Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan.gamethief.Bhfk


  • Please log in to reply

#1
piratess

piratess

    New Member

  • Member
  • Pip
  • 1 posts
hi, i have problem with some malvare. AcraVir is removing over and again this trojan.gamethief.Bhfk from my disk. Please help. This is log from ComboFix
ComboFix 09-07-31.01 - Piotr 2009-07-31 21:55.2.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.1023.728 [GMT 2:00]Uruchomiony z: c:\documents and settings\Piotr\Pulpit\ComboFix.exeAV: ArcaVir *On-access scanning enabled* (Updated) {430EE792-8EF9-4D8A-B486-78BBF686F0E1}FW: ArcaFirewall 2008 *enabled* {B640009B-6FF6-4CA7-9CE8-7DA160B95A5B}UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\Installer\ba456d.msic:\windows\system32\nmdfgds1.dll.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_AVPSYS-------\Legacy_KAVSYS-------\Service_AVPsys(((((((((((((((((((((((((   Pliki utworzone od 2009-06-28 do 2009-07-31  ))))))))))))))))))))))))))))))).Nie utworzono żadnych nowych plików w tym okresie.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-17 06:24 . 2007-12-20 19:13	--------	d-----w-	c:\documents and settings\TATA\Dane aplikacji\skypePM2009-07-17 06:24 . 2007-11-25 14:33	--------	d-----w-	c:\documents and settings\TATA\Dane aplikacji\Skype2009-07-11 19:29 . 2008-05-22 08:28	19184	----a-w-	c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-29 06:56 . 2009-03-18 08:28	--------	d-----w-	c:\documents and settings\MAMA\Dane aplikacji\Ahead2009-06-26 10:13 . 2009-06-26 10:13	--------	d--h--r-	c:\documents and settings\ANIA\Dane aplikacji\Chromeflower2009-06-26 10:13 . 2009-06-26 10:13	--------	d--h--r-	c:\documents and settings\ANIA\Dane aplikacji\CrystalSpace2009-06-26 10:12 . 2009-06-26 10:12	--------	d-----w-	c:\program files\ICE-land2009-06-16 19:00 . 2007-11-26 11:08	19184	----a-w-	c:\documents and settings\MAMA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-05-23 09:44 . 2009-05-23 09:44	152576	----a-w-	c:\documents and settings\Piotr\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll2009-07-27 10:19 . 2009-02-16 21:20	134648	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2006-04-09 61440]"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-06-18 147456]"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2003-03-12 77824]"AvMenu"="c:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2009-01-19 514568]"ABRegmon"="c:\program files\ArcaBit\ArcaVir\ABregmon.exe" [2007-10-23 348160]"ArcaCheck"="c:\program files\ArcaBit\ArcaVir\ArcaCheck.exe" [2009-01-19 630784]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]c:\documents and settings\PP\Menu Start\Programy\Autostart\PowerReg Scheduler.exe [2008-3-18 256000][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VPN Client.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\VPN Client.lnkbackup=c:\windows\pss\VPN Client.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Piotr^Menu Start^Programy^Autostart^Active SMART.lnk]path=c:\documents and settings\Piotr\Menu Start\Programy\Autostart\Active SMART.lnkbackup=c:\windows\pss\Active SMART.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Piotr^Menu Start^Programy^Autostart^HDDlife.lnk]path=c:\documents and settings\Piotr\Menu Start\Programy\Autostart\HDDlife.lnkbackup=c:\windows\pss\HDDlife.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"HDDlife HDD Access service"=2 (0x2)"SolidWorks Licensing Service"=3 (0x3)"ose"=3 (0x3)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Tlen.pl\\tlen.exe"="c:\\Program Files\\BitLord\\BitLord.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 ABTDI;ABTDI;c:\program files\ArcaBit\ArcaVir\ABTDI.sys [2008-02-26 51208]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 75856]R2 ABFileMon;ArcaBit FileMonitor;c:\program files\ArcaBit\ArcaVir\FileMonSV.exe [2008-05-14 158216]R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;c:\program files\ArcaBit\Common\taskscheduler.exe [2007-10-25 151552]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]R2 AVUpdate;ArcaBit Update Service;c:\progra~1\ArcaBit\ARCAUP~1\update.exe [2008-03-29 117256]R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2006-03-02 14336]R3 ABFLT;ArcaBit File Monitor Driver;c:\progra~1\ArcaBit\ArcaVir\ABFLT.sys [2007-12-10 37896]R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;c:\program files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2008-01-30 200704]R3 st3tgbus;st3tgbus;c:\windows\system32\drivers\st3tgbus.sys [2003-03-12 8640]R3 st3tiger;st3tiger;c:\windows\system32\drivers\st3tiger.sys [2003-03-12 99168]S2 ActiveSMART Service;ActiveSMART Service;c:\program files\ActiveSMART 2.62\ASmartService.exe --> c:\program files\ActiveSMART 2.62\ASmartService.exe [?]S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;c:\program files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2008-01-30 241664]S4 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-ActiveSMART - c:\program files\ActiveSMART 2.62\\ActiveSMART.exe.------- Skan uzupełniający -------.uStart Page = about:blankIE: Dodaj do blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - c:\program files\ArcaBit\WebExtensions\ie\ArcaIEExt.dllHandler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dllFF - ProfilePath - c:\documents and settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\djz0fevz.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - WikipediaFF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\ArcaExt.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2009-07-31 22:01Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Cisco Systems\VPN Client\cvpnd.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\wdfmgr.exec:\program files\ArcaBit\ArcaVir\NetMonSV.exe.**************************************************************************.Czas ukończenia: 2009-07-31 22:07 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-07-31 20:07Przed: 5 293 764 608 bajtów wolnychPo: 5 215 989 760 bajtów wolnych130	--- E O F ---	2008-10-16 15:29

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP