appdrvrem01.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U servisima mi se stvorio "Application Driver Auto Removal Service (01)" neki dan, u exploreru stoji datum da je file C:\WINDOWS\System32\appdrvrem01.exe kreiran 26.09.2008 22:26 (tek sam sad slučajno sa HJT-om skužio ga). Google izbaciva stranice većinom sa upozorenjima, a na microsoft-ovim stranicama nikad čuli za takav servis (preko search). Jeli to stvarno nekakav trojanac i ja bio zarazen ovih par dana ili je nekakav legitiman MS service? hijackthis.exe = TR3-911.exe. Ako je trojanac, jel može malo objašnjenje šta radi....hvala



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:59:49, on 29.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programi\Sandboxie\SbieSvc.exe
D:\Programi\ZoneAlarm\zlclient.exe
D:\Programi\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
D:\Programi\Sandboxie\SbieCtrl.exe
D:\Programi\Firefox\firefox.exe
D:\Programi\Sandboxie\SandboxieRpcSs.exe
D:\Programi\Sandboxie\SandboxieDcomLaunch.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\crveni_šešir.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - D:\Programi\FLV Downloader\MoyeaCth.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Programi\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [D:\Programi\NetMeter\NetMeter.exe] D:\Programi\NetMeter\NetMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DCPFLICS service (DCPFLICS) - Unknown owner - C:\Program Files\DCPFLICS\dcpflics.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - D:\Programi\Sandboxie\SbieSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4394 bytes

Dopuna: 30 Sep 2008 13:14

Mali edit: hijackthis.exe je crveni_šešir.exe. Gore sam zabunom napisao TR3-911.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nikakav info o tom servisu ne mogu da nadjem...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I ja sam kopo po netu ali uzalud. Jučer sam odma kill-o servis (services.msc) ali opet mi je tu. Instalirao sam Avast i updeto ga, napravio boot scan---- ništa nije pronašao. Ista stvar i sa AD-Aware-om 2007 (free)---ništa. Šta mi je činiti?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Rekao bih da je legitiman.
Video sam u temama na drugim forumima da su ga proveravali i da ga ni jedan AV nije detektovao kao malicioznog.
dr_Bora misli da taj servis dolazi uz neku igricu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

bobby ::
dr_Bora misli da taj servis dolazi uz neku igricu.

Moguće... Neki dan sam instalirao neku novu igru. Enivej, killo sam ga i obriso exe. Hvala i pozdrav