pietro333 utworzono 6 sierpnia 2007 utworzono 6 sierpnia 2007 Mam pewien problem, za każdym razem gdy włączam komputer w menadżerze zadań pojawia mi sie jeden dziwny proces, za każdym razem o innej nazwie ale o tym samym użyciu procesora (nazwy są różne ale nieraz się powtarzają). Ostatnio musiałem wyłączyć FireWalla z pewnych powodów i wtedy to się pojawiło. Pomóżcie http://images25.fotosik.pl/49/5e73ae00a57adb4f.jpg
pietro333 komentarz 7 sierpnia 2007 Autor komentarz 7 sierpnia 2007 Przeskanowałem kompa skanerem Online, wykryło parę trojanów i je usunąłem. Problem z tym procesem zniknął ale pojawił się inny, jak skanuje windowsa Avastem to pojawia mi sie że plik lsass.exe jest zarażony trojanem, no a nie mogę go usunąć bo jest to plik potrzebny windowsowi xD. Tu są logi: Logfile of HijackThis v1.99.1Scan saved at 14:17, on 2007-08-07Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSExplorer.EXEC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:Program FilesSoftwinBitDefender8bdnagent.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program FilesJavajre1.6.0_01binjusched.exeC:WINDOWSSOUNDMAN.EXEC:Program FilesCommon FilesRealUpdate_OBrealsched.exeC:WINDOWSSystem32ctfmon.exeC:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSSystem32nvsvc32.exeC:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exeC:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:Documents and SettingsPietroPulpithtHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocxO4 - HKLM..Run: [bDMCon] "C:Program FilesSoftwinBitDefender8bdmcon.exe"O4 - HKLM..Run: [bDNewsAgent] "C:Program FilesSoftwinBitDefender8bdnagent.exe"O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exeO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottimeO4 - HKLM..Run: [soundMan] SOUNDMAN.EXEO4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osbootO4 - HKLM..Run: [bTUSRBDG] BtUsrBdg.exeO4 - HKLM..Run: [bTSETBOOTKEY] BTSetBootKey.exeO4 - HKLM..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exeO4 - HKLM..Run: [Advanced DHTML Enable] C:WINDOWSSystem32tfrvf.exeO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exeO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%bdoscandel.exe (file missing)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe" /service (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exeO23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe" /service (file missing) ComboFix 07-08-04.3 - "Pietro" 2007-08-07 14:10:51.1 [GMT 2:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.0.1250.1.1045.18.Prawda * Created a new restore point((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:WINDOWSsystem32.exe((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))2007-08-07 14:09 51,200 --a------ C:WINDOWSnircmd.exe2007-08-07 01:11 <DIR> d-------- C:DOCUME~1PietroDANEAP~1Help2007-08-07 00:52 <DIR> d-------- C:Program FilesSecurity Task Manager2007-08-07 00:52 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1SecTaskMan2007-08-07 00:10 <DIR> d-------- C:WINDOWSBDOSCAN82007-08-06 23:42 27,367 --a------ C:WINDOWSsystem32rgoghaip.exe2007-08-06 20:31 27,367 --a------ C:WINDOWSsystem32jkgm.exe2007-08-06 16:01 27,367 --a------ C:WINDOWSsystem32lnlxb.exe2007-08-06 15:20 27,367 --a------ C:WINDOWSsystem32nacazrn.exe2007-08-06 00:33 27,367 --a------ C:WINDOWSsystem32lyal.exe2007-08-05 22:37 27,367 --a------ C:WINDOWSsystem32vvxvkv.exe2007-08-05 21:23 27,367 --a------ C:WINDOWSsystem32mzoz.exe2007-08-05 17:50 27,367 --a------ C:WINDOWSsystem32rgrtsh.exe2007-08-05 15:20 27,367 --a------ C:WINDOWSsystem32xmlbxsjf.exe2007-08-05 01:41 27,367 --a------ C:WINDOWSsystem32pmccmh.exe2007-08-05 00:52 27,367 --a------ C:WINDOWSsystem32vwyu.exe2007-08-05 00:31 27,367 --a------ C:WINDOWSsystem32lmmahg.exe2007-08-04 19:04 27,367 --a------ C:WINDOWSsystem32onbp.exe2007-08-04 17:42 27,367 --a------ C:WINDOWSsystem32ucrmflzj.exe2007-08-03 20:37 27,367 --a------ C:WINDOWSsystem32rkco.exe2007-08-03 18:20 27,367 --a------ C:WINDOWSsystem32yadn.exe2007-08-03 16:51 27,367 --a------ C:WINDOWSsystem32bcuilnz.exe2007-08-03 01:20 27,367 --a------ C:WINDOWSsystem32aykwvhh.exe2007-08-02 22:52 27,367 --a------ C:WINDOWSsystem32vrjfe.exe2007-08-02 21:58 27,367 --a------ C:WINDOWSsystem32ljyfar.exe2007-08-02 20:53 27,367 --a------ C:WINDOWSsystem32tzecoqtb.exe2007-08-02 02:39 27,367 --a------ C:WINDOWSsystem32sotvclb.exe2007-08-01 21:05 27,367 --a------ C:WINDOWSsystem32hoovk.exe2007-08-01 20:15 27,367 --a------ C:WINDOWSsystem32sfqy.exe2007-08-01 19:18 27,367 --a------ C:WINDOWSsystem32izhvz.exe2007-08-01 15:47 27,367 --a------ C:WINDOWSsystem32uspm.exe2007-08-01 15:24 27,367 --a------ C:WINDOWSsystem32imvt.exe2007-07-28 23:14 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1nView_Profiles2007-07-26 16:46 77,720 --a------ C:WINDOWSWar3Unin.dat2007-07-26 16:46 2,829 --a------ C:WINDOWSWar3Unin.pif2007-07-26 16:46 139,264 --a------ C:WINDOWSWar3Unin.exe2007-07-26 16:43 <DIR> d-------- C:Program FilesWarcraft III2007-07-17 02:36 <DIR> d-------- C:Program FilesFLVPlayer2007-07-11 12:48 2,560 --------- C:WINDOWSsystem32driverscdralw2k.sys2007-07-11 12:48 2,432 --------- C:WINDOWSsystem32driverscdr4_xp.sys2007-07-11 12:48 <DIR> d-------- C:Program FilesGoogle2007-07-08 22:32 <DIR> d-------- C:Program FilesDiskInternals2007-07-08 22:29 <DIR> d--h----- C:WINDOWSPIF(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-08-06 00:03 --------- d-------- C:Program FilesMorrowind2007-07-28 00:07 783224 --a------ C:WINDOWSsystem32aswBoot.exe2007-07-28 00:02 94416 --a------ C:WINDOWSsystem32driversaswmon2.sys2007-07-28 00:02 92848 --a------ C:WINDOWSsystem32driversaswmon.sys2007-07-28 00:00 23152 --a------ C:WINDOWSsystem32driversaswRdr.sys2007-07-27 23:59 42912 --a------ C:WINDOWSsystem32driversaswTdi.sys2007-07-27 23:58 26624 --a------ C:WINDOWSsystem32driversaavmker4.sys2007-07-27 23:57 95608 --a------ C:WINDOWSsystem32AvastSS.scr2007-07-11 12:50 --------- d-------- C:Program FilesPicasa22007-07-05 17:13 --------- d-------- C:Program FilesGadu-Gadu2007-07-02 20:25 --------- d-------- C:Program FilesJoanna d'Arc2007-06-28 23:24 --------- d-------- C:Program Files7-Zip2007-06-27 21:25 12528 --a------ C:WINDOWSsystem32driverssecdrv.sys2007-06-27 21:16 --------- d-------- C:Program FilesEA GAMES2007-06-27 14:56 --------- d-------- C:Program FilesShiny2007-06-27 01:56 --------- d--h----- C:Program FilesInstallShield Installation Information2007-06-27 01:56 --------- d-------- C:Program FilesTeam172007-06-27 00:47 --------- d-------- C:Program FilesOriginal War2007-06-24 03:13 --------- d-------- C:Program FilesThe All-Seeing Eye2007-06-24 03:09 --------- d-------- C:Program FilesQuake III Arena2007-06-24 01:29 --------- d-------- C:Program FilesMplayer2007-06-23 20:58 --------- d-------- C:Program FilesRockstar Games2007-06-23 20:54 --------- d-------- C:Program FilesThief2007-06-23 20:42 4608 --a------ C:WINDOWSsystem32w95inf32.dll2007-06-23 20:42 2272 --a------ C:WINDOWSsystem32w95inf16.dll2007-06-23 20:34 --------- d-------- C:Program FilesCossacks2007-06-23 20:33 53248 --a------ C:WINDOWSsystem32unrar.dll2007-06-13 17:08 --------- d-------- C:DOCUME~1PietroDANEAP~1Apple Computer2007-06-10 03:40 --------- d-------- C:DOCUME~1PietroDANEAP~1XTND_BTUIObjects2007-06-10 03:37 --------- d--h----- C:Program FilesWindowsUpdate2007-06-10 03:32 --------- d-------- C:Program FilesWindigo Systems((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"BDMCon"="C:Program FilesSoftwinBitDefender8bdmcon.exe" [2005-06-20 12:10]"BDNewsAgent"="C:Program FilesSoftwinBitDefender8bdnagent.exe" [2005-05-09 12:19]"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-07-28 00:03]"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 11:50]"NvCplDaemon"="C:WINDOWSSystem32NvCpl.dll" [2005-12-10 03:06]"nwiz"="nwiz.exe" [2005-12-10 03:06 C:WINDOWSsystem32nwiz.exe]"NvMediaCenter"="C:WINDOWSSystem32NvMcTray.dll" [2005-12-10 03:06]"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43]"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [2007-02-16 10:54]"SoundMan"="SOUNDMAN.EXE" [2002-08-02 13:00 C:WINDOWSSOUNDMAN.EXE]"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2007-05-23 22:18]"BTUSRBDG"="BtUsrBdg.exe" []"BTSETBOOTKEY"="BTSetBootKey.exe" []"Picasa Media Detector"="C:Program FilesPicasa2PicasaMediaDetector.exe" [2007-06-16 01:15]"Advanced DHTML Enable"="C:WINDOWSSystem32tfrvf.exe" [][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"CTFMON.EXE"="C:WINDOWSSystem32ctfmon.exe" [2001-10-30 14:00]"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2001-08-02 16:14]C:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe [2005-09-23 22:05:26]R3 USB_RNDIS;USB Remote NDIS Network Device Driver;C:WINDOWSSystem32DRIVERSusb8023.sysS3 BTKRNBDG;Bluetooth COM Bridge;C:WINDOWSSystem32DRIVERSbtkrnbdg.sysS3 CSRBC01;%CSRBC01.SvcDesc%;C:WINDOWSSystem32Driverscsrbc01.sys**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-08-07 14:12:45Windows 5.1.2600 NTFSscanning hidden processes ...scanning hidden registry entries ...[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavoitesA151c]"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{B50C6D59-4B4F-8861-3D6F-57B23423F4A7}]scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-08-07 14:13:25C:ComboFix-quarantined-files.txt ... 2007-08-07 14:13 --- E O F --- coś czuje że skopiowałem za dużo xD
CatchMe komentarz 7 sierpnia 2007 komentarz 7 sierpnia 2007 Zablokuj porty programami WWDC i Seconfig XP Ściągnij ten program: http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe Po uruchomieniu aplikacji do lewego okna - Paste List of Files/Folders to be Moved wklejamy naszą solucję do usunięcia: C:WINDOWSsystem32rgoghaip.exe C:WINDOWSsystem32jkgm.exe C:WINDOWSsystem32lnlxb.exe C:WINDOWSsystem32nacazrn.exe C:WINDOWSsystem32lyal.exe C:WINDOWSsystem32vvxvkv.exe C:WINDOWSsystem32mzoz.exe C:WINDOWSsystem32rgrtsh.exe C:WINDOWSsystem32xmlbxsjf.exe C:WINDOWSsystem32pmccmh.exe C:WINDOWSsystem32vwyu.exe C:WINDOWSsystem32lmmahg.exe C:WINDOWSsystem32onbp.exe C:WINDOWSsystem32ucrmflzj.exe C:WINDOWSsystem32rkco.exe C:WINDOWSsystem32yadn.exe C:WINDOWSsystem32bcuilnz.exe C:WINDOWSsystem32aykwvhh.exe C:WINDOWSsystem32vrjfe.exe C:WINDOWSsystem32ljyfar.exe C:WINDOWSsystem32tzecoqtb.exe C:WINDOWSsystem32sotvclb.exe C:WINDOWSsystem32hoovk.exe C:WINDOWSsystem32sfqy.exe C:WINDOWSsystem32izhvz.exe C:WINDOWSsystem32uspm.exe C:WINDOWSsystem32imvt.exe Następnie naciskamy - MoveIt!. Pliki zostały przeniesione. Wynik operacji zobaczymy w prawym oknie Results. Log po pracy programu zobaczymy w lokalizacji - C:_OTMoveItMovedFiles Po całej operacji należy zresetować komputer. Ten plik: C:WINDOWSSystem32tfrvf.exe - Przeskanuj na www.virustotal.com i wklej raport. - Następnie wygeneruj nowe logi i wklej na forum.
pietro333 komentarz 7 sierpnia 2007 Autor komentarz 7 sierpnia 2007 napisał bym już wszystko ale nie wiem jak odebrać wynik z Virustotal
CatchMe komentarz 7 sierpnia 2007 komentarz 7 sierpnia 2007 na koniec skanowania jest napisane czy plik był zainfekowany itp...
pietro333 komentarz 8 sierpnia 2007 Autor komentarz 8 sierpnia 2007 Wydaje mi się że tego pliku nie było w kompie, bo jak go wysłałem to była informacja że 0 bajtów przesłanych :niewiedza:. Oto logi: Logfile of HijackThis v1.99.1Scan saved at 02:03, on 2007-08-08Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSExplorer.EXEC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:Program FilesSoftwinBitDefender8bdnagent.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program FilesJavajre1.6.0_01binjusched.exeC:WINDOWSSOUNDMAN.EXEC:Program FilesCommon FilesRealUpdate_OBrealsched.exeC:WINDOWSSystem32ctfmon.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSSystem32nvsvc32.exeC:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exeC:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:WINDOWSSystem32svchost.exeC:Documents and SettingsPietroPulpithtHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocxO4 - HKLM..Run: [bDMCon] "C:Program FilesSoftwinBitDefender8bdmcon.exe"O4 - HKLM..Run: [bDNewsAgent] "C:Program FilesSoftwinBitDefender8bdnagent.exe"O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exeO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottimeO4 - HKLM..Run: [soundMan] SOUNDMAN.EXEO4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osbootO4 - HKLM..Run: [bTUSRBDG] BtUsrBdg.exeO4 - HKLM..Run: [bTSETBOOTKEY] BTSetBootKey.exeO4 - HKLM..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exeO4 - HKLM..Run: [Advanced DHTML Enable] C:WINDOWSSystem32tfrvf.exeO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exeO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%bdoscandel.exe (file missing)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe" /service (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exeO23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe" /service (file missing) ComboFix 07-08-04.3 - "Pietro" 2007-08-08 2:03:53.2 [GMT 2:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.0.1250.1.1045.18.Prawda((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))2007-08-07 14:09 51,200 --a------ C:WINDOWSnircmd.exe2007-08-07 01:11 <DIR> d-------- C:DOCUME~1PietroDANEAP~1Help2007-08-07 00:52 <DIR> d-------- C:Program FilesSecurity Task Manager2007-08-07 00:52 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1SecTaskMan2007-08-07 00:10 <DIR> d-------- C:WINDOWSBDOSCAN82007-07-28 23:14 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1nView_Profiles2007-07-26 16:46 77,720 --a------ C:WINDOWSWar3Unin.dat2007-07-26 16:46 2,829 --a------ C:WINDOWSWar3Unin.pif2007-07-26 16:46 139,264 --a------ C:WINDOWSWar3Unin.exe2007-07-26 16:43 <DIR> d-------- C:Program FilesWarcraft III2007-07-17 02:36 <DIR> d-------- C:Program FilesFLVPlayer2007-07-11 12:48 2,560 --------- C:WINDOWSsystem32driverscdralw2k.sys2007-07-11 12:48 2,432 --------- C:WINDOWSsystem32driverscdr4_xp.sys2007-07-11 12:48 <DIR> d-------- C:Program FilesGoogle2007-07-08 22:32 <DIR> d-------- C:Program FilesDiskInternals2007-07-08 22:29 <DIR> d--h----- C:WINDOWSPIF(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-08-06 00:03 --------- d-------- C:Program FilesMorrowind2007-07-28 00:07 783224 --a------ C:WINDOWSsystem32aswBoot.exe2007-07-28 00:02 94416 --a------ C:WINDOWSsystem32driversaswmon2.sys2007-07-28 00:02 92848 --a------ C:WINDOWSsystem32driversaswmon.sys2007-07-28 00:00 23152 --a------ C:WINDOWSsystem32driversaswRdr.sys2007-07-27 23:59 42912 --a------ C:WINDOWSsystem32driversaswTdi.sys2007-07-27 23:58 26624 --a------ C:WINDOWSsystem32driversaavmker4.sys2007-07-27 23:57 95608 --a------ C:WINDOWSsystem32AvastSS.scr2007-07-11 12:50 --------- d-------- C:Program FilesPicasa22007-07-05 17:13 --------- d-------- C:Program FilesGadu-Gadu2007-07-02 20:25 --------- d-------- C:Program FilesJoanna d'Arc2007-06-28 23:24 --------- d-------- C:Program Files7-Zip2007-06-27 21:25 12528 --a------ C:WINDOWSsystem32driverssecdrv.sys2007-06-27 21:16 --------- d-------- C:Program FilesEA GAMES2007-06-27 14:56 --------- d-------- C:Program FilesShiny2007-06-27 01:56 --------- d--h----- C:Program FilesInstallShield Installation Information2007-06-27 01:56 --------- d-------- C:Program FilesTeam172007-06-27 00:47 --------- d-------- C:Program FilesOriginal War2007-06-24 03:13 --------- d-------- C:Program FilesThe All-Seeing Eye2007-06-24 03:09 --------- d-------- C:Program FilesQuake III Arena2007-06-24 01:29 --------- d-------- C:Program FilesMplayer2007-06-23 20:58 --------- d-------- C:Program FilesRockstar Games2007-06-23 20:54 --------- d-------- C:Program FilesThief2007-06-23 20:42 4608 --a------ C:WINDOWSsystem32w95inf32.dll2007-06-23 20:42 2272 --a------ C:WINDOWSsystem32w95inf16.dll2007-06-23 20:34 --------- d-------- C:Program FilesCossacks2007-06-23 20:33 53248 --a------ C:WINDOWSsystem32unrar.dll2007-06-13 17:08 --------- d-------- C:DOCUME~1PietroDANEAP~1Apple Computer2007-06-10 03:40 --------- d-------- C:DOCUME~1PietroDANEAP~1XTND_BTUIObjects2007-06-10 03:37 --------- d--h----- C:Program FilesWindowsUpdate2007-06-10 03:32 --------- d-------- C:Program FilesWindigo Systems((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"BDMCon"="C:Program FilesSoftwinBitDefender8bdmcon.exe" [2005-06-20 12:10]"BDNewsAgent"="C:Program FilesSoftwinBitDefender8bdnagent.exe" [2005-05-09 12:19]"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-07-28 00:03]"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 11:50]"NvCplDaemon"="C:WINDOWSSystem32NvCpl.dll" [2005-12-10 03:06]"nwiz"="nwiz.exe" [2005-12-10 03:06 C:WINDOWSsystem32nwiz.exe]"NvMediaCenter"="C:WINDOWSSystem32NvMcTray.dll" [2005-12-10 03:06]"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43]"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [2007-02-16 10:54]"SoundMan"="SOUNDMAN.EXE" [2002-08-02 13:00 C:WINDOWSSOUNDMAN.EXE]"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2007-05-23 22:18]"BTUSRBDG"="BtUsrBdg.exe" []"BTSETBOOTKEY"="BTSetBootKey.exe" []"Picasa Media Detector"="C:Program FilesPicasa2PicasaMediaDetector.exe" [2007-06-16 01:15]"Advanced DHTML Enable"="C:WINDOWSSystem32tfrvf.exe" [][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"CTFMON.EXE"="C:WINDOWSSystem32ctfmon.exe" [2001-10-30 14:00]"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2001-08-02 16:14]C:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe [2005-09-23 22:05:26]R3 USB_RNDIS;USB Remote NDIS Network Device Driver;C:WINDOWSSystem32DRIVERSusb8023.sysS3 BTKRNBDG;Bluetooth COM Bridge;C:WINDOWSSystem32DRIVERSbtkrnbdg.sysS3 CSRBC01;%CSRBC01.SvcDesc%;C:WINDOWSSystem32Driverscsrbc01.sys**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-08-08 02:05:34Windows 5.1.2600 NTFSscanning hidden processes ...scanning hidden registry entries ...[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavoitesA151c]"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{B50C6D59-4B4F-8861-3D6F-57B23423F4A7}]**************************************************************************Completion time: 2007-08-08 2:06:30C:ComboFix-quarantined-files.txt ... 2007-08-08 02:06C:ComboFix2.txt ... 2007-08-07 14:13 --- E O F --- [ Dodano: 2007-08-08, 02:12 ] jeszcze takie małe pytanie, usunąć te pliki co przeniósł OTMoveIt??
CatchMe komentarz 8 sierpnia 2007 komentarz 8 sierpnia 2007 Tak, usunąć. W takim razie pozbądź się tego pliku jeszcze: C:WINDOWSSystem32tfrvf.exe Po usunięciu z dysku pliku, usuń wpis w HijackThis: O4 - HKLM..Run: [Advanced DHTML Enable] C:WINDOWSSystem32tfrvf.exe - Wklej nowe logi.
pietro333 komentarz 8 sierpnia 2007 Autor komentarz 8 sierpnia 2007 Logfile of HijackThis v1.99.1Scan saved at 15:56:02, on 2007-08-08Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:WINDOWSExplorer.EXEC:Program FilesSoftwinBitDefender8bdnagent.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program FilesJavajre1.6.0_02binjusched.exeC:WINDOWSSOUNDMAN.EXEC:Program FilesCommon FilesRealUpdate_OBrealsched.exeC:WINDOWSSystem32ctfmon.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSSystem32nvsvc32.exeC:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exeC:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exeC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:WINDOWSSystem32svchost.exeC:Documents and SettingsPietroPulpithtHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocxO4 - HKLM..Run: [bDMCon] "C:Program FilesSoftwinBitDefender8bdmcon.exe"O4 - HKLM..Run: [bDNewsAgent] "C:Program FilesSoftwinBitDefender8bdnagent.exe"O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exeO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottimeO4 - HKLM..Run: [soundMan] SOUNDMAN.EXEO4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osbootO4 - HKLM..Run: [bTUSRBDG] BtUsrBdg.exeO4 - HKLM..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exeO4 - HKLM..Run: [Advanced DHTML Enable] C:WINDOWSSystem32tfrvf.exeO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exeO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - HKCU..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startupO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%bdoscandel.exe (file missing)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe" /service (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exeO23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe" /service (file missing) [ Dodano: 2007-08-08, 16:02 ] O4 - HKLM..Run: [Advanced DHTML Enable] C:WINDOWSSystem32tfrvf.exe Dawno go usunołem a ht cały czas go wykrywa :niewiedza:
CatchMe komentarz 9 sierpnia 2007 komentarz 9 sierpnia 2007 Ściągnij: KillBox`a 1. Zaznaczasz Delete on reboot, w polu full path of file wklej ścieżkę pliku: C:WINDOWSSystem32tfrvf.exe 2. Następnie klikasz na czerwony krzyżyk X - nastąpi restart komputera. Kasujesz wpis w HijackThis: O4 - HKLM..Run: [Advanced DHTML Enable] C:WINDOWSSystem32tfrvf.exe - Wklejasz nowe logi.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.