Prośba o pomoc przy likwidacji generatora wirusów
Zawsze po starcie systemu w katalogu "Documents and Settings" powstają trzy wirusy:
USTAWI~1\Temp\AAWTMP\C461265\225D95\setup.exe
USTAWI~1\Temp\AAWTMP\C461265\39C2E0\setup.exe
USTAWI~1\Temp\AAWTMP\C461265\31D27F\setup.exe
które nie wiem przez jaki program są generowane.
Proszę o pomoc w identyfikacji tego programu.
Pozdrawiam
Mirek
USTAWI~1\Temp\AAWTMP\C461265\225D95\setup.exe
USTAWI~1\Temp\AAWTMP\C461265\39C2E0\setup.exe
USTAWI~1\Temp\AAWTMP\C461265\31D27F\setup.exe
które nie wiem przez jaki program są generowane.
Proszę o pomoc w identyfikacji tego programu.
Pozdrawiam
Mirek
Odpowiedzi: 2
W panelu sterowania jest tylko Jawa. A czy z loga Hijack moźna coś wyczytać?
Logfile of HijackThis v1.99.1
Scan saved at 00:36:50, on 2006–04–21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Documents and Settings\Mirosław\Moje dokumenty\Picasa2\PicasaMediaDetector.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\DAP\DAP.EXE
D:\Program Files\VIA\RAID\raid_tool.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\NetMeter\NetMeter.exe
D:\Program Files\Kalendarz XP\Kalendarz.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Executive Software\DiskeeperLite\DKService.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\tlntsvr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\Mirosław\Pulpit\msimn.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Mirosław\Pulpit\HijackThis.exe
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – d:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – d:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Device Detector] DevDetect.exe –autorun
O4 – HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\Mirosław\Moje dokumenty\Picasa2\PicasaMediaDetector.exe
O4 – HKLM\..\Run: [RAMCleaner start] D:\Program Files\RAMCleaner\RAMCleaner.exe
O4 – HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [BearShare] "D:\Program Files\Ściągacz mp3\2\BearShare.exe" /pause
O4 – HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 – HKLM\..\Run: [SpeedOptimizer] D:\PROGRA~1\SPEEDO~1\SPO.EXE –s
O4 – HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
O4 – HKLM\..\Run: [VTTimer] VTTimer.exe
O4 – HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Program Files\NetMeter\NetMeter.exe
O4 – Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe
O8 – Extra context menu item: &Download with &DAP – D:\Program Files\DAP\dapextie.htm
O8 – Extra context menu item: &Google Search – res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Download &all with DAP – D:\Program Files\DAP\dapextie2.htm
O8 – Extra context menu item: Similar Pages – res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Diskeeper – Executive Software International, Inc. – D:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – D:\Program Files\iPod\bin\iPodService.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – D:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
O23 – Service: Leadtek Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: O&O Defrag (OODefrag) – O&O Software GmbH – D:\WINDOWS\system32\oodag.exe
Logfile of HijackThis v1.99.1
Scan saved at 00:36:50, on 2006–04–21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Documents and Settings\Mirosław\Moje dokumenty\Picasa2\PicasaMediaDetector.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\DAP\DAP.EXE
D:\Program Files\VIA\RAID\raid_tool.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\NetMeter\NetMeter.exe
D:\Program Files\Kalendarz XP\Kalendarz.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Executive Software\DiskeeperLite\DKService.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\tlntsvr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\Mirosław\Pulpit\msimn.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Mirosław\Pulpit\HijackThis.exe
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – d:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – d:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Device Detector] DevDetect.exe –autorun
O4 – HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\Mirosław\Moje dokumenty\Picasa2\PicasaMediaDetector.exe
O4 – HKLM\..\Run: [RAMCleaner start] D:\Program Files\RAMCleaner\RAMCleaner.exe
O4 – HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [BearShare] "D:\Program Files\Ściągacz mp3\2\BearShare.exe" /pause
O4 – HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 – HKLM\..\Run: [SpeedOptimizer] D:\PROGRA~1\SPEEDO~1\SPO.EXE –s
O4 – HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
O4 – HKLM\..\Run: [VTTimer] VTTimer.exe
O4 – HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Program Files\NetMeter\NetMeter.exe
O4 – Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe
O8 – Extra context menu item: &Download with &DAP – D:\Program Files\DAP\dapextie.htm
O8 – Extra context menu item: &Google Search – res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Download &all with DAP – D:\Program Files\DAP\dapextie2.htm
O8 – Extra context menu item: Similar Pages – res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Diskeeper – Executive Software International, Inc. – D:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – D:\Program Files\iPod\bin\iPodService.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – D:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
O23 – Service: Leadtek Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: O&O Defrag (OODefrag) – O&O Software GmbH – D:\WINDOWS\system32\oodag.exe
To AAWTMP to kojarzy się z Java.ByteVerify Wyczyść cache Javy. Jak tą od Suna to w Panelu Sterowania powinieneś mieć aplecik Java Plug–In i tam na zakładce Cache jest przycisk Clear – uzyj go i sprzwadź czy podziałało.
Strona 1 / 1