Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    KernelS64

    IP: *.neoplus.adsl.tpnet.pl 24.12.05, 14:24
    Witam. Jak usunąć Kenrnel64.Exe, wiem, że jest to wirus. Dziekuje.
    Obserwuj wątek
      • Gość: k Re: KernelS64 IP: *.warszawa.sdi.tpnet.pl 24.12.05, 14:36
        Wklej log z hijackthis na forum (hijackthis znajdziesz na google).
        • Gość: Ania Re: KernelS64 IP: *.neoplus.adsl.tpnet.pl 25.12.05, 14:43
          Logfile of HijackThis v1.99.1
          Scan saved at 14:44:22, on 05-12-25
          Platform: Windows 98 SE (Win9x 4.10.2222A)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\WINDOWS\SYSTEM\MSTASK.EXE
          C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
          C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
          C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
          C:\WINDOWS\SYSTEM\KERNELS64.EXE
          C:\WINDOWS\EXPLORER.EXE
          C:\WINDOWS\EXPLORER.EXE
          C:\WINDOWS\TASKMON.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
          C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
          C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
          C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
          C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
          C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
          C:\WINDOWS\SYSTEM\WMIEXE.EXE
          C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
          C:\PROGRAM FILES\WANADOO\COMCOMP.EXE
          C:\WINDOWS\SYSTEM\TAPISRV.EXE
          C:\PROGRAM FILES\WANADOO\WATCH.EXE
          C:\WINDOWS\SYSTEM\RNAAPP.EXE
          C:\WINDOWS\SYSTEM\DDHELP.EXE
          C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
          C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
          C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.google.pl/
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
          Plus wita Cie w Internecie
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          C:\WINDOWS\SYSTEM\MSDXM.OCX
          O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
          O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
          O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
          powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
          C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
          O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\NORTON~2\DEFALERT.EXE
          O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~2
          \NAVAPW32.EXE /LOADQUIET
          O4 - HKLM\..\Run: [autoclk] autoclk.exe
          O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
          O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
          O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
          O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels64.exe
          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
          powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
          O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -
          service
          O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton
          SystemWorks\Norton CleanSweep\CSINJECT.EXE
          O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program
          Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
          O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels64.exe
          O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels64.exe
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
          O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft
          Office\Office\FINDFAST.EXE
          O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft
          Office\Office\OSA.EXE
          O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
          O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
          C:\WINDOWS\web\related.htm
          O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
          00aa003c157a} - C:\WINDOWS\web\related.htm
          O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
          AutoUpdate) - creative.com/su/ocx/15015/CTSUEng.cab
          O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate
          Support Package) - creative.com/su/ocx/15016/CTPID.cab

          • Gość: k Re: KernelS64 IP: *.warszawa.sdi.tpnet.pl 25.12.05, 16:04
            alt+ctrl+del i zakoncz:
            C:\WINDOWS\SYSTEM\KERNELS64.EXE
            Plik usun.

            W hijackthis usun:
            O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels64.exe
            O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels64.exe
            O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels64.exe

            Usun z Start->Programy->Autostart:
            Microsoft Find Fast
            • Gość: Ania Re: KernelS64 IP: *.neoplus.adsl.tpnet.pl 25.12.05, 17:21
              Logfile of HijackThis v1.99.1
              Scan saved at 17:22:40, on 05-12-25
              Platform: Windows 98 SE (Win9x 4.10.2222A)
              MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

              Running processes:
              C:\WINDOWS\SYSTEM\KERNEL32.DLL
              C:\WINDOWS\SYSTEM\MSGSRV32.EXE
              C:\WINDOWS\SYSTEM\MPREXE.EXE
              C:\WINDOWS\SYSTEM\mmtask.tsk
              C:\WINDOWS\SYSTEM\MSTASK.EXE
              C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
              C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
              C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
              C:\WINDOWS\EXPLORER.EXE
              C:\WINDOWS\TASKMON.EXE
              C:\WINDOWS\SYSTEM\SYSTRAY.EXE
              C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
              C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
              C:\PROGRAM FILES\GADU-GADU\GG.EXE
              C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
              C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
              C:\WINDOWS\SYSTEM\WMIEXE.EXE
              C:\WINDOWS\NOTEPAD.EXE
              C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.google.pl/
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
              Plus wita Cie w Internecie
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
              C:\WINDOWS\SYSTEM\MSDXM.OCX
              O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
              O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
              O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
              O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
              powrprof.dll,LoadCurrentPwrScheme
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
              C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\NORTON~2\DEFALERT.EXE
              O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~2
              \NAVAPW32.EXE /LOADQUIET
              O4 - HKLM\..\Run: [autoclk] autoclk.exe
              O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
              O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
              O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
              O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
              powrprof.dll,LoadCurrentPwrScheme
              O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
              O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -
              service
              O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton
              SystemWorks\Norton CleanSweep\CSINJECT.EXE
              O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program
              Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
              O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels64.exe
              O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels64.exe
              O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
              O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft
              Office\Office\OSA.EXE
              O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
              O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
              C:\WINDOWS\web\related.htm
              O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
              00aa003c157a} - C:\WINDOWS\web\related.htm
              O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
              AutoUpdate) - creative.com/su/ocx/15015/CTSUEng.cab
              O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate
              Support Package) - creative.com/su/ocx/15016/CTPID.cab



              jeszcze cos?
              • Gość: k Re: KernelS64 IP: *.warszawa.sdi.tpnet.pl 25.12.05, 18:00
                Tak, zamiast wklejac nowy log to lepiej usun to co podalem w hijackthis
                (Zaznaczasz wpisy i fix checked).
                • Gość: Ania Re: KernelS64 IP: *.neoplus.adsl.tpnet.pl 25.12.05, 19:29
                  Dziekuje bardzo. Usunelam. Szczesliwego Nowego Roku.
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin