|
| |||||||
| Registruotis | Svetainės spy | Narių sąrašas | Donate | Ieškoti | Šiandien Žinutės | Pažymėti forumus kaip skaitytus | Forumo taisyklės |
 |
 |
| | Temos įrankiai |
|
#1
Rugsėjis 21, 2008, 12:02
| |||
| |||
| IEXPLORER.EXE virusas pls peržiūra Hijack log Logfile Trend Micro HijackThis v2.0.2 Skaitymo išsaugotas 12:01:37, on 9/21/2008 Platforma: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Veikia procesus: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ csrss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ ibmpmsvc.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ "Intel \ Wireless \ Bin \ S24EvMon.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Centenn.ial \ audit \ CAgent32.exe C: \ Centenn.ial \ audit \ xferwan.exe C: \ Program Files \ Cisco VPN Client \ cvpnd.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe C: \ WINDOWS \ system32 \ TPHDEXLG.exe C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe C: \ _integra \ bin \ ccmagent.exe C: \ Program Files \ Lenovo \ system update \ suservice.exe C: \ WINDOWS \ system32 \ alg.exe C: \ WINDOWS \ system32 \ calc.exe C: \ WINDOWS \ system32 \ calc.exe C: \ _integra \ bin \ shstart.exe C: \ WINDOWS \ explorer.exe C: \ WINDOWS \ system32 \ tp4mon.exe C: \ WINDOWS \ system32 \ igfxtray.exe C: \ WINDOWS \ system32 \ hkcmd.exe C: \ WINDOWS \ system32 \ igfxpers.exe C: \ WINDOWS \ system32 \ NWTRAY.EXE C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe C: \ WINDOWS \ system32 \ igfxsrvc.exe C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp.Exe C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe C: \ WINDOWS \ system32 \ TpShocks.exe C: \ Program Files \ Lenovo \ HotKey \ TPONSCR.exe C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe C: \ Program Files \ Lenovo \ Zoom \ TpScrex.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ Yahoo! \ Messenger \ ymsgr_tray.exe C: \ WINDOWS \ system32 \ kite taskmgr.exe C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE C: \ WINDOWS \ system32 \ wuauclt.exe C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe F2 - REG: System.ini: UserInit = C: \ Windows \ system32 \ userinit.exe, C: \ _inte gra \ bin \ shstart.exe O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll O4 - HKLM \ .. \ Run: [TrackPointSrv] tp4mon.exe O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe O4 - HKLM \ .. \ Run: [Patvarumas] C: \ WINDOWS \ system32 \ igfxpers.exe O4 - HKLM \ .. \ Run: [NWTRAY] NWTRAY.EXE O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe" O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe O4 - HKLM \ .. \ Run: [TPHOTKEY] C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / R O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe O4 - HKLM \ .. \ Run: [EZEJMNAP] C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp.Exe O4 - HKLM \ .. \ Run: [LPManager] C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe O4 - HKLM \ .. \ Run: [TpShocks] TpShocks.exe O4 - HKLM \ .. \ Run: [proxy TVT Scheduler] C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-tyliai O4 - HKUS \ S-1-5-19 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'Default user') O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000 O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra button: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61.144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61.144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro "ActiveX" Scan Konsultantas 6,6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (B8E7B489-2160-4DE7-B592-9FD03D16CC74): Domain = keane.com O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe O23 - Service: Application Management Service (AppMgSvc) - Unknown owner - C: \ Program.exe (file missing) O23 - Service: BHCP tarnybos (BHsrv) - Unknown owner - C: \ Program.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe O23 - Service: CentennialClientAgent - Centennial Software Limited - C: \ Centenn.ial \ audit \ CAgent32.exe O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C: \ Centenn.ial \ audit \ xferwan.exe O23 - Service: Client Update Service "ir" Novell (cusrvc) - Novell, Inc - C: \ WINDOWS \ system32 \ cusrvc.exe O23 - Service: Cisco Systems, Inc VPN paslauga (CVPND) - Cisco Systems, Inc - C: \ Program Files \ Cisco VPN Client \ cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C: \ WINDOWS \ system32 \ ibmpmsvc.exe O23 - Service: LIVEUPDATE - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C: \ Program Files \ Lenovo \ system update \ suservice.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C: \ WINDOWS \ system32 \ TPHDEXLG.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe O23 - Service: Symantec LiveState Agent for Windows (WControl) - Symantec Corporation - C: \ _integra \ bin \ ccmagent.exe -- End of file - 8.621 baitų |
|
#2
Rugsėjis 21, 2008, 15:30
| |||
| |||
| IEXPLORER.EXE virusas pls peržiūra Hijack log Atsisiųsti Malwarebytes 'Anti-Malware (MBAM)
Papildomos pastabos: Jei MBAM susitikimai failą, kurį sunku pašalinti, jums bus pateikiamas kartu su 1, 2 ekrane, spustelėkite Gerai, kad nors ir tegul MBAM elgtis su dezinfekavimo procesą, jei paprašys perkrauti kompiuterį, prašome tai padaryti nedelsiant.
__________________  |
|
#3
Rugsėjis 21, 2008, 18:18
| |||
| |||
| IEXPLORER.EXE virusas pls peržiūra Hijack log Nr kenkėjiškų rasti, čia pranešimas -------------------------------------------------- ---- Windows 5.1.2600 Service Pack 2 9/21/2008 6:16:07 mbam-log-2008-09-21 (18-16-07). Txt Scan Type: Quick Scan Objektai nuskaitomi: 52.621 Praėjęs laikas: 4 minutės (-ai), 41 second (s) Atminties procesai Infected: 0 Atminties moduliai Infected: 0 Registro raktus Infected: 0 Vertybių registrą Infected: 0 Registro duomenų elementų Infected: 0 Katalogai Infected: 0 Failai Infected: 0 Atminties procesai Infected: (Nr. kenksminga daiktų aptikti) Atminties moduliai Infected: (Nr. kenksminga daiktų aptikti) Registro raktus Infected: (Nr. kenksminga daiktų aptikti) Vertybių registrą Infected: (Nr. kenksminga daiktų aptikti) Registro duomenų elementų Infected: (Nr. kenksminga daiktų aptikti) Katalogai Infected: (Nr. kenksminga daiktų aptikti) Failai Infected: (Nr. kenksminga daiktų aptikti) |
|
#4
Rugsėjis 21, 2008, 18:40
| |||
| |||
| IEXPLORER.EXE virusas pls peržiūra Hijack log Nėra jokių kenkėjiškų programų, nurodydami, turite prisijungti. Kas tiksliai vyksta?
__________________ |
|
#5
Rugsėjis 21, 2008, 19:23
| |||
| |||
| IEXPLORER.EXE virusas pls peržiūra Hijack log Keli IEXPLORER.EXE proceso spwaning procesą, sąrašą. Jie nedelsiant Iššokantis jei aš juos nužudys po vieną. Kartais man taip pat išgirsti apie kaip vienas iš tų rodyti visus naršyklės langus, bet nėra matomas garsų. Yra tikrai neteisinga jie neturėjo egzistuoti. |
|
#6
Rugsėjis 21, 2008, 19:26
| |||
| |||
| IEXPLORER.EXE virusas pls peržiūra Hijack log Parsisiųsti ComboFix iki einantys iš vienos iš žemiau nuorodų. Būtinai įrašykite jį į viršų Desktop. Link # 1 Link # 2 ** Pastaba: Svarbu, kad ji yra saugomi tiesiai darbalaukyje Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt) prieš pradedant ComboFix. Laikinai daryti nepajėgų tavo AntivirusIr bet Antispyware realaus laiko apsauga prieš atlikti nuskaitymo. Spauskite šį saitą matyti saugumo programų sąrašą, kuris turėtų būti išjungtas ir kaip juos išjungti. Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas. Baigę ComboFix gamins žurnalas Jums. Skelbti ComboFix Prisijungti ir nauja HijackThis Jūsų kitą atsakymą. Svarbu: Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti ją gardas. Atminkite, kad vėl įjungti antivirusinės ir apsaugos nuo šnipinėjimo programų, kai ComboFix baigtas.
__________________ |
|
#7
Rugsėjis 21, 2008, 19:42
| |||
| |||
| IEXPLORER.EXE virusas pls peržiūra Hijack log ComboFix Prisijungti ----------------------- ComboFix 08-09-20.05 - 012466 2008-09-21 19:31:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.473 [GMT -7:00] Veikia nuo: C: \ Keanetools \ ComboFix.exe * Sukurtas naujas atkūrimo taškas ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!! . ((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Documents and Settings \ LocalService \ Cookies \ system@ad.yieldmanag er [1]. Txt C: \ WINDOWS \ system32 \ x64 . ((((((((((((((((((((((((((((((((((((((( Drivers / Paslaugos )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_BHSRV ------- \ Service_BHsrv ((((((((((((((((((((((((( Failus, sukurtus nuo 2008/08/22 iki 2008/09/22 ))))))))))) )))))))))))))))))))) . 2008-09-21 18:09. 2008-09-21 18:10 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware 2008-09-21 18:09. 2008-09-21 18:09 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-09-21 18:09. 2008-09-21 18:09 <DIR> d -------- C: \ Documents and Settings \012.466 \ Application Data \ Malwarebytes 2008-09-21 18:09. 2008-09-10 00:04 38.528 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-09-21 18:09. 2008-09-10 00:03 17.200 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-09-21 11:07. 2008-09-21 11:07 <DIR> d -------- C: \ Program Files \ Lavasoft 2008-09-21 11:07. 2008-09-21 11:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft 2008-09-21 11:06. 2008-09-21 11:06 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008-09-20 23:40. 2008-09-20 23:40 <DIR> d -------- C: \ Program Files \ Trend Micro 2008-09-19 09:03. 2008-09-19 09:08 <DIR> d -------- C: \ WINDOWS \ SxsCaPendDel 2008-09-19 00:49. 2008-09-19 00:52 <DIR> d -------- C: \ Documents and Settings \012.466 \. Housecall6.6 2008-09-19 00:27. 2008-09-19 09:04 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2008-09-18 20:25. 2002-02-04 06:22 1.230.336 - ------ C: \ WINDOWS \ system32 \ Msxml4.dll 2008-09-18 20:25. 2007-09-14 05:01 922.920 --------- C: \ WINDOWS \ system32 \ ahlprun.exe 2008-09-18 20:25. 2002-02-04 06:13 82.432 - ------ C: \ WINDOWS \ system32 \ Msxml4r.dll 2008-09-18 20:25. 2002-02-04 06:13 44.544 - ------ C: \ WINDOWS \ system32 \ msxml4a.dll 2008-09-18 20:25. 2002-02-07 18:43 9.679 - ------ C: \ WINDOWS \ system32 \ msxml4r.cat 2008-09-18 20:25. 2002-02-07 18:43 9.675 - ------ C: \ WINDOWS \ system32 \ msxml4.cat 2008-09-18 20:25. 2002-02-06 20:31 3.489 - ------ C: \ WINDOWS \ system32 \ msxml4.Manifest 2008-09-18 20:25. 2002-02-06 20:31 500 - ------ C: \ WINDOWS \ system32 \ msxml4r.Manifest 2008-09-18 20:21. 2008-09-18 20:21 <DIR> d -------- C: \ Program Files \ Common Files \ Lenovo 2008-09-18 18:27. 2008-09-21 11:54 21.272 - ------ C: \ WINDOWS \ system32 \ bynpea.key 2008-09-18 18:25. 2008-09-18 18:25 1 - ------ C: \ WINDOWS \ system32 \004fdb9.imi 2008-09-15 14:23. 2008-09-15 14:23 332.800 --- SS ---- C: \ WINDOWS \ system32 \ _Bhsrv.msi 2008-09-15 12:15. 2008-09-18 15:57 69.942 - ------ C: \ WINDOWS \ system32 \ rrjack.key 2008-09-15 12:15. 2008-09-15 12:15 1 - ------ C: \ WINDOWS \ system32 \0048444.imi 2008-09-13 19:27. 2008-09-13 19:27 24 - ------ C: \ WINDOWS \ cdplayer.ini 2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Real 2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Common Files \ Xing bendrai 2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Common Files \ Real . (((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-09-22 02:33 --------- d ----- w C: \ Program Files \ Symantec AntiVirus 2008-09-22 02:33 --------- d ----- w C: \ Program Files \ Cisco VPN Client 2008-09-21 18:56 16 - P - R: C: \ MSCIOTL.SYS 2008-09-21 18:55 8.416 ---- AW C: \ WINDOWS \ system32 \ drivers \ CDProbe.SYS 2008-09-20 19:26 430.816 - SH - w C: \ Program Files \ _MsInfo.msi 2008-09-19 03:25 --------- D - h - w C: \ Program Files \ InstallShield įrengimas Informacija 2008-09-19 03:25 --------- d ----- w C: \ Program Files \ ThinkVantage 2008-09-19 03:21 --------- d ----- w C: \ Program Files \ Lenovo . ((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360] "Yahoo! Gaviklis" = "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe" [2007-08-30 4670704] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "IgfxTray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2007-08-15 141848] "HotKeysCmds" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2007-08-15 162328] "Patvarumas" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2007-08-15 137752] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe" [2006-03-24 53408] "vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-06-14 124656] "TPHOTKEY" = "C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe" [2007-03-09 66176] "UpdateManager" = "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" [2003-08-18 110592] "dla" = "C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe" [2005-05-19 127037] "EZEJMNAP" = "C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp. Exe [2007-04-26 243248] "LPManager" = "C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe" [2007-03-22 120368] "TVT Scheduler proxy" = "C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe" [2008-03-04 487424] "TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-09-13 185896] "TrackPointSrv" = "tp4mon.exe" [2004-08-03 C: \ WINDOWS \ system32 \ tp4mon.exe] "NWTRAY" = "NWTRAY.EXE" [2002/03/12 C: \ WINDOWS \ system32 \ nwtray.exe] "TpShocks" = "TpShocks.exe" [2007/03/29 C: \ WINDOWS \ system32 \ TpShocks.exe] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Communicator" = "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" [2005-05-12 4167376] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Policies \ System] "CompatibleRUPSecurity" = 1 (0x1) [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ dab rentversion \ Policies \ Explorer] "StartMenuLogOff" = 1 (0x1) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ tpfnf2] 2006-09-06 13:37 34344 C: \ Program Files \ Lenovo \ HotKey \ notifyf2.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ tphotkey] 2006-12-14 08:06 28672 C: \ Program Files \ Lenovo \ HotKey \ tphklock.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ Lsa] Autentifikavimas Paketai REG_MULTI_SZ msv1_0 nwv1_0 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ System32 \ \ sessmgr.exe" = "C: \ Program Files \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" = "C: \ Program Files \ Yahoo! \ \ Messenger \ \ YServer.exe" = R0 Shockprf; Shockprf, C: \ WINDOWS \ system32 \ drivers \ Apsx 86.sys [2007-03-02 100656] R0 TPDIGIMN; TPDIGIMN, C: \ WINDOWS \ system32 \ drivers \ ApsH M86.sys [2007-03-02 19760] R2 smefs; SMEFileSystem, C: \ WINDOWS \ system32 \ drivers \ SM efs.sys [2006-02-08 20508] R3 CdProbe; CdProbe, C: \ WINDOWS \ system32 \ drivers \ cdprob e.sys [2008-09-21 8416] R3 smedrv; SMEDriver, C: \ WINDOWS \ system32 \ drivers \ smedr v.sys [2006-02-08 9516] S2 AppMgSvc; Application Management Service, C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MsInfo.msi [2008-09-20 430816] S2 yraebbgi; yraebbgi, C: \ WINDOWS \ system32 \ drivers \ bynp ea.sys [] S2 yrtxzgwh; yrtxzgwh, C: \ WINDOWS \ system32 \ drivers \ rrja ck.sys [] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost] wrtxzg REG_MULTI_SZ wrtxzg nraebb REG_MULTI_SZ nraebb . . ------- Papildomos Scan ------- . R0 -: HKCU-Main, Start Page = hxxp: / / www.google.com/ O8 -: E & Eksportuoti į "Microsoft Excel - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000 . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net Rootkit scan 2008-09-21 19:35:12 Windows 5.1.2600 Service Pack 2 NTFS skenavimo paslėptus procesus ... skenavimo paslėptas autostart entries ... skenavimo paslėptus failus ... skenavimas baigtas sėkmingai paslėptus failus: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE \ SYSTEM \ controlset001 \ Services \ ppMgSvc] "ImagePath" = "C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MsInfo.msi" . --------------------- DLL Loaded Pagal aktyvūs procesai --------------------- Procesą: C: \ WINDOWS \ system32 \ winlogon.exe -> C: \ Program Files \ Lenovo \ HotKey \ tphklock.dll . ------------------------ Kitos aktyvūs procesai ----------------------- -- . C: \ WINDOWS \ system32 \ ibmpmsvc.exe C: \ Program Files \ "Intel \ Wireless \ Bin \ S24EvMon.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe C: \ _integra \ bin \ shstart.exe C: \ WINDOWS \ system32 \ igfxsrvc.exe C: \ Program Files \ Lenovo \ HotKey \ TPONSCR.exe C: \ Program Files \ Lenovo \ ZOOM \ TpScrex.exe C: \ Program Files \ Symantec AntiVirus \ DoScan.exe C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE C: \ CENTENN.IAL \ audit \ CAgent32.exe C: \ CENTENN.IAL \ audit \ xferwan.exe C: \ Program Files \ Cisco VPN Client \ cvpnd.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe C: \ Program Files \ Yahoo! \ Messenger \ Ymsgr_tray.exe C: \ WINDOWS \ system32 \ calc.exe C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe C: \ WINDOWS \ system32 \ TPHDEXLG.exe C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe C: \ _integra \ bin \ ccmagent.exe C: \ Program Files \ Lenovo \ System Update \ SUService.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ ComboFix \ pv.cfexe . ************************************************** ************************ . Atlikimo laikas: 2008-09-21 19:36:58 - mašina buvo paleistas ComboFix-karantine-files.txt 2008-09-22 02:36:54 Pre-Rida: 64333811712 bytes nemokamai Post-Rida: 64523264000 bytes nemokamai 175 HijackThis ----------------------------------- Logfile Trend Micro HijackThis v2.0.2 Skaitymo išsaugotas 7:38:41 dėl 9/21/2008 Platforma: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Veikia procesus: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ ibmpmsvc.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ "Intel \ Wireless \ Bin \ S24EvMon.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ _integra \ bin \ shstart.exe C: \ WINDOWS \ system32 \ tp4mon.exe C: \ WINDOWS \ system32 \ igfxtray.exe C: \ WINDOWS \ system32 \ hkcmd.exe C: \ WINDOWS \ system32 \ igfxpers.exe C: \ WINDOWS \ system32 \ NWTRAY.EXE C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe C: \ WINDOWS \ system32 \ igfxsrvc.exe C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp.Exe C: \ Program Files \ Lenovo \ HotKey \ TPONSCR.exe C: \ Program Files \ Lenovo \ Zoom \ TpScrex.exe C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe C: \ WINDOWS \ system32 \ TpShocks.exe C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE C: \ WINDOWS \ System32 \ svchost.exe C: \ Centenn.ial \ audit \ CAgent32.exe C: \ Centenn.ial \ audit \ xferwan.exe C: \ Program Files \ Cisco VPN Client \ cvpnd.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe C: \ Program Files \ Yahoo! \ Messenger \ ymsgr_tray.exe C: \ WINDOWS \ system32 \ calc.exe C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe C: \ WINDOWS \ system32 \ TPHDEXLG.exe C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe C: \ _integra \ bin \ ccmagent.exe C: \ Program Files \ Lenovo \ system update \ suservice.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ WINDOWS \ system32 \ wuauclt.exe C: \ WINDOWS \ system32 \ wuauclt.exe C: \ WINDOWS \ Explorer.exe C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll O4 - HKLM \ .. \ Run: [TrackPointSrv] tp4mon.exe O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe O4 - HKLM \ .. \ Run: [Patvarumas] C: \ WINDOWS \ system32 \ igfxpers.exe O4 - HKLM \ .. \ Run: [NWTRAY] NWTRAY.EXE O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe" O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe O4 - HKLM \ .. \ Run: [TPHOTKEY] C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / R O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe O4 - HKLM \ .. \ Run: [EZEJMNAP] C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp.Exe O4 - HKLM \ .. \ Run: [LPManager] C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe O4 - HKLM \ .. \ Run: [TpShocks] TpShocks.exe O4 - HKLM \ .. \ Run: [proxy TVT Scheduler] C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-tyliai O4 - HKUS \ S-1-5-19 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'Default user') O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000 O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra button: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61.144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61.144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro "ActiveX" Scan Konsultantas 6,6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (B8E7B489-2160-4DE7-B592-9FD03D16CC74): Domain = keane.com Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (D239A412-22C2-4683-95BC-1FFAA687D0DF): NameServer = 172.21.18.101,172.21.18.102 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe O23 - Service: Application Management Service (AppMgSvc) - Unknown owner - C: \ Program.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe O23 - Service: CentennialClientAgent - Centennial Software Limited - C: \ Centenn.ial \ audit \ CAgent32.exe O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C: \ Centenn.ial \ audit \ xferwan.exe O23 - Service: Client Update Service "ir" Novell (cusrvc) - Novell, Inc - C: \ WINDOWS \ system32 \ cusrvc.exe O23 - Service: Cisco Systems, Inc VPN paslauga (CVPND) - Cisco Systems, Inc - C: \ Program Files \ Cisco VPN Client \ cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C: \ WINDOWS \ system32 \ ibmpmsvc.exe O23 - Service: LIVEUPDATE - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C: \ Program Files \ Lenovo \ system update \ suservice.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C: \ WINDOWS \ system32 \ TPHDEXLG.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe O23 - Service: Symantec LiveState Agent for Windows (WControl) - Symantec Corporation - C: \ _integra \ bin \ ccmagent.exe -- End of file - 8.581 baitų |
|
#8
Rugsėjis 21, 2008, 21:24
| |||
| |||
| IEXPLORER.EXE virusas pls peržiūra Hijack log Pastaba Toliau instrukcijos buvo sukurtas specialiai šiam vartotojui. Jei nėra šio vartotojo NĖRA laikytis šių nurodymų, nes jie gali sugadinti jūsų sistemos veikimą Ištrinti šiuos failus / aplankus, taip: 1. Pereiti į Pradžia > Bėgti > Pagal tipą Notepad.exe ir paspauskite Gerai atidarykite "Notepad". Tai privalėti būti Notepad, WordPad nėra. 2. Kopijuoti tekstą žemiau kodą langelyje, pabrėžiant visą tekstą ir paspausdami Ctrl + C Kodas Killall: Driver: BHSRV BHsrv File: C: \ WINDOWS \ system32 \ bynpea.key C: \ WINDOWS \ system32 \ 004fdb9.imi C: \ WINDOWS \ system32 \ _Bhsrv.msi C: \ WINDOWS \ system32 \ rrjack. pagrindinis C: \ WINDOWS \ system32 \ 0048444.imi C: \ WINDOWS \ system32 \ drivers \ bynpea.sys C: \ WINDOWS \ system32 \ drivers \ rrjack.sys C: \ WINDOWS \ system32 \ calc.exe 4. Tada spustelėkite Failas > Saugoti 5. Bylos pavadinimas CFScript.txt - Išsaugokite šį failą savo darbalaukyje 6. Vilkite CFScript (paspauskite ir laikykite kairįjį pelės klavišą, vilkite failą) ir palikite jį (spaudai kairįjį pelės mygtuką) į ComboFix.exe kaip matote ekrano apačioje. Svarbu: Atlikti šį nurodymą atidžiai!  ComboFix bus pradėti vykdyti, tiesiog vykdykite ekrane pateikiamas instrukcijas. Po perkrovimo (jei ji prašo paleisti), tai duos žurnalas Jums. Rašyti, kad žurnalas (Combofix.txt) į jūsų kitą atsakymą. Pastaba Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti jūsų sistema įšaldyti
__________________ |
|
#9
Rugsėjis 21, 2008, 22:20
| |||
| |||
| IEXPLORER.EXE virusas pls peržiūra Hijack log ComboFix Prisijungti paleidus CFSCript -------------------------------------------------- -------- ComboFix 08-09-20.05 - 012466 2008-09-21 22:11:45.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.598 [GMT -7:00] Veikia nuo: C: \ Keanetools \ ComboFix.exe Command jungikliai naudojami: C: \ Documents and Settings \012.466 \ Desktop \ CFScript.txt * Sukurtas naujas atkūrimo taškas ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!! Failas: C: \ WINDOWS \ system32 \ _Bhsrv.msi C: \ WINDOWS \ system32 \0048444.imi C: \ WINDOWS \ system32 \004fdb9.imi C: \ WINDOWS \ system32 \ bynpea.key C: \ WINDOWS \ system32 \ calc.exe C: \ WINDOWS \ system32 \ drivers \ bynpea.sys C: \ WINDOWS \ system32 \ drivers \ rrjack.sys C: \ WINDOWS \ system32 \ rrjack.key . ((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ system32 \ _Bhsrv.msi C: \ WINDOWS \ system32 \0048444.imi C: \ WINDOWS \ system32 \004fdb9.imi C: \ WINDOWS \ system32 \ bynpea.key C: \ WINDOWS \ system32 \ calc.exe C: \ WINDOWS \ system32 \ rrjack.key . ((((((((((((((((((((((((( Failus, sukurtus nuo 2008/08/22 iki 2008/09/22 ))))))))))) )))))))))))))))))))) . 2008-09-21 18:09. 2008-09-21 18:10 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware 2008-09-21 18:09. 2008-09-21 18:09 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-09-21 18:09. 2008-09-21 18:09 <DIR> d -------- C: \ Documents and Settings \012.466 \ Application Data \ Malwarebytes 2008-09-21 18:09. 2008-09-10 00:04 38.528 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-09-21 18:09. 2008-09-10 00:03 17.200 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-09-21 11:07. 2008-09-21 11:07 <DIR> d -------- C: \ Program Files \ Lavasoft 2008-09-21 11:07. 2008-09-21 11:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft 2008-09-21 11:06. 2008-09-21 11:06 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008-09-20 23:40. 2008-09-20 23:40 <DIR> d -------- C: \ Program Files \ Trend Micro 2008-09-19 09:03. 2008-09-19 09:08 <DIR> d -------- C: \ WINDOWS \ SxsCaPendDel 2008-09-19 00:49. 2008-09-19 00:52 <DIR> d -------- C: \ Documents and Settings \012.466 \. Housecall6.6 2008-09-19 00:27. 2008-09-19 09:04 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2008-09-18 20:25. 2002-02-04 06:22 1.230.336 - ------ C: \ WINDOWS \ system32 \ Msxml4.dll 2008-09-18 20:25. 2007-09-14 05:01 922.920 --------- C: \ WINDOWS \ system32 \ ahlprun.exe 2008-09-18 20:25. 2002-02-04 06:13 82.432 - ------ C: \ WINDOWS \ system32 \ Msxml4r.dll 2008-09-18 20:25. 2002-02-04 06:13 44.544 - ------ C: \ WINDOWS \ system32 \ msxml4a.dll 2008-09-18 20:25. 2002-02-07 18:43 9.679 - ------ C: \ WINDOWS \ system32 \ msxml4r.cat 2008-09-18 20:25. 2002-02-07 18:43 9.675 - ------ C: \ WINDOWS \ system32 \ msxml4.cat 2008-09-18 20:25. 2002-02-06 20:31 3.489 - ------ C: \ WINDOWS \ system32 \ msxml4.Manifest 2008-09-18 20:25. 2002-02-06 20:31 500 - ------ C: \ WINDOWS \ system32 \ msxml4r.Manifest 2008-09-18 20:21. 2008-09-18 20:21 <DIR> d -------- C: \ Program Files \ Common Files \ Lenovo 2008-09-13 19:27. 2008-09-13 19:27 24 - ------ C: \ WINDOWS \ cdplayer.ini 2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Real 2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Common Files \ Xing bendrai 2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Common Files \ Real . (((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-09-22 05:14 8.416 ---- AW C: \ WINDOWS \ system32 \ drivers \ CDProbe.SYS 2008-09-22 05:14 16 - P - R: C: \ MSCIOTL.SYS 2008-09-22 05:14 --------- d ----- w C: \ Program Files \ Symantec AntiVirus 2008-09-22 03:07 --------- d ----- w C: \ Program Files \ Cisco VPN Client 2008-09-20 19:26 430.816 - SH - w C: \ Program Files \ _MsInfo.msi 2008-09-19 03:25 --------- D - h - w C: \ Program Files \ InstallShield įrengimas Informacija 2008-09-19 03:25 --------- d ----- w C: \ Program Files \ ThinkVantage 2008-09-19 03:21 --------- d ----- w C: \ Program Files \ Lenovo . ((((((((((((((((((((((((((((( Snapshot@2008-09-21_19.36.38.64 )))))))))) ))))))))))))))))))))))))))))))) . - 2008-09-21 18:59:45 71.370 ---- AW C: \ WINDOWS \ system32 \ perfc009.dat + 2008-09-22 02:39:43 71.370 ---- AW C: \ WINDOWS \ system32 \ perfc009.dat - 2008-09-21 18:59:45 439.832 ---- AW C: \ WINDOWS \ system32 \ perfh009.dat + 2008-09-22 02:39:43 439.832 ---- AW C: \ WINDOWS \ system32 \ perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360] "Yahoo! Gaviklis" = "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe" [2007-08-30 4670704] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "IgfxTray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2007-08-15 141848] "HotKeysCmds" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2007-08-15 162328] "Patvarumas" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2007-08-15 137752] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe" [2006-03-24 53408] "vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-06-14 124656] "TPHOTKEY" = "C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe" [2007-03-09 66176] "UpdateManager" = "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" [2003-08-18 110592] "dla" = "C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe" [2005-05-19 127037] "EZEJMNAP" = "C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp. Exe [2007-04-26 243248] "LPManager" = "C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe" [2007-03-22 120368] "TVT Scheduler proxy" = "C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe" [2008-03-04 487424] "TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-09-13 185896] "TrackPointSrv" = "tp4mon.exe" [2004-08-03 C: \ WINDOWS \ system32 \ tp4mon.exe] "NWTRAY" = "NWTRAY.EXE" [2002/03/12 C: \ WINDOWS \ system32 \ nwtray.exe] "TpShocks" = "TpShocks.exe" [2007/03/29 C: \ WINDOWS \ system32 \ TpShocks.exe] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Communicator" = "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" [2005-05-12 4167376] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Policies \ System] "CompatibleRUPSecurity" = 1 (0x1) [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ dab rentversion \ Policies \ Explorer] "StartMenuLogOff" = 1 (0x1) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ tpfnf2] 2006-09-06 13:37 34344 C: \ Program Files \ Lenovo \ HotKey \ notifyf2.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ tphotkey] 2006-12-14 08:06 28672 C: \ Program Files \ Lenovo \ HotKey \ tphklock.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ Lsa] Autentifikavimas Paketai REG_MULTI_SZ msv1_0 nwv1_0 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ System32 \ \ sessmgr.exe" = "C: \ Program Files \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" = "C: \ Program Files \ Yahoo! \ \ Messenger \ \ YServer.exe" = R0 Shockprf; Shockprf, C: \ WINDOWS \ system32 \ drivers \ Apsx 86.sys [2007-03-02 100656] R0 TPDIGIMN; TPDIGIMN, C: \ WINDOWS \ system32 \ drivers \ ApsH M86.sys [2007-03-02 19760] R2 smefs; SMEFileSystem, C: \ WINDOWS \ system32 \ drivers \ SM efs.sys [2006-02-08 20508] R3 CdProbe; CdProbe, C: \ WINDOWS \ system32 \ drivers \ cdprob e.sys [2008-09-21 8416] R3 smedrv; SMEDriver, C: \ WINDOWS \ system32 \ drivers \ smedr v.sys [2006-02-08 9516] S2 AppMgSvc; Application Management Service, C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MsInfo.msi [2008-09-20 430816] S2 yraebbgi; yraebbgi, C: \ WINDOWS \ system32 \ drivers \ bynp ea.sys [] S2 yrtxzgwh; yrtxzgwh, C: \ WINDOWS \ system32 \ drivers \ rrja ck.sys [] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost] wrtxzg REG_MULTI_SZ wrtxzg nraebb REG_MULTI_SZ nraebb . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net Rootkit scan 2008-09-21 22:16:04 Windows 5.1.2600 Service Pack 2 NTFS skenavimo paslėptus procesus ... skenavimo paslėptas autostart entries ... skenavimo paslėptus failus ... C: \ WINDOWS \ system32 \ calc.exe skenavimas baigtas sėkmingai hidden files: 1 ************************************************** ************************ [HKEY_LOCAL_MACHINE \ SYSTEM \ controlset001 \ Services \ ppMgSvc] "ImagePath" = "C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MsInfo.msi" . --------------------- DLL Loaded Pagal aktyvūs procesai --------------------- Procesą: C: \ WINDOWS \ system32 \ winlogon.exe -> C: \ Program Files \ Lenovo \ HotKey \ tphklock.dll . ------------------------ Kitos aktyvūs procesai ----------------------- -- . C: \ WINDOWS \ system32 \ ibmpmsvc.exe C: \ Program Files \ "Intel \ Wireless \ Bin \ S24EvMon.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE C: \ CENTENN.IAL \ audit \ CAgent32.exe C: \ CENTENN.IAL \ audit \ xferwan.exe C: \ Program Files \ Cisco VPN Client \ cvpnd.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe C: \ WINDOWS \ system32 \ TPHDEXLG.exe C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe C: \ _integra \ bin \ ccmagent.exe C: \ Program Files \ Lenovo \ System Update \ SUService.exe C: \ _integra \ bin \ shstart.exe C: \ WINDOWS \ system32 \ igfxsrvc.exe C: \ Program Files \ Lenovo \ HotKey \ TPONSCR.exe C: \ Program Files \ Lenovo \ ZOOM \ TpScrex.exe C: \ Program Files \ Symantec AntiVirus \ DoScan.exe C: \ Program Files \ Yahoo! \ Messenger \ Ymsgr_tray.exe C: \ ComboFix \ pv.cfexe . ************************************************** ************************ . Atlikimo laikas: 2008-09-21 22:17:28 - mašina buvo paleistas ComboFix-karantine-files.txt 2008-09-22 05:17:23 ComboFix2.txt 2008-09-22 02:36:59 Pre-Rida: 64509464576 bytes nemokamai Post-Rida: 64505421824 bytes nemokamai 181 |
|
#10
Rugsėjis 21, 2008, 22:26
| |||
| |||
| IEXPLORER.EXE virusas pls peržiūra Hijack log Atsisiųsti OTMoveIt2 iki Oldtimerir išsaugokite jį savo Desktop. Pastaba Jei dirbate su Vista, paspauskite dešiniuoju pelės klavišu ir pasirinkti OTMoveIt2.exe Vykdyti kaip administratorius. 1. Dukart spustelėkite OTMoveIt2.exe paleisti. 2. Kopijuoti ir codebox žemiau linijos. Kodas [nužudyti Explorer] "C: \ WINDOWS \ system32 \ calc.exe HKEY_LOCAL_MACHINE \ System \ controlset001 \ Services \ AppMgSvc EmptyTemp [Start Explorer] 4. Spauskite raudoną Moveit! mygtuką. 5. Kopijuoti viską Rezultatų langas (pagal žalia juosta) ir įklijuokite jį į kitą atsakymą. 6. Uždaryti OTMoveIt2 Pastaba: Jei failo arba aplanko negalima perkelti iš karto jums gali tekti iš naujo paleisti kompiuterį, kad būtų baigti pereiti procesą. Jei prašoma iš naujo paleisti kompiuterį, pasirinkite Taip. Jei ne, perkraukite anyway.
__________________ |
|
| |
| Bookmarks |
Panašios Temos | ||||
| Siūlas | Thread Starter | Forumas | Atsakymai | Last Post |
| Šalinama iexplore.exe virusas / svetimą Prisijungti | xalice15x | Virus, Spyware & Security | 16 | Lapkritis 12, 2008 19:43 |
| IEXPLORER.EXE virusas - Please help me! | Panda | Virus, Spyware & Security | 2 | 6 spalis 2008 14:55 |
| Gaunu bone.exe virusas mano naršyklė IExplorer | damandg | Virus, Spyware & Security | 12 | 14 liepa 2008 14:31 |
| IEXPLORER.EXE virusas | iuboy2006 | Virus, Spyware & Security | 9 | Kovas 26, 2008 08:12 |
| Avssytemcare iššokantį virusas ir pan - (įeina hijack this) | apsukrus | Virus, Spyware & Security | 23 | Rugsėjis 4, 2007 16:15 |
| Temos įrankiai | |
| |
