide preko HT-a onda ga rucno:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOUSECM
HKLM\SYSTEM\CurrentControlSet\Services\mousecm

Izbrisi oba kljuca.

Za Avast bi trebao biti:
HKLM\SYSTEM\CurrentControlSet\Services\aswUpdSv

S tim da ti to i nije toliko bitno jer cim nema filea on ti vise ne predstavlja opasnost. Ovo je samo ciscenje ostataka.

fairy · 29.06.2005., 12:23

ovaj pod 'services' sam obrisala, ali ovaj pod root ne ide..kaže cannot delete: error while deleting key

i još je na tri mjesta-current control set, control set 001 i 002..i ne da se nigdje obrisati..

fairy · 29.06.2005., 12:27

ups..dupli post..

----------
evo, uspjela sam ga ubit u task manageru

valjda se ne bude opet vratio
još samo ovo u registriju..

Costa · 29.06.2005., 14:45

Pogledaj da li ti dozvoljava brisanje nakon restarta kompa.

fairy · 29.06.2005., 22:01

Citiraj:

Originally posted by Costa
Pogledaj da li ti dozvoljava brisanje nakon restarta kompa.

i dalje ne mogu :mad:
ali proces više nije u task manageru

Codiac · 29.06.2005., 22:24

safe mode maybe?

brise i neizbrisivo

fairy · 29.06.2005., 22:42

Citiraj:

Originally posted by Codiac-
safe mode maybe?

brise i neizbrisivo

*čini mi se* da sam još prije bila probala u safe modu..al probat ću opet

fairy · 01.07.2005., 01:52

Citiraj:

Originally posted by Codiac-
safe mode maybe?

brise i neizbrisivo

hmm..al ovo neće :mad:

Costa · 01.07.2005., 09:02

Ostavi, ne smeta.

29.06.2005., 00:46	#1
fairy daysleeper Moj komp Datum registracije: Apr 2004 Lokacija: zaprešić Postovi: 405	mousecm.exe već par dana mi je taj proces u task manageru i ne mogu ga kilnuti :confused: jel ima tko ideju kako se toga riješiti? __________________

29.06.2005., 01:57	#3
fairy daysleeper Moj komp Datum registracije: Apr 2004 Lokacija: zaprešić Postovi: 405	da..ali s čim ga maknut? :confused: čim je bitdefender 'otišao' eto što se desi..jebo avast __________________

29.06.2005., 07:17	#5
fairy daysleeper Moj komp Datum registracije: Apr 2004 Lokacija: zaprešić Postovi: 405	Evo: Logfile of HijackThis v1.99.1 Scan saved at 7:08:35, on 29.6.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Applications\WindowBlinds\wbload.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\D-Tools\daemon.exe D:\Applications\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\GetRight\GETRIGHT.EXE C:\Program Files\GetRight\GETRIGHT.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\cisvc.exe D:\Applications\Diskeeper\DkService.exe C:\WINDOWS\System32\gearsec.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Applications\Hijack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vip.hr/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [iTunesHelper] D:\Applications\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{49D9C73C-8AA4-4A7D-9DF1-65C042A9C88A}: NameServer = 213.191.128.8 213.191.128.9 O20 - Winlogon Notify: WB - D:\APPLIC~1\WINDOW~2\fastload.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Applications\Avast\aswUpdSv.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Applications\Diskeeper\DkService.exe O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe već sam bila skenirala sa ht, ali sam imala neku stariju verziju koja mi nije ni registrirala taj mousecm (a ja se naravno nisam sjetila pogledat na netu jel izašla nova ) __________________

29.06.2005., 11:48	#7
fairy daysleeper Moj komp Datum registracije: Apr 2004 Lokacija: zaprešić Postovi: 405	ta dva sam već probala srediti, ali ne ide..svaki put kad ponovno skeniram opet su tu :confused: da u registriju samo promijenim to 'n' u 'y' i 00000001 u 00000000 ? __________________

29.06.2005., 12:23	#9
fairy daysleeper Moj komp Datum registracije: Apr 2004 Lokacija: zaprešić Postovi: 405	ovaj pod 'services' sam obrisala, ali ovaj pod root ne ide..kaže cannot delete: error while deleting key i još je na tri mjesta-current control set, control set 001 i 002..i ne da se nigdje obrisati.. __________________

29.06.2005., 01:09	#2
Veki-os Premium Moj komp Datum registracije: Jun 2004 Lokacija: Osijek Postovi: 3,996	http://castlecops.com/o23list-795.html Izgleda da imaš nekog crva.

29.06.2005., 06:09	#4
Costa Moderator Datum registracije: Aug 2003 Lokacija: Zagreb Postovi: 3,193	Posalji HijackThisov log. Imas ovdje opisano: http://forum.pcekspert.com/showthrea...&threadid=9637

29.06.2005., 07:47	#6
Costa Moderator Datum registracije: Aug 2003 Lokacija: Zagreb Postovi: 3,193	Starije verzije nisu prikazivale servise a taj crv ti se tako starta. Sredi O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Applications\Avast\aswUpdSv.exe (file missing) O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe Ima nesto na Sophosu o tome: http://www.sophos.co.uk/virusinfo/an...32sdbotzq.html Na stranici im pod "advanced" pise sto sve crv promjeni u registriju tako da si to mozes ispraviti

29.06.2005., 12:06	#8
Costa Moderator Datum registracije: Aug 2003 Lokacija: Zagreb Postovi: 3,193	Tako je. Ako neide preko HT-a onda ga rucno: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOUSECM HKLM\SYSTEM\CurrentControlSet\Services\mousecm Izbrisi oba kljuca. Za Avast bi trebao biti: HKLM\SYSTEM\CurrentControlSet\Services\aswUpdSv S tim da ti to i nije toliko bitno jer cim nema filea on ti vise ne predstavlja opasnost. Ovo je samo ciscenje ostataka.

29.06.2005., 12:27	#10
fairy daysleeper Moj komp Datum registracije: Apr 2004 Lokacija: zaprešić Postovi: 405	ups..dupli post.. ---------- evo, uspjela sam ga ubit u task manageru valjda se ne bude opet vratio još samo ovo u registriju.. __________________ Zadnje izmijenjeno od: fairy. 29.06.2005. u 13:06.

29.06.2005., 14:45	#11
Costa Moderator Datum registracije: Aug 2003 Lokacija: Zagreb Postovi: 3,193	Pogledaj da li ti dozvoljava brisanje nakon restarta kompa.

29.06.2005., 22:24	#13
Codiac bycod Datum registracije: May 2004 Lokacija: Zagreb / Dubrava Postovi: 6,699	safe mode maybe? brise i neizbrisivo __________________ .i. Razer Blade 15

01.07.2005., 09:02	#16
Costa Moderator Datum registracije: Aug 2003 Lokacija: Zagreb Postovi: 3,193	Ostavi, ne smeta.

Oglasni prostor
PC Ekspert Forum Oglas