Dodaj do ulubionych

trojan Collected 5.L

IP: *.zgora.dialog.net.pl 04.07.05, 20:16
Logfile of HijackThis v1.99.1
Scan saved at 20:09:47, on 2005-07-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\xpjava.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\wuamgrnd32.exe
C:\Program Files\RAM Idle\RAMIdle.exe
C:\Program Files\Winamp3\winampa.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\WINDOWS\System32\r34r.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
C:\Program Files\netPanel\NetPanel.exe
C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MKS\Bin\mks_virw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} -
C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} -
C:\Program Files\netPanel\IEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoft Reg] wuamgrnd32.exe
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [netPanel] "C:\Program
Files\netPanel\Starter.exe" /path="C:\Program Files\netPanel"
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SERV PacK2] r34r.exe
O4 - HKLM\..\RunServices: [Microsoft Reg] wuamgrnd32.exe
O4 - HKLM\..\RunServices: [SERV PacK2] r34r.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Reg] wuamgrnd32.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Documents and
Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz
XP\Start.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1
\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-
E5ACDAA274C1}: NameServer = 217.30.137.200,217.30.129.149
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. -
C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program
Files\MKS\Bin\mks_scan.exe

Obserwuj wątek
    • Gość: Kolobos Re: trojan Collected 5.L IP: *.warszawa.sdi.tpnet.pl 04.07.05, 21:34
      I znowu to samo brak aktualizacji i syf...

      Nie mozna miec dwoch (i wiecej) antyvirusow, odinstaluj MKS'a oraz eTrust EZ
      Armor!

      Zamknij porty:
      www.firewallleaktester.com/tools/wwdc.exe
      Przeskanuj tym i usun wszystko co znajdzie:
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe



      W hijackthis kasujesz te wpisy:

      F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
      O4 - HKLM\..\Run: [Microsoft Reg] wuamgrnd32.exe
      O4 - HKLM\..\Run: [SERV PacK2] r34r.exe
      O4 - HKLM\..\RunServices: [Microsoft Reg] wuamgrnd32.exe
      O4 - HKLM\..\RunServices: [SERV PacK2] r34r.exe
      O4 - HKCU\..\Run: [Microsoft Reg] wuamgrnd32.exe
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
      C:\WINDOWS\System32\hwclock.exe (file missing)

      Nastepnie w menadzerze zadan zamykasz te procesy:
      xpjava.exe
      wuamgrnd32.exe
      r34r.exe

      I kasujesz pliki:
      C:\WINDOWS\System32\xpjava.exe
      C:\WINDOWS\System32\wuamgrnd32.exe
      C:\WINDOWS\System32\r34r.exe

      Po wszystkim wklej nowy log.
    • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 14:40
      Logfile of HijackThis v1.99.1
      Scan saved at 14:40:27, on 2005-07-05
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
      C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\RAM Idle\RAMIdle.exe
      C:\Program Files\Winamp3\winampa.exe
      C:\PROGRA~1\DAP\DAP.EXE
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
      C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
      C:\Program Files\Kalendarz XP\Kalendarz.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\System32\devldr32.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.onet.pl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
      O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
      Files\DAP\DAPBHO.dll
      O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
      Files\DAP\DAPIEBar.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
      Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
      O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program
      Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
      Antivirus\CAVTray.exe"
      O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
      Antivirus\CAVRID.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [Skype] "C:\Documents and
      Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
      O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
      O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
      O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
      \DAP\dapextie2.htm
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
      C:\PROGRA~1\DAP\DAP.EXE
      O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
      C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
      NameServer = 217.30.137.200,217.30.129.149
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
      \Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
      C:\WINDOWS\System32\hwclock.exe (file missing)
      O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
      C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

      • Gość: Logfile of HijackT Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 15:04
        To co przed chwila zrbiłem...czyli odświezyłem windowsa
        Logfile of HijackThis v1.99.1
        Scan saved at 15:03:43, on 2005-07-05
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\RAM Idle\RAMIdle.exe
        C:\Program Files\Winamp3\winampa.exe
        C:\PROGRA~1\DAP\DAP.EXE
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
        C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
        C:\Program Files\Kalendarz XP\Kalendarz.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\WINDOWS\System32\devldr32.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Outlook Express\msimn.exe
        C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
        O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
        Files\DAP\DAPBHO.dll
        O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
        Files\DAP\DAPIEBar.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
        Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
        O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program
        Files\CyberLink\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
        Antivirus\CAVTray.exe"
        O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
        Antivirus\CAVRID.exe"
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [Skype] "C:\Documents and
        Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
        O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
        O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
        O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
        \DAP\dapextie2.htm
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
        C:\PROGRA~1\DAP\DAP.EXE
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
        NameServer = 217.30.137.200,217.30.129.149
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
        \Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
        C:\WINDOWS\System32\hwclock.exe (file missing)
        O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

      • neder Re: trojan Collected 5.L 05.07.05, 17:36
        > > Czy ktos tu siedzi i odpisuje na problemy tych co sie wkradł jakis wirus?Nic
        > tylko siąśc i płakać!!!!!!!!!!!!


        tak i płacą im nawet za to grubą kasę... co za bezczelni, no... że też się
        obijają zamiast pracować. Powinni ich za to zwolnić!
              • rok1978 Re: trojan Collected 5.L 05.07.05, 18:03
                Przeciez jezuuuuuuuu bylo z sensem.

                Wez przeczytaj dobrze co napisal Ci Kolobos. I przestan narzekac bo ja tez juz
                drugi dzien pieprze sie z jakims syfem (i to nie jest mile).

                Powinienes sie cieszyc ze ktos wogle chce Ci pomoc.
                • neder Re: trojan Collected 5.L 05.07.05, 18:08
                  przepraszam chciałam napisac z sensem, wydawało mi się, że Ci pisałam... na
                  forum Komputery... a potem zobaczyłam, że kolejne Twoje wątki wyrastaja na
                  kolejnym forum, każdy Ci pomaga, a Ty jeszcze narzekasz. Kolobos pomoże Ci o
                  wiele lepiej niż ja więc się przymknęłam, rób to co on pisze. To po pierwsze.



                  Nie wiem czy zdajesz sobie sprawę, że nie leży w dobrym tonie pospieszanie kogoś
                  kto stara Ci się pomóc. Tu serio nikt nikomu nie płaci i przypuszczam, że
                  wiekszość z nas zagląda tu w przerwach swojej pracy i własnych zajęć. Więc miej
                  to na uwadze i nie pospieszaj wszystkich i mało tego robisz to we wszystkich 3
                  wątkach. Wróć się do nich i zobacz ile osób Ci odpisało a Ty ciągle narzekasz i
                  stosujesz jakies głupie inwektywy. To po drugie.


                  Jestem kobietą. To po trzecie.



                  Czy to było wystarczająco z sensem????
                • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 18:11
                  NO jasne ,ze sie ciesze...bo weszłem tu tylko dlatego ze miałem nadzieje,ze
                  ktos mi pomoże..Mam kompa juz 5 lat i nie zdazyło mi sie zeby ktos tak mi
                  tłumaczył...Myslalem,ze tu sa fachowcy i ludzie o pedagogicznych podejsciach do
                  laików takich jak ja...A wy mi tu od razu z grubej rury suniecie pojeciami ..o
                  których ja nie mam pojecia..Myslalem ,ze podacie mi jakis program do usunniecia
                  tego trojana...zawsze tak było...i nie miałem problemu...Moze zrobic
                  reinstalacje systemu?
                • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 18:32
                  robie cały czas...a ty myslis zze ja siedze i nie mam co robic tylko sie z wami
                  handryczyć i przekomażąć?Chce jak najszybciej pozbyc sie tego g...na...a nic mi
                  nie wychodzi....Podaliscie mi tego Killboxa..ale on nie usunał mi tego
                  pliku...najpierw chyab tzreba by...załata ta "dziure" w tym systenmie.....
                • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 18:56
                  Logfile of HijackThis v1.99.1
                  Scan saved at 18:57:25, on 2005-07-05
                  Platform: Windows XP (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\System32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                  C:\Program Files\Alwil Software\Avast4\ashServ.exe
                  C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                  C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                  C:\Program Files\RAM Idle\RAMIdle.exe
                  C:\Program Files\Winamp3\winampa.exe
                  C:\PROGRA~1\DAP\DAP.EXE
                  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                  C:\WINDOWS\System32\ctfmon.exe
                  C:\Program Files\Gadu-Gadu\gg.exe
                  C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
                  C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
                  C:\Program Files\Kalendarz XP\Kalendarz.exe
                  C:\WINDOWS\System32\devldr32.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Outlook Express\msimn.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\WINDOWS\System32\wuauclt.exe
                  C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                  www.onet.pl/
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                  F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
                  O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
                  Files\DAP\DAPBHO.dll
                  O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
                  Files\DAP\DAPIEBar.dll
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                  C:\WINDOWS\System32\msdxm.ocx
                  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
                  Panel\atiptaxx.exe
                  O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
                  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
                  O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [RemoteControl] "C:\Program
                  Files\CyberLink\PowerDVD\PDVDServ.exe"
                  O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                  Antivirus\CAVTray.exe"
                  O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                  Antivirus\CAVRID.exe"
                  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                  O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                  O4 - HKCU\..\Run: [Skype] "C:\Documents and
                  Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
                  O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
                  O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
                  O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
                  O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
                  \DAP\dapextie2.htm
                  O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                  res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
                  C:\PROGRA~1\DAP\DAP.EXE
                  O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                  C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                  C:\WINDOWS\web\related.htm
                  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                  00aa003c157a} - C:\WINDOWS\web\related.htm
                  O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                  skaner.mks.com.pl/SkanerOnline.cab
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
                  NameServer = 217.30.137.200,217.30.129.149
                  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
                  \Ati2evxx.exe
                  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                  O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                  Software\Avast4\ashServ.exe
                  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                  Software\Avast4\ashMaiSv.exe" /service (file missing)
                  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                  Software\Avast4\ashWebSv.exe" /service (file missing)
                  O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
                  C:\WINDOWS\System32\hwclock.exe (file missing)
                  O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
                  C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

                  • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 05.07.05, 19:25
                    Logfile of HijackThis v1.99.1
                    Scan saved at 19:25:37, on 2005-07-05
                    Platform: Windows XP (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\System32\Ati2evxx.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                    C:\WINDOWS\system32\Ati2evxx.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                    C:\Program Files\RAM Idle\RAMIdle.exe
                    C:\Program Files\Winamp3\winampa.exe
                    C:\PROGRA~1\DAP\DAP.EXE
                    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                    C:\WINDOWS\System32\ctfmon.exe
                    C:\Program Files\Gadu-Gadu\gg.exe
                    C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
                    C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
                    C:\Program Files\Kalendarz XP\Kalendarz.exe
                    C:\WINDOWS\System32\devldr32.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Outlook Express\msimn.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                    C:\WINDOWS\System32\wuauclt.exe
                    C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                    www.onet.pl/
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
                    Files\DAP\DAPBHO.dll
                    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
                    Files\DAP\DAPIEBar.dll
                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                    C:\WINDOWS\System32\msdxm.ocx
                    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
                    Panel\atiptaxx.exe
                    O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
                    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
                    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                    O4 - HKLM\..\Run: [RemoteControl] "C:\Program
                    Files\CyberLink\PowerDVD\PDVDServ.exe"
                    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                    Antivirus\CAVTray.exe"
                    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                    Antivirus\CAVRID.exe"
                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                    AntiSpyware\gcasServ.exe"
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                    O4 - HKCU\..\Run: [Skype] "C:\Documents and
                    Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
                    O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
                    O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
                    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
                    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
                    \DAP\dapextie2.htm
                    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
                    C:\PROGRA~1\DAP\DAP.EXE
                    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                    C:\WINDOWS\web\related.htm
                    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                    00aa003c157a} - C:\WINDOWS\web\related.htm
                    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                    skaner.mks.com.pl/SkanerOnline.cab
                    O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
                    NameServer = 217.30.137.200,217.30.129.149
                    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
                    \Ati2evxx.exe
                    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                    Software\Avast4\ashServ.exe
                    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                    Software\Avast4\ashMaiSv.exe" /service (file missing)
                    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                    Software\Avast4\ashWebSv.exe" /service (file missing)
                    O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
                    C:\WINDOWS\System32\hwclock.exe (file missing)
                    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
                    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

                      • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 07.07.05, 14:26
                        Czy te pliki sie usunęły czy nie...moze ktos powiediec!????

                        Logfile of HijackThis v1.99.1
                        Scan saved at 14:26:59, on 2005-07-07
                        Platform: Windows XP (WinNT 5.01.2600)
                        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\System32\Ati2evxx.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashServ.exe
                        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                        C:\WINDOWS\system32\Ati2evxx.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                        C:\Program Files\RAM Idle\RAMIdle.exe
                        C:\Program Files\Winamp3\winampa.exe
                        C:\PROGRA~1\DAP\DAP.EXE
                        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                        C:\WINDOWS\System32\ctfmon.exe
                        C:\Program Files\Gadu-Gadu\gg.exe
                        C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
                        C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
                        C:\Program Files\Kalendarz XP\Kalendarz.exe
                        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                        C:\WINDOWS\System32\devldr32.exe
                        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                        C:\Program Files\Internet Explorer\iexplore.exe
                        C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                        C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
                        C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                        www.onet.pl/
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                        O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
                        Files\DAP\DAPBHO.dll
                        O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
                        Files\DAP\DAPIEBar.dll
                        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                        C:\WINDOWS\System32\msdxm.ocx
                        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
                        Panel\atiptaxx.exe
                        O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
                        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
                        O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
                        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                        O4 - HKLM\..\Run: [RemoteControl] "C:\Program
                        Files\CyberLink\PowerDVD\PDVDServ.exe"
                        O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                        Antivirus\CAVTray.exe"
                        O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                        Antivirus\CAVRID.exe"
                        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                        AntiSpyware\gcasServ.exe"
                        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                        O4 - HKCU\..\Run: [Skype] "C:\Documents and
                        Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
                        O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
                        O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
                        O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
                        O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
                        \DAP\dapextie2.htm
                        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                        res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                        O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
                        C:\PROGRA~1\DAP\DAP.EXE
                        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                        C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                        C:\WINDOWS\web\related.htm
                        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                        00aa003c157a} - C:\WINDOWS\web\related.htm
                        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                        skaner.mks.com.pl/SkanerOnline.cab
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
                        NameServer = 217.30.137.200,217.30.129.149
                        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
                        \Ati2evxx.exe
                        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashServ.exe
                        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashMaiSv.exe" /service (file missing)
                        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashWebSv.exe" /service (file missing)
                        O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
                        C:\WINDOWS\System32\hwclock.exe (file missing)
                        O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
                        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

                        • neder Re: trojan Collected 5.L 07.07.05, 14:55
                          Sławku, nie denerwuj się... po prostu zobacz co miałeś usunąć i skojarz z tym co
                          jeszcze masz w logu... jeśli tylko umiesz dodać 2 do 2 to pójdzie Ci całkiem
                          sprawnie...
                          • Gość: eliot21 Re: trojan Collected 5.L IP: *.zgora.dialog.net.pl 07.07.05, 15:14
                            Nie moge usunąc tego pliku
                            O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
                            C:\WINDOWS\System32\hwclock.exe (file missing)
                            czy jak mam go usunąc i czy jeszcze cos mam usuwac...Bo na razie mam te
                            trojany w kwarantannie i nie pika mi Avast ze cos wykrył.....

                            Logfile of HijackThis v1.99.1
                            Scan saved at 15:13:36, on 2005-07-07
                            Platform: Windows XP (WinNT 5.01.2600)
                            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\System32\Ati2evxx.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                            C:\Program Files\Alwil Software\Avast4\ashServ.exe
                            C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                            C:\WINDOWS\system32\Ati2evxx.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                            C:\Program Files\RAM Idle\RAMIdle.exe
                            C:\Program Files\Winamp3\winampa.exe
                            C:\PROGRA~1\DAP\DAP.EXE
                            C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                            C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                            C:\WINDOWS\System32\ctfmon.exe
                            C:\Program Files\Gadu-Gadu\gg.exe
                            C:\Documents and Settings\slawek\Pulpit\Skype\Phone\Skype.exe
                            C:\Program Files\Siemens\Gigaset WLAN Adapter\wlm.exe
                            C:\Program Files\Kalendarz XP\Kalendarz.exe
                            C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                            C:\WINDOWS\System32\devldr32.exe
                            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                            C:\Program Files\Internet Explorer\iexplore.exe
                            C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                            C:\Documents and Settings\slawek\Pulpit\HijackThis.exe

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                            www.onet.pl/
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                            O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program
                            Files\DAP\DAPBHO.dll
                            O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
                            Files\DAP\DAPIEBar.dll
                            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                            C:\WINDOWS\System32\msdxm.ocx
                            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
                            Panel\atiptaxx.exe
                            O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
                            O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
                            O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
                            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                            O4 - HKLM\..\Run: [RemoteControl] "C:\Program
                            Files\CyberLink\PowerDVD\PDVDServ.exe"
                            O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                            Antivirus\CAVTray.exe"
                            O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
                            Antivirus\CAVRID.exe"
                            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                            O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                            AntiSpyware\gcasServ.exe"
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                            O4 - HKCU\..\Run: [Skype] "C:\Documents and
                            Settings\slawek\Pulpit\Skype\Phone\Skype.exe" /nosplash /minimized
                            O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
                            O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
                            O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
                            O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
                            \DAP\dapextie2.htm
                            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                            res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                            O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
                            C:\PROGRA~1\DAP\DAP.EXE
                            O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                            C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                            C:\WINDOWS\web\related.htm
                            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                            00aa003c157a} - C:\WINDOWS\web\related.htm
                            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                            skaner.mks.com.pl/SkanerOnline.cab
                            O17 - HKLM\System\CCS\Services\Tcpip\..\{8B24A6FC-6606-4A51-A72A-E5ACDAA274C1}:
                            NameServer = 217.30.137.200,217.30.129.149
                            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                            O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
                            \Ati2evxx.exe
                            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashServ.exe
                            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashMaiSv.exe" /service (file missing)
                            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashWebSv.exe" /service (file missing)
                            O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner -
                            C:\WINDOWS\System32\hwclock.exe (file missing)
                            O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
                            C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka