Ja usunąć ten problem tmpf00


(Darko80) #1

Mam ten plik za kazdym uruchomieniem komputera i za kazdym razem Avast mi go wykrywa jako wirus i usuwam a potem i tak on powraca to samo sie dzieje z mtr.....vir nie wiem ja tam brzmi dokladnie ta nazwa


(Adarek) #2

Wyłącz przywracanie systemu.


(Asterisk) #3

A masz na dysku taki program - tmpf00.exe. ?


(Darko80) #4

ten plik uruchamia sie razem z windowsem bo zawsze daje zakoncz w menadzerze zadan a lokalizjuje sie w C:\WINDOWS\System32 jets duzo tych plikow tam tmpf00.exe, i potem 01,03 itd. i zawsze je usuwam ale zawsze wracaja


(JNJN) #5

Zrób porządny scan kompa i wklej log.

http://www.centrumxp.pl/forum/viewtopic ... 533#159533


(Darko80) #6

Robilem juz skanuy z tej strony wielokrotnie usuwalo wirusy tojany ale znow powracaly i niewiem juz jak sobie poradzic ale log wkeje

Logfile of HijackThis v1.98.2

Scan saved at 09:24:34, on 2004-12-31

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 567bbcc1cd

O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://portalwiedzy.onet.pl/europlus/le ... ording.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O21 - SSODL: zjSikrTC - {40F6D95D-EA5C-73F7-19AF-084A6A116F80} - C:\WINDOWS\System32\tkhxa.dll (file missing)

O21 - SSODL: eplrr - {681EBC71-254C-4C97-A948-1AEA0DACAB85} - C:\WINDOWS\System32\eplrr3.dll


(Damian) #7
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/


R3 - Default URLSearchHook is missing


O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=7fd1b1487ea24557e81cb1f266ef2 780947d11d735d3f73d567bbcc1cd65aeb860d24e26488494fe11db2684f9909f72dc77fd77a214: 2e5848e0a9d3ad577e6a6478c1291781


O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://portalwiedzy.onet.pl/europlus/lekcje/localplayer/recording/yrecording.cab


O21 - SSODL: zjSikrTC - {40F6D95D-EA5C-73F7-19AF-084A6A116F80} - C:\WINDOWS\System32\tkhxa.dll (file missing)

Ten mnie zastanawia:

O21 - SSODL: eplrr - {681EBC71-254C-4C97-A948-1AEA0DACAB85} - C:\WINDOWS\System32\eplrr3.dll


(wieszak) #8

http://forum.dobreprogramy.pl/viewtopic.php?t=14452

Poczytaj i zastosuj się do rad.

Ps

Dobrze Damian że ten wpis Cię zastanawia bo to trojan :smiley: