Iexplorer.exe virus pls recenzi únos log

nitingaur · #1 21. September 2008, 12:02

Logfile Trend Micro HijackThis v2.0.2
Scan uložené v 12:01:37 dňa 9.21.2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Zavádzacia mód: Normálny
Bežiace procesy:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Csrss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Centenn.ial \ Audit \ CAgent32.exe
C: \ Centenn.ial \ Audit \ xferwan.exe
C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
C: \ WINDOWS \ system32 \ TPHDEXLG.exe
C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ tvtsched.exe
c: \ _integra \ bin \ ccmagent.exe
C: \ Program Files \ Lenovo \ System Update \ suservice.exe
C: \ WINDOWS \ System32 \ alg.exe
C: \ WINDOWS \ system32 \ calc.exe
C: \ WINDOWS \ system32 \ calc.exe
c: \ _integra \ bin \ shstart.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ tp4mon.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ NWTRAY.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ Lenovo \ Hotkey \ TPOSDSVC.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ ThinkPad \ UTILITY ~ 1 \ EzEjMnAp.Exe
C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe
C: \ WINDOWS \ system32 \ TpShocks.exe
C: \ Program Files \ Lenovo \ Hotkey \ TPONSCR.exe
C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ scheduler_proxy.exe
C: \ Program Files \ Lenovo \ Zväčąi \ TpScrex.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ WINDOWS \ system32 \ Taskmgr.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ softvéru WBEM \ wmiprvse.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ softvéru WBEM \ wmiprvse.exe
F2 - REG: system.ini: UserInit = c: \ windows \ system32 \ userinit.exe, C: \ _inte gra \ bin \ shstart.exe
O2 - BHO: AcroIEHlprObj triedy - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O4 - HKLM \ .. \ Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Perzistencia] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [TPHOTKEY] C: \ Program Files \ Lenovo \ Hotkey \ TPOSDSVC.exe
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [EZEJMNAP] C: \ PROGRA ~ 1 \ ThinkPad \ UTILITY ~ 1 \ EzEjMnAp.Exe
O4 - HKLM \ .. \ Run: [LPManager] C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe
O4 - HKLM \ .. \ Run: [TpShocks] TpShocks.exe
O4 - HKLM \ .. \ Run: [TVT Plánovač Proxy] C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ scheduler_proxy.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKCU \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'miestnych')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'Network Service')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'systém')
O4 - HKUS \. DEFAULT \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'Predvolené užívateľ')
O8 - Extra kontextového menu položku: E & xportovať do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra tlačidlá: Výskum - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra tlačidlá: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O9 - Extra 'Tools' menuitem: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (B8E7B489-2160-4DE7-b592-9FD03D16CC74): Domain = keane.com
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
O23 - Service: Správa aplikácií Service (AppMgSvc) - Neznámy vlastník - C: \ Program.exe (súbor chýba)
O23 - Service: BHCP Service (BHsrv) - Neznámy vlastník - C: \ Program.exe (súbor chýba)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - C: \ Centenn.ial \ Audit \ CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C: \ Centenn.ial \ Audit \ xferwan.exe
O23 - Service: Klient Update Service pre Novell (cusrvc) - Novell, Inc - C: \ WINDOWS \ system32 \ cusrvc.exe
O23 - Service: Cisco Systems, Inc VPN Service (CVPND) - Cisco Systems, Inc - C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Intel (R) PROSet / Wireless udalostí (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C: \ WINDOWS \ system32 \ ibmpmsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec sieť Ovládače Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C: \ Program Files \ Lenovo \ System Update \ suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C: \ WINDOWS \ system32 \ TPHDEXLG.exe
O23 - Service: TVT Plánovač - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ tvtsched.exe
O23 - Service: Symantec LiveState splnomocnenec pre Windows (WControl) - Symantec Corporation - c: \ _integra \ bin \ ccmagent.exe
--
Koniec súboru - 8621 bytes

**evilfantasy** · #2 21. September 2008, 15:30

Stiahnuť Malwarebytes' Anti-Malware (MBAM)

Double-kliknite mbam-setup.exe a podľa pokynov na obrazovke nainštalujte program.
Na konci, uistite sa, že jeden začiarknutie je umiestnený vedľa takto:
- Update Malwarebytes' Anti-Malware
- Spustenie Malwarebytes' Anti-Malware
Potom kliknite na Dokončiť.
Ak je aktualizácia nájdené, bude stiahnuť a nainštalovať najnovšiu verziu.
Keď sa program nahraje, vyberte Vykonávať rýchle nájdenie, Potom kliknite na Scan.
Pri skenovaní je kompletná, kliknite na tlačidlo OK, Pak Zobraziť výsledky Pre zobrazenie výsledkov.
Byť istí, že všetko je kontrolované, a kliknite Odstrániť vybrané.
Pri dezinfekcii je dokončený, a prihlásiť sa otvorí v programe Poznámkový blok a môžete byť vyzvaní k reštartu. (Pozri Poznámka Extra)
Prihlásiť sa automaticky uloží do MBAM a je možné zobraziť kliknutím na záložku v logu MBAM.
Kopírovať a vložiť celú správu vo svojej budúcej odpoveď.

Extra Poznámka: Ak narazia na MBAM súbor, ktorý je ťažké odstrániť, bude predložená v 1 z 2 výzva, kliknite na tlačidlo OK a nechajte MBAM buď pokračovať s dezinfekčné proces, je-li vyzvaní k reštartu počítača, urobte tak ihneď.

nitingaur · #3 21. September 2008, 18:18

No nájsť malware, tu je správa
-------------------------------------------------- ----
Windows 5.1.2600 Service Pack 2
9/21/2008 6:16:07 PM
mbam-log-2008-09-21 (18-16-07). txt
Vyhľadávať typ: Quick Scan
Objekty skenovanej: 52621
Doba letu: 4 minút (y) 41 sekúnd (y)
Pamäťové procesy Infikovaná: 0
Infikované pamäťové moduly: 0
Infikované kľúče databázy Registry: 0
Infikované hodnoty databázy Registry: 0
Infikované položky dat registru: 0
Infikované zložky: 0
Infikované súbory: 0
Infikované pamäťové procesy:
(Žiadne položky zistený škodlivý)
Infikované pamäťové moduly:
(Žiadne položky zistený škodlivý)
Infikované kľúče databázy Registry:
(Žiadne položky zistený škodlivý)
Infikované hodnoty databázy Registry:
(Žiadne položky zistený škodlivý)
Infikované položky údajov databázy Registry:
(Žiadne položky zistený škodlivý)
Infikované zložky:
(Žiadne položky zistený škodlivý)
Infikované súbory:
(Žiadne položky zistený škodlivý)

**evilfantasy** · #4 21. September 2008, 18:40

Neexistuje žiadny malware vykazujú buď prihlásiť.

Čo sa deje?

nitingaur · #5 21. September 2008, 19:23

Viacnásobná Iexplorer.exe procesu sú spwaning v procese zoznamu. Sú okamžite pop až keď zabijete jedného po druhom. Niekedy si tiež vypočuť niektoré zvuky, ako jeden z tých, ktorí vedú každom okne prehliadača, ale nie je vidieť. Je určite zle, že sa nemá existovať.

**evilfantasy** · #6 21. September 2008, 19:26

Stiahnite ComboFix by subs z jedného z nižšie uvedených odkazov. Isteže top uložiť do Desktop.

Link # 1
Link # 2

** Poznámka: Je dôležité, že je uložený priamo na váš Desktop

Zavrieť všetky otvorené webové prehliadače. (Firefox, Internet Explorer, atď) pred začatím ComboFix.

Dočasne znemožniť tvoj antivirus, A akékoľvek Anti-Spyware Ochrana v reálnom čase pred vykonávajúci kontrolu. Kliknite tento odkaz zobraziť zoznam bezpečnostných programov, ktoré by mali byť zakázané, a ako je zakázať.

Dvojitým kliknutím combofix.exe & sledovať inštrukcie.
Po dokončení bude vyrábať ComboFix log pre vás.
Post ComboFix log a nový HijackThis log V ďalšej odpovedi.

Dôležité upozornenie: Don't mouseclick ComboFix okná, ak je v chode. To môže spôsobiť, že na stánku.

Nezabudnite re-umožní váš antivírus a antispyware ochrany pri ComboFix je kompletná.

nitingaur · #7 21. September 2008, 19:42

ComboFix Prihlásenie
-----------------------
ComboFix 08-09-20.05 - 012466 2008-09-21 19:31:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.473 [GMT -7:00]
Spustenie z: C: \ Keanetools \ ComboFix.exe
* Vznik nového bodu obnovenia
POZOR-Tento stroj nemá konzoly na obnovenie namontovanom!
.
((((((((((((((((((((((((((((((((((((((( Ostatné Vymazanie ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ LocalService \ Cookies \ system@ad.yieldmanag er [1]. Txt
C: \ WINDOWS \ system32 \ x64
.
((((((((((((((((((((((((((((((((((((((( Ovládače / Služby )))))))) )))))))))))))))))))))))))))))))))))))))))
.
------- \ Legacy_BHSRV
------- \ Service_BHsrv

((((((((((((((((((((((((( Súbory vytvorené od 2008-08-22 do 2008-09-22 ))))))))))) ))))))))))))))))))))
.
2008-09-21 18:09. 2008-09-21 18:10 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008-09-21 18:09. 2008-09-21 18:09 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Malwarebytes
2008-09-21 18:09. 2008-09-21 18:09 <DIR> d -------- C: \ Documents and Settings \012466 \ Data aplikací \ Malwarebytes
2008-09-21 18:09. 2008-09-10 00:04 38528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-21 18:09. 2008-09-10 00:03 17200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-21 11:07. 2008-09-21 11:07 <DIR> d -------- C: \ Program Files \ Lavasoft
2008-09-21 11:07. 2008-09-21 11:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Lavasoft
2008-09-21 11:06. 2008-09-21 11:06 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Sprievodca inštaláciou
2008-09-20 23:40. 2008-09-20 23:40 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-09-19 09:03. 2008-09-19 09:08 <DIR> d -------- C: \ WINDOWS \ SxsCaPendDel
2008-09-19 00:49. 2008-09-19 00:52 <DIR> d -------- C: \ Documents and Settings \012466 \. Housecall6.6
2008-09-19 00:27. 2008-09-19 09:04 <DIR> da ------ C: \ Documents and Settings \ All Users \ Data aplikací \ TEMP
2008-09-18 20:25. 2002-02-04 06:22 1230336 - a ------ C: \ WINDOWS \ system32 \ msxml4.dll
2008-09-18 20:25. 2007-09-14 05:01 922920 --------- C: \ WINDOWS \ system32 \ ahlprun.exe
2008-09-18 20:25. 2002-02-04 06:13 82432 - a ------ C: \ WINDOWS \ system32 \ Msxml4r.dll
2008-09-18 20:25. 2002-02-04 06:13 44544 - a ------ C: \ WINDOWS \ system32 \ msxml4a.dll
2008-09-18 20:25. 2002-02-07 18:43 9679 - a ------ C: \ WINDOWS \ system32 \ msxml4r.cat
2008-09-18 20:25. 2002-02-07 18:43 9675 - a ------ C: \ WINDOWS \ system32 \ msxml4.cat
2008-09-18 20:25. 2002-02-06 20:31 3489 - a ------ C: \ WINDOWS \ system32 \ msxml4.Manifest
2008-09-18 20:25. 2002-02-06 20:31 500 - a ------ C: \ WINDOWS \ system32 \ msxml4r.Manifest
2008-09-18 20:21. 2008-09-18 20:21 <DIR> d -------- C: \ Program Files \ Common Files \ Lenovo
2008-09-18 18:27. 2008-09-21 11:54 21272 - a ------ C: \ WINDOWS \ system32 \ bynpea.key
2008-09-18 18:25. 2008-09-18 18:25 1 - a ------ C: \ WINDOWS \ system32 \004fdb9.imi
2008-09-15 14:23. 2008-09-15 14:23 332.800 --- hs ---- C: \ WINDOWS \ system32 \ _Bhsrv.msi
2008-09-15 12:15. 2008-09-18 15:57 69942 - a ------ C: \ WINDOWS \ system32 \ rrjack.key
2008-09-15 12:15. 2008-09-15 12:15 1 - a ------ C: \ WINDOWS \ system32 \0048444.imi
2008-09-13 19:27. 2008-09-13 19:27 24 - a ------ C: \ WINDOWS \ cdplayer.ini
2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Real
2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Common Files \ Xing zdieľané
2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Common Files \ Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Správa )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 02:33 --------- d ----- w C: \ Program Files \ Symantec AntiVirus
2008-09-22 02:33 --------- d ----- w C: \ Program Files \ Cisco VPN klient
2008-09-21 18:56 16 - sh - r C: \ MSCIOTL.SYS
2008-09-21 18:55 8.416 ---- aw C: \ WINDOWS \ system32 \ drivers \ CDProbe.SYS
2008-09-20 19:26 430.816 - sh - w C: \ Program Files \ _MsInfo.msi
2008-09-19 03:25 --------- d - h - w C: \ Program Files \ InstallShield Informácie o inštalácii
2008-09-19 03:25 --------- d ----- w C: \ Program Files \ ThinkVantage
2008-09-19 03:21 --------- d ----- w C: \ Program Files \ Lenovo
.
((((((((((((((((((((((((((((((((((((( Reg Načítavam Body )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Poznámka * prázdné záznamy & dôveryhodne východiskové údaje nie sú zobrazené
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curr ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager" = "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2007-08-15 141848]
"HotKeysCmds" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2007-08-15 162328]
"Vytrvalosť" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2007-08-15 137752]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006-03-24 53408]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-06-14 124656]
"TPHOTKEY" = "C: \ Program Files \ Lenovo \ Hotkey \ TPOSDSVC.exe" [2007-03-09 66176]
"UpdateManager" = "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" [2003-08-18 110592]
"dla" = "C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe" [2005-05-19 127037]
"EZEJMNAP" = "C: \ PROGRA ~ 1 \ ThinkPad \ UTILITY ~ 1 \ EzEjMnAp. Exe" [2007-04-26 243248]
"LPManager" = "C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe" [2007-03-22 120368]
"TVT Plánovač Proxy" = "C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ scheduler_proxy.exe" [2008-03-04 487424]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-09-13 185896]
"TrackPointSrv" = "tp4mon.exe" [2004-08-03 C: \ WINDOWS \ system32 \ tp4mon.exe]
"NWTRAY" = "NWTRAY.EXE" [2002-03-12 C: \ WINDOWS \ system32 \ nwtray.exe]
"TpShocks" = "TpShocks.exe" [2007-03-29 C: \ WINDOWS \ system32 \ TpShocks.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Komunikátor" = "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" [2005-05-12 4167376]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"CompatibleRUPSecurity" = 1 (0x1)
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ teraz rentversion \ Policies \ Explorer]
"StartMenuLogoff" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ oznámiť \ tpfnf2]
2006-09-06 13:37 34344 C: \ Program Files \ Lenovo \ Hotkey \ notifyf2.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ oznámiť \ tphotkey]
2006-12-14 08:06 28672 C: \ Program Files \ Lenovo \ Hotkey \ tphklock.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA]
Autentizácia Packages REG_MULTI_SZ msv1_0 nwv1_0
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitorovanie \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKLM \ ~ \ services \ sharedaccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List]
"% Windir% \ \ system32 \ \ Sessmgr.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YServer.exe" =
R0 Shockprf; Shockprf, C: \ WINDOWS \ system32 \ DRIVERS \ Apsx 86.sys [2007-03-02 100656]
R0 TPDIGIMN; TPDIGIMN, C: \ WINDOWS \ system32 \ DRIVERS \ ApsH M86.sys [2007-03-02 19760]
R2 smefs; SMEFileSystem, C: \ WINDOWS \ system32 \ drivers \ sm efs.sys [2006-02-08 20508]
R3 CdProbe; CdProbe, C: \ WINDOWS \ system32 \ DRIVERS \ cdprob e.sys [2008-09-21 8416]
R3 smedrv; SMEDriver, C: \ WINDOWS \ system32 \ drivers \ smedr v.sys [2006-02-08 9516]
S2 AppMgSvc; Aplikácia Management Service, C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MsInfo.msi [2008-09-20 430816]
S2 yraebbgi; yraebbgi, C: \ WINDOWS \ system32 \ drivers \ bynp ea.sys []
S2 yrtxzgwh; yrtxzgwh, C: \ WINDOWS \ system32 \ drivers \ rrja ck.sys []
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost]
wrtxzg REG_MULTI_SZ wrtxzg
nraebb REG_MULTI_SZ nraebb
.
.
------- Doplnkový Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.google.com/
O8 -: E & xportovať do programu Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detektor by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 19:35:12
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesov ...
skenování skrytých položiek autostart ...
skenování skrytých súborov ...
scan úspešne dokončená
skryté súbory: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE \ System \ ControlSet001 \ Services \ A ppMgSvc]
"ImagePath" = "C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MsInfo.msi"
.
--------------------- DLL Nabito pod tečúcou procesy ---------------------
PROCESS: C: \ WINDOWS \ system32 \ Winlogon.exe
-> C: \ Program Files \ Lenovo \ Hotkey \ tphklock.dll
.
------------------------ Iné spustených procesov ----------------------- --
.
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
C: \ _integra \ bin \ shstart.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ Program Files \ Lenovo \ Hotkey \ TPONSCR.exe
C: \ Program Files \ Lenovo \ ZOOM \ TpScrex.exe
C: \ Program Files \ Symantec AntiVirus \ DoScan.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ CENTENN.IAL \ AUDÍTORSKÉ \ CAgent32.exe
C: \ CENTENN.IAL \ AUDÍTORSKÉ \ xferwan.exe
C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ Yahoo! \ Messenger \ Ymsgr_tray.exe
C: \ WINDOWS \ system32 \ calc.exe
C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
C: \ WINDOWS \ system32 \ TPHDEXLG.exe
C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ tvtsched.exe
C: \ _integra \ bin \ ccmagent.exe
C: \ Program Files \ Lenovo \ System Update \ SUService.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ ComboFix \ pv.cfexe
.
************************************************** ************************
.
Dokončenie čas: 2008-09-21 19:36:58 - stroj bol reštartuje
ComboFix-karantény-files.txt 2008-09-22 02:36:54
Pre-Spustiť: 64333811712 bytes zdarma
Post-Spustiť: 64523264000 bytes zdarma
175

HijackThis Prihlásenie
-----------------------------------
Logfile Trend Micro HijackThis v2.0.2
Scan uložené v 7:38:41 hodín, na 9.21.2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Zavádzacia mód: Normálny
Bežiace procesy:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
c: \ _integra \ bin \ shstart.exe
C: \ WINDOWS \ system32 \ tp4mon.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ NWTRAY.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ Program Files \ Lenovo \ Hotkey \ TPOSDSVC.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ ThinkPad \ UTILITY ~ 1 \ EzEjMnAp.Exe
C: \ Program Files \ Lenovo \ Hotkey \ TPONSCR.exe
C: \ Program Files \ Lenovo \ Zväčąi \ TpScrex.exe
C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe
C: \ WINDOWS \ system32 \ TpShocks.exe
C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ scheduler_proxy.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Centenn.ial \ Audit \ CAgent32.exe
C: \ Centenn.ial \ Audit \ xferwan.exe
C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ WINDOWS \ system32 \ calc.exe
C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
C: \ WINDOWS \ system32 \ TPHDEXLG.exe
C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ tvtsched.exe
c: \ _integra \ bin \ ccmagent.exe
C: \ Program Files \ Lenovo \ System Update \ suservice.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj triedy - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O4 - HKLM \ .. \ Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Perzistencia] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [TPHOTKEY] C: \ Program Files \ Lenovo \ Hotkey \ TPOSDSVC.exe
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [EZEJMNAP] C: \ PROGRA ~ 1 \ ThinkPad \ UTILITY ~ 1 \ EzEjMnAp.Exe
O4 - HKLM \ .. \ Run: [LPManager] C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe
O4 - HKLM \ .. \ Run: [TpShocks] TpShocks.exe
O4 - HKLM \ .. \ Run: [TVT Plánovač Proxy] C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ scheduler_proxy.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKCU \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'miestnych')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'Network Service')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'systém')
O4 - HKUS \. DEFAULT \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'Predvolené užívateľ')
O8 - Extra kontextového menu položku: E & xportovať do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra tlačidlá: Výskum - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra tlačidlá: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O9 - Extra 'Tools' menuitem: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (B8E7B489-2160-4DE7-b592-9FD03D16CC74): Domain = keane.com
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (D239A412-22C2-4683-95BC-1FFAA687D0DF): nameserver = 172.21.18.101,172.21.18.102
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
O23 - Service: Správa aplikácií Service (AppMgSvc) - Neznámy vlastník - C: \ Program.exe (súbor chýba)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - C: \ Centenn.ial \ Audit \ CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C: \ Centenn.ial \ Audit \ xferwan.exe
O23 - Service: Klient Update Service pre Novell (cusrvc) - Novell, Inc - C: \ WINDOWS \ system32 \ cusrvc.exe
O23 - Service: Cisco Systems, Inc VPN Service (CVPND) - Cisco Systems, Inc - C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Intel (R) PROSet / Wireless udalostí (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C: \ WINDOWS \ system32 \ ibmpmsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec sieť Ovládače Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C: \ Program Files \ Lenovo \ System Update \ suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C: \ WINDOWS \ system32 \ TPHDEXLG.exe
O23 - Service: TVT Plánovač - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ tvtsched.exe
O23 - Service: Symantec LiveState splnomocnenec pre Windows (WControl) - Symantec Corporation - c: \ _integra \ bin \ ccmagent.exe
--
Koniec súboru - 8581 bytes

**evilfantasy** · #8 21. September 2008, 21:24

Poznámka: nižšie uvedených pokynov boli vytvorené špeciálne pre tohto užívateľa. Ak si nie ste týmto užívateľom DON'T postupujte podľa týchto pokynov, ktoré by mohli poškodiť chod vášho systému

Odstrániť tieto súbory / adresáre, takto:

1. Prejsť na Začať > Plynúť > Typ Notepad.exe a kliknite OK otvorte Poznámkový blok.
To musieť potrebné Poznámkový blok, WordPad nie.
2. Skopírujte text v nižšie kód do kolónky zvýraznenie celý text a stlačením Ctrl + C

Kód:

Killall:: Driver:: BHSRV BHsrv spis:: C: \ WINDOWS \ system32 \ bynpea.key C: \ WINDOWS \ system32 \ 004fdb9.imi C: \ WINDOWS \ system32 \ _Bhsrv.msi C: \ WINDOWS \ system32 \ rrjack. klávesa C: \ WINDOWS \ system32 \ 0048444.imi C: \ WINDOWS \ system32 \ drivers \ bynpea.sys C: \ WINDOWS \ system32 \ drivers \ rrjack.sys C: \ WINDOWS \ system32 \ calc.exe

3. Choď do okna Poznámkový blok a kliknite Upraviť > Vložiť
4. Potom kliknite na Súbor > Uložiť
5. Názov súboru CFScript.txt - Uložte súbor do počítača
6. Potom presunieme CFScript (držte ľavé tlačidlo myši a zároveň pretiahnutím súboru) a pusť ju (uvoľnite ľavé tlačidlo myši) do ComboFix.exe, ako vidíte na obrázku nižšie. Dôležité upozornenie: Vykoná pokyny pozorne!

ComboFix začne vykonávať, stačí sledovať pokyny.
Po reštarte (v prípade, že požiada o reštart systému), bude produkovať záznam pre vás.
Posta, že log (Combofix.txt) vo svojej budúcej odpoveď.

Poznámka: Don't mouseclick ComboFix okná, ak je v chode. To môže spôsobiť váš systém zmraziť

nitingaur · #9 21. September 2008, 22:20

ComboFix log po spustení CFSCript
-------------------------------------------------- --------
ComboFix 08-09-20.05 - 012466 2008-09-21 22:11:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.598 [GMT -7:00]
Spustenie z: C: \ Keanetools \ ComboFix.exe
Command prepínačov používa:: C: \ Documents and Settings \012466 \ Desktop \ CFScript.txt
* Vznik nového bodu obnovenia
POZOR-Tento stroj nemá konzoly na obnovenie namontovanom!
FILE::
C: \ WINDOWS \ system32 \ _Bhsrv.msi
C: \ WINDOWS \ system32 \0048444.imi
C: \ WINDOWS \ system32 \004fdb9.imi
C: \ WINDOWS \ system32 \ bynpea.key
C: \ WINDOWS \ system32 \ calc.exe
C: \ WINDOWS \ system32 \ drivers \ bynpea.sys
C: \ WINDOWS \ system32 \ drivers \ rrjack.sys
C: \ WINDOWS \ system32 \ rrjack.key
.
((((((((((((((((((((((((((((((((((((((( Ostatné Vymazanie ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ system32 \ _Bhsrv.msi
C: \ WINDOWS \ system32 \0048444.imi
C: \ WINDOWS \ system32 \004fdb9.imi
C: \ WINDOWS \ system32 \ bynpea.key
C: \ WINDOWS \ system32 \ calc.exe
C: \ WINDOWS \ system32 \ rrjack.key
.
((((((((((((((((((((((((( Súbory vytvorené od 2008-08-22 do 2008-09-22 ))))))))))) ))))))))))))))))))))
.
2008-09-21 18:09. 2008-09-21 18:10 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008-09-21 18:09. 2008-09-21 18:09 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Malwarebytes
2008-09-21 18:09. 2008-09-21 18:09 <DIR> d -------- C: \ Documents and Settings \012466 \ Data aplikací \ Malwarebytes
2008-09-21 18:09. 2008-09-10 00:04 38528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-21 18:09. 2008-09-10 00:03 17200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-21 11:07. 2008-09-21 11:07 <DIR> d -------- C: \ Program Files \ Lavasoft
2008-09-21 11:07. 2008-09-21 11:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Lavasoft
2008-09-21 11:06. 2008-09-21 11:06 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Sprievodca inštaláciou
2008-09-20 23:40. 2008-09-20 23:40 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-09-19 09:03. 2008-09-19 09:08 <DIR> d -------- C: \ WINDOWS \ SxsCaPendDel
2008-09-19 00:49. 2008-09-19 00:52 <DIR> d -------- C: \ Documents and Settings \012466 \. Housecall6.6
2008-09-19 00:27. 2008-09-19 09:04 <DIR> da ------ C: \ Documents and Settings \ All Users \ Data aplikací \ TEMP
2008-09-18 20:25. 2002-02-04 06:22 1230336 - a ------ C: \ WINDOWS \ system32 \ msxml4.dll
2008-09-18 20:25. 2007-09-14 05:01 922920 --------- C: \ WINDOWS \ system32 \ ahlprun.exe
2008-09-18 20:25. 2002-02-04 06:13 82432 - a ------ C: \ WINDOWS \ system32 \ Msxml4r.dll
2008-09-18 20:25. 2002-02-04 06:13 44544 - a ------ C: \ WINDOWS \ system32 \ msxml4a.dll
2008-09-18 20:25. 2002-02-07 18:43 9679 - a ------ C: \ WINDOWS \ system32 \ msxml4r.cat
2008-09-18 20:25. 2002-02-07 18:43 9675 - a ------ C: \ WINDOWS \ system32 \ msxml4.cat
2008-09-18 20:25. 2002-02-06 20:31 3489 - a ------ C: \ WINDOWS \ system32 \ msxml4.Manifest
2008-09-18 20:25. 2002-02-06 20:31 500 - a ------ C: \ WINDOWS \ system32 \ msxml4r.Manifest
2008-09-18 20:21. 2008-09-18 20:21 <DIR> d -------- C: \ Program Files \ Common Files \ Lenovo
2008-09-13 19:27. 2008-09-13 19:27 24 - a ------ C: \ WINDOWS \ cdplayer.ini
2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Real
2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Common Files \ Xing zdieľané
2008-09-13 19:26. 2008-09-13 19:26 <DIR> d -------- C: \ Program Files \ Common Files \ Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Správa )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 05:14 8.416 ---- aw C: \ WINDOWS \ system32 \ drivers \ CDProbe.SYS
2008-09-22 05:14 16 - sh - r C: \ MSCIOTL.SYS
2008-09-22 05:14 --------- d ----- w C: \ Program Files \ Symantec AntiVirus
2008-09-22 03:07 --------- d ----- w C: \ Program Files \ Cisco VPN klient
2008-09-20 19:26 430.816 - sh - w C: \ Program Files \ _MsInfo.msi
2008-09-19 03:25 --------- d - h - w C: \ Program Files \ InstallShield Informácie o inštalácii
2008-09-19 03:25 --------- d ----- w C: \ Program Files \ ThinkVantage
2008-09-19 03:21 --------- d ----- w C: \ Program Files \ Lenovo
.
((((((((((((((((((((((((((((( Snapshot@2008-09-21_19.36.38.64 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008-09-21 18:59:45 71.370 ---- aw C: \ WINDOWS \ system32 \ Perfc009.dat
+ 2008-09-22 02:39:43 71.370 ---- aw C: \ WINDOWS \ system32 \ Perfc009.dat
- 2008-09-21 18:59:45 439.832 ---- aw C: \ WINDOWS \ system32 \ Perfh009.dat
+ 2008-09-22 02:39:43 439.832 ---- aw C: \ WINDOWS \ system32 \ Perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Načítavam Body )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Poznámka * prázdné záznamy & dôveryhodne východiskové údaje nie sú zobrazené
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curr ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager" = "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2007-08-15 141848]
"HotKeysCmds" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2007-08-15 162328]
"Vytrvalosť" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2007-08-15 137752]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006-03-24 53408]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-06-14 124656]
"TPHOTKEY" = "C: \ Program Files \ Lenovo \ Hotkey \ TPOSDSVC.exe" [2007-03-09 66176]
"UpdateManager" = "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" [2003-08-18 110592]
"dla" = "C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe" [2005-05-19 127037]
"EZEJMNAP" = "C: \ PROGRA ~ 1 \ ThinkPad \ UTILITY ~ 1 \ EzEjMnAp. Exe" [2007-04-26 243248]
"LPManager" = "C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe" [2007-03-22 120368]
"TVT Plánovač Proxy" = "C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ scheduler_proxy.exe" [2008-03-04 487424]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-09-13 185896]
"TrackPointSrv" = "tp4mon.exe" [2004-08-03 C: \ WINDOWS \ system32 \ tp4mon.exe]
"NWTRAY" = "NWTRAY.EXE" [2002-03-12 C: \ WINDOWS \ system32 \ nwtray.exe]
"TpShocks" = "TpShocks.exe" [2007-03-29 C: \ WINDOWS \ system32 \ TpShocks.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Komunikátor" = "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" [2005-05-12 4167376]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"CompatibleRUPSecurity" = 1 (0x1)
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ teraz rentversion \ Policies \ Explorer]
"StartMenuLogoff" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ oznámiť \ tpfnf2]
2006-09-06 13:37 34344 C: \ Program Files \ Lenovo \ Hotkey \ notifyf2.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ oznámiť \ tphotkey]
2006-12-14 08:06 28672 C: \ Program Files \ Lenovo \ Hotkey \ tphklock.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA]
Autentizácia Packages REG_MULTI_SZ msv1_0 nwv1_0
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitorovanie \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKLM \ ~ \ services \ sharedaccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List]
"% Windir% \ \ system32 \ \ Sessmgr.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YServer.exe" =
R0 Shockprf; Shockprf, C: \ WINDOWS \ system32 \ DRIVERS \ Apsx 86.sys [2007-03-02 100656]
R0 TPDIGIMN; TPDIGIMN, C: \ WINDOWS \ system32 \ DRIVERS \ ApsH M86.sys [2007-03-02 19760]
R2 smefs; SMEFileSystem, C: \ WINDOWS \ system32 \ drivers \ sm efs.sys [2006-02-08 20508]
R3 CdProbe; CdProbe, C: \ WINDOWS \ system32 \ DRIVERS \ cdprob e.sys [2008-09-21 8416]
R3 smedrv; SMEDriver, C: \ WINDOWS \ system32 \ drivers \ smedr v.sys [2006-02-08 9516]
S2 AppMgSvc; Aplikácia Management Service, C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MsInfo.msi [2008-09-20 430816]
S2 yraebbgi; yraebbgi, C: \ WINDOWS \ system32 \ drivers \ bynp ea.sys []
S2 yrtxzgwh; yrtxzgwh, C: \ WINDOWS \ system32 \ drivers \ rrja ck.sys []
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost]
wrtxzg REG_MULTI_SZ wrtxzg
nraebb REG_MULTI_SZ nraebb
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detektor by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 22:16:04
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesov ...
skenování skrytých položiek autostart ...
skenování skrytých súborov ...

C: \ WINDOWS \ system32 \ calc.exe
scan úspešne dokončená
skryté súbory: 1
************************************************** ************************
[HKEY_LOCAL_MACHINE \ System \ ControlSet001 \ Services \ A ppMgSvc]
"ImagePath" = "C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MsInfo.msi"
.
--------------------- DLL Nabito pod tečúcou procesy ---------------------
PROCESS: C: \ WINDOWS \ system32 \ Winlogon.exe
-> C: \ Program Files \ Lenovo \ Hotkey \ tphklock.dll
.
------------------------ Iné spustených procesov ----------------------- --
.
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ CENTENN.IAL \ AUDÍTORSKÉ \ CAgent32.exe
C: \ CENTENN.IAL \ AUDÍTORSKÉ \ xferwan.exe
C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
C: \ WINDOWS \ system32 \ TPHDEXLG.exe
C: \ Program Files \ Common Files \ Lenovo \ Plánovač \ tvtsched.exe
C: \ _integra \ bin \ ccmagent.exe
C: \ Program Files \ Lenovo \ System Update \ SUService.exe
C: \ _integra \ bin \ shstart.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ Program Files \ Lenovo \ Hotkey \ TPONSCR.exe
C: \ Program Files \ Lenovo \ ZOOM \ TpScrex.exe
C: \ Program Files \ Symantec AntiVirus \ DoScan.exe
C: \ Program Files \ Yahoo! \ Messenger \ Ymsgr_tray.exe
C: \ ComboFix \ pv.cfexe
.
************************************************** ************************
.
Dokončenie čas: 2008-09-21 22:17:28 - stroj bol reštartuje
ComboFix-karantény-files.txt 2008-09-22 05:17:23
ComboFix2.txt 2008-09-22 02:36:59
Pre-Spustiť: 64509464576 bytes zdarma
Post-Spustiť: 64505421824 bytes zdarma
181

**evilfantasy** · #10 21. September 2008, 22:26

Stiahnuť OTMoveIt2 by Oldtimera uložiť ho do svojho Desktop.

Poznámka: Ak prevádzkujete na Vista, právo-kliknite na OTMoveIt2.exe a vyberte Spustiť ako správca.

1. Double-kliknite OTMoveIt2.exe spustite.
2. Skopírujte riadky v codebox nižšie.

Kód:

[zabít explorer] C: \ WINDOWS \ system32 \ calc.exe HKEY_LOCAL_MACHINE \ System \ ControlSet001 \ Services \ AppMgSvc EmptyTemp [start explorer]

3. Späť na OTMoveIt2, kliknite pravým tlačidlom myši na Vložiť Zoznam súborov a priečinkov na Presunúť okna (pod žltou bar) a vyberte Vložiť
4. Kliknutím na červenú Moveit! tlačidlo.
5. Kopírovať všetko v okne Výsledky (v rámci zelenej bar) a vložte ho do vašej ďalšej odpoveď.
6. Zavrieť OTMoveIt2

Poznámka: Ak súbor alebo priečinok nedá presunúť okamžite môžete byť vyzvaní na reštartovanie počítača za účelom ukončenia procesu prechodu. Je-li vyzvaní k reštartu, vyberte Áno. Ak sa tak nestane, reštartujte rovnako.