Dodaj do ulubionych

trojan Collected 5.L

IP: *.zgora.dialog.net.pl 04.07.05, 20:16
Logfile of HijackThis v1.99.1
Scan saved at 20:09:47, on 2005-07-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\xpjava.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\wuamgrnd32.exe
C:\Program Files\RAM Idle\RAMIdle.exe
C:\Program Files\Winamp3\winampa.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\WINDOWS\System32\r34r.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
C:\Program Files\netPanel\NetPanel.exe
C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MKS\Bin\mks_virw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} -
C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} -
C:\Program Files\netPanel\IEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoft Reg] wuamgrnd32.exe
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [netPanel] "C:\Program
Files\netPanel\Starter.exe" /path="C:\Program Files\netPanel"
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SERV PacK2] r34r.exe
O4 - HKLM\..\RunServices: [Microsoft Reg] wuamgrnd32.exe
O4 - HKLM\..\RunServices: [SERV PacK2] r34r.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Reg] wuamgrnd32.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Documents and
Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz
XP\Start.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1
\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-
E5ACDAA274C1}: NameServer = 217.30.137.200,217.30.129.149
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. -
C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program
Files\MKS\Bin\mks_scan.exe

Obserwuj wątek
    • Gość: Kolobos Re: trojan Collected 5.L IP: *.warszawa.sdi.tpnet.pl 04.07.05, 21:34
      I znowu to samo brak aktualizacji i syf...

      Nie mozna miec dwoch (i wiecej) antyvirusow, odinstaluj MKS'a oraz eTrust EZ
      Armor!

      Zamknij porty:
      www.firewallleaktester.com/tools/wwdc.exe
      Przeskanuj tym i usun wszystko co znajdzie:
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe



      W hijackthis kasujesz te wpisy:

      F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
      O4 - HKLM\..\Run: [Microsoft Reg] wuamgrnd32.exe
      O4 - HKLM\..\Run: [SERV PacK2] r34r.exe
      O4 - HKLM\..\RunServices: [Microsoft Reg] wuamgrnd32.exe
      O4 - HKLM\..\RunServices: [SERV PacK2] r34r.exe
      O4 - HKCU\..\Run: [Microsoft Reg] wuamgrnd32.exe
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
      C:\WINDOWS\System32\hwclock.exe (file missing)

      Nastepnie w menadzerze zadan zamykasz te procesy:
      xpjava.exe
      wuamgrnd32.exe
      r34r.exe

      I kasujesz pliki:
      C:\WINDOWS\System32\xpjava.exe
      C:\WINDOWS\System32\wuamgrnd32.exe
      C:\WINDOWS\System32\r34r.exe

      Po wszystkim wklej nowy log.
    • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 14:40
      Logfile of HijackThis v1.99.1
      Scan saved at 14:40:27, on 2005-07-05
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
      C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\RAM Idle\RAMIdle.exe
      C:\Program Files\Winamp3\winampa.exe
      C:\PROGRA~1\DAP\DAP.EXE
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
      C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
      C:\Program Files\Kalendarz XP\Kalendarz.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\System32\devldr32.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.onet.pl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
      O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
      Files\DAP\DAPBHO.dll
      O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
      Files\DAP\DAPIEBar.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
      Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
      O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program
      Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
      Antivirus\CAVTray.exe"
      O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
      Antivirus\CAVRID.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [Skype] "C:\Documents and
      Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
      O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
      O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
      O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
      \DAP\dapextie2.htm
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
      C:\PROGRA~1\DAP\DAP.EXE
      O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
      C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
      NameServer = 217.30.137.200,217.30.129.149
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
      \Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
      C:\WINDOWS\System32\hwclock.exe (file missing)
      O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
      C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

        • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 16:15
          CZy ktos tu moze pomóc..w koncu tu jest chyba najbardziej własciwy dział?Moze
          ktos ma jakis program do usuwania wirusó lub trojanów....Ja posłuchałem sie
          jednego z tych co doradzaja. i pozbyłem sie wszystkich antywirusó...pozostał mi
          tylko Avast...który co chwila mi ptzyp[omina ze mam trojana...i nikt nie wie
          jak go usunąc!!!!!Niech sie ktos zmiłuje....
            • m.gregor Re: trojan Collected 5.L 05.07.05, 20:38
              Kolobos: ja mu dokladnie to samo wczoraj podalem w mailu. W przeciagu 3 godzin
              od pierwszego maila NIC SIE U NIEGO NIE ZMIENILO (ani aktualizacje, ani 2
              antywirusy, ani firewall). Wiec chyba trzeba sobie odpuscic...
              --
              "And the man in the rain picked up his bag of secrets,
              and journeyed up the mountainside, far above the clouds,
              and nothing was ever heard from him again,
              except for the sound of Tubular Bells..."
      • Gość: Logfile of HijackT Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 15:04
        To co przed chwila zrbiłem...czyli odświezyłem windowsa
        Logfile of HijackThis v1.99.1
        Scan saved at 15:03:43, on 2005-07-05
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\RAM Idle\RAMIdle.exe
        C:\Program Files\Winamp3\winampa.exe
        C:\PROGRA~1\DAP\DAP.EXE
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
        C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
        C:\Program Files\Kalendarz XP\Kalendarz.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\WINDOWS\System32\devldr32.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Outlook Express\msimn.exe
        C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
        O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
        Files\DAP\DAPBHO.dll
        O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
        Files\DAP\DAPIEBar.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
        Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
        O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program
        Files\CyberLink\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
        Antivirus\CAVTray.exe"
        O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
        Antivirus\CAVRID.exe"
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [Skype] "C:\Documents and
        Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
        O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
        O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
        O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
        \DAP\dapextie2.htm
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
        C:\PROGRA~1\DAP\DAP.EXE
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
        NameServer = 217.30.137.200,217.30.129.149
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
        \Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
        C:\WINDOWS\System32\hwclock.exe (file missing)
        O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

      • neder Re: trojan Collected 5.L 05.07.05, 17:36
        > > Czy ktos tu siedzi i odpisuje na problemy tych co sie wkradł jakis wirus?Nic
        > tylko siąśc i płakać!!!!!!!!!!!!


        tak i płacą im nawet za to grubą kasę... co za bezczelni, no... że też się
        obijają zamiast pracować. Powinni ich za to zwolnić!


        --
        "now i have heard the wisest of wisdom
        and i have dined in palaces and kingdoms
        but nothing is as beautiful
        as when she believes when she believes in me"
          • neder Re: trojan Collected 5.L 05.07.05, 17:44
            jeeeeeeeeeeezuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu



            --
            "now i have heard the wisest of wisdom
            and i have dined in palaces and kingdoms
            but nothing is as beautiful
            as when she believes when she believes in me"
              • rok1978 Re: trojan Collected 5.L 05.07.05, 18:03
                Przeciez jezuuuuuuuu bylo z sensem.

                Wez przeczytaj dobrze co napisal Ci Kolobos. I przestan narzekac bo ja tez juz
                drugi dzien pieprze sie z jakims syfem (i to nie jest mile).

                Powinienes sie cieszyc ze ktos wogle chce Ci pomoc.
                • neder Re: trojan Collected 5.L 05.07.05, 18:08
                  przepraszam chciałam napisac z sensem, wydawało mi się, że Ci pisałam... na
                  forum Komputery... a potem zobaczyłam, że kolejne Twoje wątki wyrastaja na
                  kolejnym forum, każdy Ci pomaga, a Ty jeszcze narzekasz. Kolobos pomoże Ci o
                  wiele lepiej niż ja więc się przymknęłam, rób to co on pisze. To po pierwsze.



                  Nie wiem czy zdajesz sobie sprawę, że nie leży w dobrym tonie pospieszanie kogoś
                  kto stara Ci się pomóc. Tu serio nikt nikomu nie płaci i przypuszczam, że
                  wiekszość z nas zagląda tu w przerwach swojej pracy i własnych zajęć. Więc miej
                  to na uwadze i nie pospieszaj wszystkich i mało tego robisz to we wszystkich 3
                  wątkach. Wróć się do nich i zobacz ile osób Ci odpisało a Ty ciągle narzekasz i
                  stosujesz jakies głupie inwektywy. To po drugie.


                  Jestem kobietą. To po trzecie.



                  Czy to było wystarczająco z sensem????


                  --
                  "now i have heard the wisest of wisdom
                  and i have dined in palaces and kingdoms
                  but nothing is as beautiful
                  as when she believes when she believes in me"
                • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 18:11
                  NO jasne ,ze sie ciesze...bo weszłem tu tylko dlatego ze miałem nadzieje,ze
                  ktos mi pomoże..Mam kompa juz 5 lat i nie zdazyło mi sie zeby ktos tak mi
                  tłumaczył...Myslalem,ze tu sa fachowcy i ludzie o pedagogicznych podejsciach do
                  laików takich jak ja...A wy mi tu od razu z grubej rury suniecie pojeciami ..o
                  których ja nie mam pojecia..Myslalem ,ze podacie mi jakis program do usunniecia
                  tego trojana...zawsze tak było...i nie miałem problemu...Moze zrobic
                  reinstalacje systemu?
                • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 18:32
                  robie cały czas...a ty myslis zze ja siedze i nie mam co robic tylko sie z wami
                  handryczyć i przekomażąć?Chce jak najszybciej pozbyc sie tego g...na...a nic mi
                  nie wychodzi....Podaliscie mi tego Killboxa..ale on nie usunał mi tego
                  pliku...najpierw chyab tzreba by...załata ta "dziure" w tym systenmie.....
                • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 18:56
                  Logfile of HijackThis v1.99.1
                  Scan saved at 18:57:25, on 2005-07-05
                  Platform: Windows XP (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\System32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                  C:\Program Files\Alwil Software\Avast4\ashServ.exe
                  C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                  C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                  C:\Program Files\RAM Idle\RAMIdle.exe
                  C:\Program Files\Winamp3\winampa.exe
                  C:\PROGRA~1\DAP\DAP.EXE
                  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                  C:\WINDOWS\System32\ctfmon.exe
                  C:\Program Files\Gadu-Gadu\gg.exe
                  C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
                  C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
                  C:\Program Files\Kalendarz XP\Kalendarz.exe
                  C:\WINDOWS\System32\devldr32.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Outlook Express\msimn.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\WINDOWS\System32\wuauclt.exe
                  C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                  www.onet.pl/
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                  F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
                  O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
                  Files\DAP\DAPBHO.dll
                  O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
                  Files\DAP\DAPIEBar.dll
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                  C:\WINDOWS\System32\msdxm.ocx
                  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
                  Panel\atiptaxx.exe
                  O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
                  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
                  O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [RemoteControl] "C:\Program
                  Files\CyberLink\PowerDVD\PDVDServ.exe"
                  O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                  Antivirus\CAVTray.exe"
                  O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                  Antivirus\CAVRID.exe"
                  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                  O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                  O4 - HKCU\..\Run: [Skype] "C:\Documents and
                  Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
                  O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
                  O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
                  O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
                  O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
                  \DAP\dapextie2.htm
                  O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                  res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
                  C:\PROGRA~1\DAP\DAP.EXE
                  O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                  C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                  C:\WINDOWS\web\related.htm
                  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                  00aa003c157a} - C:\WINDOWS\web\related.htm
                  O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                  skaner.mks.com.pl/SkanerOnline.cab
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
                  NameServer = 217.30.137.200,217.30.129.149
                  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
                  \Ati2evxx.exe
                  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                  O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                  Software\Avast4\ashServ.exe
                  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                  Software\Avast4\ashMaiSv.exe" /service (file missing)
                  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                  Software\Avast4\ashWebSv.exe" /service (file missing)
                  O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
                  C:\WINDOWS\System32\hwclock.exe (file missing)
                  O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
                  C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

                  • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 19:25
                    Logfile of HijackThis v1.99.1
                    Scan saved at 19:25:37, on 2005-07-05
                    Platform: Windows XP (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\System32\Ati2evxx.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                    C:\WINDOWS\system32\Ati2evxx.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                    C:\Program Files\RAM Idle\RAMIdle.exe
                    C:\Program Files\Winamp3\winampa.exe
                    C:\PROGRA~1\DAP\DAP.EXE
                    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                    C:\WINDOWS\System32\ctfmon.exe
                    C:\Program Files\Gadu-Gadu\gg.exe
                    C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
                    C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
                    C:\Program Files\Kalendarz XP\Kalendarz.exe
                    C:\WINDOWS\System32\devldr32.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Outlook Express\msimn.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                    C:\WINDOWS\System32\wuauclt.exe
                    C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                    www.onet.pl/
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
                    Files\DAP\DAPBHO.dll
                    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
                    Files\DAP\DAPIEBar.dll
                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                    C:\WINDOWS\System32\msdxm.ocx
                    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
                    Panel\atiptaxx.exe
                    O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
                    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
                    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                    O4 - HKLM\..\Run: [RemoteControl] "C:\Program
                    Files\CyberLink\PowerDVD\PDVDServ.exe"
                    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                    Antivirus\CAVTray.exe"
                    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                    Antivirus\CAVRID.exe"
                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                    AntiSpyware\gcasServ.exe"
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                    O4 - HKCU\..\Run: [Skype] "C:\Documents and
                    Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
                    O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
                    O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
                    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
                    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
                    \DAP\dapextie2.htm
                    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
                    C:\PROGRA~1\DAP\DAP.EXE
                    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                    C:\WINDOWS\web\related.htm
                    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                    00aa003c157a} - C:\WINDOWS\web\related.htm
                    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                    skaner.mks.com.pl/SkanerOnline.cab
                    O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
                    NameServer = 217.30.137.200,217.30.129.149
                    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
                    \Ati2evxx.exe
                    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                    Software\Avast4\ashServ.exe
                    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                    Software\Avast4\ashMaiSv.exe" /service (file missing)
                    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                    Software\Avast4\ashWebSv.exe" /service (file missing)
                    O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
                    C:\WINDOWS\System32\hwclock.exe (file missing)
                    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
                    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

                      • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 07.07.05, 14:26
                        Czy te pliki sie usunęły czy nie...moze ktos powiediec!????

                        Logfile of HijackThis v1.99.1
                        Scan saved at 14:26:59, on 2005-07-07
                        Platform: Windows XP (WinNT 5.01.2600)
                        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\System32\Ati2evxx.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashServ.exe
                        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                        C:\WINDOWS\system32\Ati2evxx.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                        C:\Program Files\RAM Idle\RAMIdle.exe
                        C:\Program Files\Winamp3\winampa.exe
                        C:\PROGRA~1\DAP\DAP.EXE
                        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                        C:\WINDOWS\System32\ctfmon.exe
                        C:\Program Files\Gadu-Gadu\gg.exe
                        C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
                        C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
                        C:\Program Files\Kalendarz XP\Kalendarz.exe
                        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                        C:\WINDOWS\System32\devldr32.exe
                        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                        C:\Program Files\Internet Explorer\iexplore.exe
                        C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                        C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
                        C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                        www.onet.pl/
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                        O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
                        Files\DAP\DAPBHO.dll
                        O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
                        Files\DAP\DAPIEBar.dll
                        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                        C:\WINDOWS\System32\msdxm.ocx
                        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
                        Panel\atiptaxx.exe
                        O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
                        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
                        O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
                        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                        O4 - HKLM\..\Run: [RemoteControl] "C:\Program
                        Files\CyberLink\PowerDVD\PDVDServ.exe"
                        O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                        Antivirus\CAVTray.exe"
                        O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                        Antivirus\CAVRID.exe"
                        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                        AntiSpyware\gcasServ.exe"
                        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                        O4 - HKCU\..\Run: [Skype] "C:\Documents and
                        Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
                        O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
                        O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
                        O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
                        O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
                        \DAP\dapextie2.htm
                        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                        res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                        O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
                        C:\PROGRA~1\DAP\DAP.EXE
                        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                        C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                        C:\WINDOWS\web\related.htm
                        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                        00aa003c157a} - C:\WINDOWS\web\related.htm
                        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                        skaner.mks.com.pl/SkanerOnline.cab
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
                        NameServer = 217.30.137.200,217.30.129.149
                        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
                        \Ati2evxx.exe
                        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashServ.exe
                        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashMaiSv.exe" /service (file missing)
                        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashWebSv.exe" /service (file missing)
                        O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
                        C:\WINDOWS\System32\hwclock.exe (file missing)
                        O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
                        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

                        • neder Re: trojan Collected 5.L 07.07.05, 14:55
                          Sławku, nie denerwuj się... po prostu zobacz co miałeś usunąć i skojarz z tym co
                          jeszcze masz w logu... jeśli tylko umiesz dodać 2 do 2 to pójdzie Ci całkiem
                          sprawnie...

                          --
                          "now i have heard the wisest of wisdom
                          and i have dined in palaces and kingdoms
                          but nothing is as beautiful
                          as when she believes when she believes in me"
                          • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 07.07.05, 15:14
                            Nie moge usunąc tego pliku
                            O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
                            C:\WINDOWS\System32\hwclock.exe (file missing)
                            czy jak mam go usunąc i czy jeszcze cos mam usuwac...Bo na razie mam te
                            trojany w kwarantannie i nie pika mi Avast ze cos wykrył.....

                            Logfile of HijackThis v1.99.1
                            Scan saved at 15:13:36, on 2005-07-07
                            Platform: Windows XP (WinNT 5.01.2600)
                            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\System32\Ati2evxx.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                            C:\Program Files\Alwil Software\Avast4\ashServ.exe
                            C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                            C:\WINDOWS\system32\Ati2evxx.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                            C:\Program Files\RAM Idle\RAMIdle.exe
                            C:\Program Files\Winamp3\winampa.exe
                            C:\PROGRA~1\DAP\DAP.EXE
                            C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                            C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                            C:\WINDOWS\System32\ctfmon.exe
                            C:\Program Files\Gadu-Gadu\gg.exe
                            C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
                            C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
                            C:\Program Files\Kalendarz XP\Kalendarz.exe
                            C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                            C:\WINDOWS\System32\devldr32.exe
                            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                            C:\Program Files\Internet Explorer\iexplore.exe
                            C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                            C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                            www.onet.pl/
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                            O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
                            Files\DAP\DAPBHO.dll
                            O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
                            Files\DAP\DAPIEBar.dll
                            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                            C:\WINDOWS\System32\msdxm.ocx
                            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
                            Panel\atiptaxx.exe
                            O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
                            O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
                            O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
                            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                            O4 - HKLM\..\Run: [RemoteControl] "C:\Program
                            Files\CyberLink\PowerDVD\PDVDServ.exe"
                            O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                            Antivirus\CAVTray.exe"
                            O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                            Antivirus\CAVRID.exe"
                            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                            O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                            AntiSpyware\gcasServ.exe"
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                            O4 - HKCU\..\Run: [Skype] "C:\Documents and
                            Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
                            O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
                            O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
                            O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
                            O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
                            \DAP\dapextie2.htm
                            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                            res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                            O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
                            C:\PROGRA~1\DAP\DAP.EXE
                            O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                            C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                            C:\WINDOWS\web\related.htm
                            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                            00aa003c157a} - C:\WINDOWS\web\related.htm
                            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                            skaner.mks.com.pl/SkanerOnline.cab
                            O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
                            NameServer = 217.30.137.200,217.30.129.149
                            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                            O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
                            \Ati2evxx.exe
                            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashServ.exe
                            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashMaiSv.exe" /service (file missing)
                            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashWebSv.exe" /service (file missing)
                            O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
                            C:\WINDOWS\System32\hwclock.exe (file missing)
                            O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
                            C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka