jak se zbavit services.exe

Baron Prášil · Příspěvekod **Baron Prášil** » 30 črc 2007 22:41

jestli nejsou jiný potíže,než ta zpropadená obnova,tak neni třeba.

ještě se chci zeptat,ten dialog přes Tento počítač>Obnova systému je celej šedej.jde snížit velikost paměti pro obnovu?

Reklama

guesto009 · Příspěvekod **guesto009** » 30 črc 2007 22:43

jiné potíže nejsou, ta Obnova je celá šedá a s velikostí paměti se manipulovat nedá

guesto009 · Příspěvekod **guesto009** » 30 črc 2007 22:52

takže až se mi zase objeví nějaký zmetek, tak se tu zase ukážu, řekla bych, že to nebude trvat dlouho, jinak děkuju za všechnu pomoc a trpělivost

Baron Prášil · Příspěvekod **Baron Prášil** » 31 črc 2007 09:44

i za sakiriho-neni zač :wink:

na tu obnovu taky někdo něco vymyslí :bigups:

guesto009 · Příspěvekod **guesto009** » 13 srp 2007 19:14

tak jsem tu zas, jenom bych se chtěla zbavit drobností (jestli to jsou drobnosti) :

C:\System Volume Information\_restore{15378AC9-48DE-4493-BADD-CCC7F25A5308}\RP3\A0001416.exe indentifikován jako "IM-Worm.Win32.Sohanad.aw". Provedené akce: Nic nebylo provedeno.

C:\System Volume Information\_restore{15378AC9-48DE-4493-BADD-CCC7F25A5308}\RP3\A0001418.exe indentifikován jako "IM-Worm.Win32.Sohanad.aw". Provedené akce: Nic nebylo provedeno.

Baron Prášil · Příspěvekod **Baron Prášil** » 14 srp 2007 12:52

použij znova avenger

a skript

Files to delete:
C:\System Volume Information\_restore{15378AC9-48DE-4493-BADD-CCC7F25A5308}\RP3\A0001416.exe
C:\System Volume Information\_restore{15378AC9-48DE-4493-BADD-CCC7F25A5308}\RP3\A0001418.exe

použij Combofix
- po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem celý jeho obsah

guesto009 · Příspěvekod **guesto009** » 14 srp 2007 13:21

ComboFix 07-08-14.4 - "admin" 2007-08-14 13:08:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.289 [GMT 2:00]
* Created a new restore point

Rootkit driver pe386 is present. ... attempting disinfection
pe386 ...... driver unloaded successfully.
ADS removed - system32: deleted 55004 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NTIO256
-------\ntio256

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-14 13:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-14 11:22 <DIR> d-------- C:\DOCUME~1\NETWOR~1.NTA\Data aplikacˇ
2007-08-13 17:44 <DIR> d-------- C:\Program Files\CCleaner
2007-08-09 14:27 <DIR> d-------- C:\Program Files\SymNetDrv
2007-08-09 10:46 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-09 10:46 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-09 10:46 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-08-09 10:45 <DIR> d-------- C:\Program Files\Symantec
2007-08-08 15:01 <DIR> d-------- C:\DOCUME~1\ADMIN~1.MAC\DATAAP~1\AdobeUM
2007-08-05 00:09 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-07-29 21:05 <DIR> d-------- C:\DOCUME~1\ADMIN~1.MAC\DATAAP~1\Google
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-07-28 21:59 147,968 --a------ C:\WINDOWS\R.COM
2007-07-28 21:59 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-07-24 00:05 <DIR> d-------- C:\Program Files\uTorrent
2007-07-23 22:56 <DIR> d-------- C:\Program Files\RegCleaner
2007-07-23 16:56 5,505,024 --a------ C:\DOCUME~1\ADMIN~1.MAC\ntuser.dat
2007-07-23 16:56 233,472 --a------ C:\DOCUME~1\LOCALS~1.NTA\ntuser.dat
2007-07-23 12:39 <DIR> d-------- C:\Program Files\QIP

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 13:01 --------- d-------- C:\DOCUME~1\ADMIN~1.MAC\DATAAP~1\uTorrent
2007-08-10 12:21 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-09 10:46 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-07-29 18:11 --------- d-------- C:\DOCUME~1\ADMIN~1.MAC\DATAAP~1\Symantec
2007-07-18 20:32 --------- d-------- C:\DOCUME~1\ADMIN~1.MAC\DATAAP~1\Image Zone Express
2007-07-02 13:40 774144 --a------ C:\Program Files\RngInterstitial.dll
2007-05-16 17:18 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:18 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:18 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:18 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:18 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 12:18]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2007-04-25 20:01]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-22 10:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-09 14:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2007-07-15 12:43]

C:\Documents and Settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 12:40:44]

R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S4 MsaSvc;Microsoft authenticate service;C:\WINDOWS\system32\msasvc.exe
S4 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

Contents of the 'Scheduled Tasks' folder
2007-08-13 14:23:42 C:\WINDOWS\Tasks\Norton AntiVirus - Prověřit tento počítač - admin.job
2007-07-02 11:28:55 C:\WINDOWS\Tasks\rpc.job - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 13:12:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\P l á n o v a
a u t o m a t i c k é a k t u a l i z a c e L i v e U p d a t e ]
"ImagePath"="\"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="C:\WINDOWS\system32\HPZipm12.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

Completion time: 2007-08-14 13:14:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-14 13:14

--- E O F ---

Baron Prášil · Příspěvekod **Baron Prášil** » 14 srp 2007 14:15

toto odinstaluj v Přidat/Odebrat RegistryPowerCleaner

potom
avenger se skriptem

Files to delete:
C:\WINDOWS\system32\msasvc.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\OneStepSearch\onestep.dll

Folders to delete:
C:\Program Files\Winferno\RegistryPowerCleaner

pošli log z avengera a novej z combofixu

guesto009 · Příspěvekod **guesto009** » 14 srp 2007 14:27

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dbhfkfwc

*******************

Script file located at: \??\C:\WINDOWS\system32\yfnfhkbm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\msasvc.exe not found!
Deletion of file C:\WINDOWS\system32\msasvc.exe failed!

Could not process line:
C:\WINDOWS\system32\msasvc.exe
Status: 0xc0000034

Could not open file C:\Program Files\OneStepSearch\onestep.exe for deletion
Deletion of file C:\Program Files\OneStepSearch\onestep.exe failed!

Could not process line:
C:\Program Files\OneStepSearch\onestep.exe
Status: 0xc000003a

Could not open file C:\Program Files\OneStepSearch\onestep.dll for deletion
Deletion of file C:\Program Files\OneStepSearch\onestep.dll failed!

Could not process line:
C:\Program Files\OneStepSearch\onestep.dll
Status: 0xc000003a

Could not open folder C:\Program Files\Winferno\RegistryPowerCleaner for deletion
Deletion of folder C:\Program Files\Winferno\RegistryPowerCleaner failed!

Could not process line:
C:\Program Files\Winferno\RegistryPowerCleaner
Status: 0xc000003a

Completed script processing.

*******************

Finished! Terminate.

guesto009 · Příspěvekod **guesto009** » 14 srp 2007 14:28

ComboFix 07-08-14.4 - "admin" 2007-08-14 14:23:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.290 [GMT 2:00]

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-14 13:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-14 11:22 <DIR> d-------- C:\DOCUME~1\NETWOR~1.NTA\Data aplikacˇ
2007-08-13 17:44 <DIR> d-------- C:\Program Files\CCleaner
2007-08-09 14:27 <DIR> d-------- C:\Program Files\SymNetDrv
2007-08-09 10:46 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-09 10:46 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-09 10:46 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-08-09 10:45 <DIR> d-------- C:\Program Files\Symantec
2007-08-08 15:01 <DIR> d-------- C:\DOCUME~1\ADMIN~1.MAC\DATAAP~1\AdobeUM
2007-08-05 00:09 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-07-29 21:05 <DIR> d-------- C:\DOCUME~1\ADMIN~1.MAC\DATAAP~1\Google
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-07-28 22:05 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-07-28 21:59 147,968 --a------ C:\WINDOWS\R.COM
2007-07-28 21:59 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-07-24 00:05 <DIR> d-------- C:\Program Files\uTorrent
2007-07-23 16:56 5,505,024 --a------ C:\DOCUME~1\ADMIN~1.MAC\ntuser.dat
2007-07-23 16:56 233,472 --a------ C:\DOCUME~1\LOCALS~1.NTA\ntuser.dat
2007-07-23 12:39 <DIR> d-------- C:\Program Files\QIP

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 14:19 --------- d-------- C:\DOCUME~1\ADMIN~1.MAC\DATAAP~1\uTorrent
2007-08-10 12:21 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-09 10:46 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-07-29 18:11 --------- d-------- C:\DOCUME~1\ADMIN~1.MAC\DATAAP~1\Symantec
2007-07-18 20:32 --------- d-------- C:\DOCUME~1\ADMIN~1.MAC\DATAAP~1\Image Zone Express
2007-07-02 13:40 774144 --a------ C:\Program Files\RngInterstitial.dll
2007-05-16 17:18 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:18 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:18 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:18 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:18 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 12:18]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2007-04-25 20:01]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-22 10:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-09 14:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]

C:\Documents and Settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 12:40:44]

R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S4 MsaSvc;Microsoft authenticate service;C:\WINDOWS\system32\msasvc.exe
S4 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

Contents of the 'Scheduled Tasks' folder
2007-08-13 14:23:42 C:\WINDOWS\Tasks\Norton AntiVirus - Prověřit tento počítač - admin.job
2007-07-02 11:28:55 C:\WINDOWS\Tasks\rpc.job - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 14:24:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\P l á n o v a
a u t o m a t i c k é a k t u a l i z a c e L i v e U p d a t e ]
"ImagePath"="\"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="C:\WINDOWS\system32\HPZipm12.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

Completion time: 2007-08-14 14:25:53
C:\ComboFix-quarantined-files.txt ... 2007-08-14 14:25
C:\ComboFix2.txt ... 2007-08-14 13:14

--- E O F ---

Baron Prášil · Příspěvekod **Baron Prášil** » 14 srp 2007 17:04

stáhni otmoveit: http://download.bleepingcomputer.com/ol ... MoveIt.exe
spusť ho a do levého bílého okna zkopíruj tento text:

C:\WINDOWS\system32\msasvc.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\OneStepSearch\onestep.dll

klikni na tlacitko MoveIt a když bude chtít restart,tak ho povol

potom pošli log,kterej najdeš tady C:\_OTMoveIt\MovedFiles

guesto009 · Příspěvekod **guesto009** » 14 srp 2007 20:06

tak jsem to udělala, ale když jsem dala MoveIt, tak se mi tam vypsalo toto (log to neudělalo a nechtělo to ani restart) :

File/Folder C:\WINDOWS\system32\msasvc.exe not found.
File/Folder C:\Program Files\OneStepSearch\onestep.exe not found.
File/Folder C:\Program Files\OneStepSearch\onestep.dll not found.

jak se zbavit services.exe

Kdo je online