Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    trojan

    13.07.06, 13:33
    mam podobno takiego trojana: Trojan-Dropper.Win32.Agent.mc i zupełnie nie
    wiem co robić !!! nie znam się na tym!!!!
    Obserwuj wątek
      • Gość: Kolobos Re: trojan IP: *.warszawa.sdi.tpnet.pl 13.07.06, 13:35
        Napisz w jakim pliku go masz, oraz wklej log z hijackthis (opis masz w
        przyklejonym poscie).
        • szakal165 Re: trojan 13.07.06, 13:37
          mam go na dysku E:/ ściągałąm gify z internetu i mam trojana . ale ja mam
          piracką wersję wina chyba:(
          • szakal165 Re: trojan 13.07.06, 13:45
            Logfile of HijackThis v1.99.1
            Scan saved at 13:44:36, on 2006-07-13
            Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\SYSTEM32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Ahead\InCD\InCDsrv.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\UAService7.exe
            C:\WINDOWS\SYSTEM32\Ati2evxx.exe
            C:\WINDOWS\system32\WgaTray.exe
            C:\WINDOWS\Explorer.EXE
            C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
            C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
            C:\Program Files\Ahead\InCD\InCD.exe
            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            C:\WINDOWS\SOUNDMAN.EXE
            C:\Program Files\Winamp\winampa.exe
            C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\Program Files\Skype\Phone\Skype.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\D-Link AirPlus\AirPlus.exe
            C:\Program Files\VIA\RAID\raid_tool.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
            C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
            C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Documents and Settings\Martuśka\Pulpit\hijackthis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.epuls.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
            C:\Program Files\ICQToolbar\toolbaru.dll
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
            Files\Java\jre1.5.0_06\bin\ssv.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
            c:\program files\google\googletoolbar1.dll
            O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
            C:\Program Files\ICQToolbar\toolbaru.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
            files\google\googletoolbar1.dll
            O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
            O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
            Solution\PowerDVD\PDVDServ.exe"
            O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
            Panel\atiptaxx.exe
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
            \bin\jusched.exe
            O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition
            Classic\avgnt.exe" /min
            O4 - HKLM\..\Run: [PPFW] c:\program files\panda software\panda platinum 2006
            internet security\firewall\PPFW.EXE
            PPFW.EXE /cmd:allowpandarules /prod:platinum /mod:3 /flg:2 /ver:10.2.0
            O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum
            2006 Internet Security\Inicio.exe"
            O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum
            2006 Internet Security\APVXDWIN.EXE" /s
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
            O4 - HKCU\..\Run: [Komunikator] "C:\Program Files\Tlen.pl\tlen.exe" --
            confdir=home
            O4 - HKCU\..\Run: [Skype] "C:\Program
            Files\Skype\Phone\Skype.exe" /nosplash /minimized
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - Global Startup: D-Link AirPlus.lnk = ?
            O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
            O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
            O8 - Extra context menu item: &Google Search - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmsearch.html
            O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
            Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
            O8 - Extra context menu item: &Translate English Word - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmwordtrans.html
            O8 - Extra context menu item: Backward Links - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmbacklinks.html
            O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmcache.html
            O8 - Extra context menu item: Similar Pages - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmsimilar.html
            O8 - Extra context menu item: Translate Page into English - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmtrans.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
            C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
            00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
            www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
            O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
            mks.com.pl/skaner/SkanerOnline.cab
            O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
            Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
            O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
            acs.pandasoftware.com/activescan/as5free/asinst.cab
            O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
            67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
            O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
            O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
            Files\Adobe Systems Shared\Service\Adobelmsvc.exe
            O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) -
            Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
            O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA
            GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32
            \Ati2evxx.exe
            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashMaiSv.e
            • Gość: Kolobos Re: trojan IP: *.warszawa.sdi.tpnet.pl 13.07.06, 14:06
              Podaj nazwe zainfekowanego pliku i jego lokalizacje, a nie "mam go ne E:\"!
              Zreszta skoro cos Ci go wykrywa to czemu go nie usuniesz?

              Nie instaluj nigdy wiecej nie jednego antyvirusa! Odinstaluj Pande i Avast i
              zostaw Antivir PE.

              Log sie nie zmiescil caly, doklej reszte od:
              O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
              Software\Avast4\ashMaiSv.e

              Do tego przeskanuj system przy pomocy ewido (znajdziesz na google lub link w
              przyklejonym).
              • szakal165 Re: trojan 13.07.06, 14:11
                nie wiem jak mam je odinstalowac!!! panda byla juz kasowana ale nadal nie moge
                jej do konca usunac..to samo avast...
            • szakal165 Re: trojan 13.07.06, 14:08
              reszta:

              O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32
              \Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
              Software\Avast4\ashServ.exe
              O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
              Software\Avast4\ashMaiSv.e
              • Gość: Kolobos Re: trojan IP: *.warszawa.sdi.tpnet.pl 13.07.06, 14:18
                To nie jest reszta jak zapewne sam widzisz...

                Na tym sie konczy Twoj log:
                O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashMaiSv.e
                Wiec wklej to co jest dalej, a nie wczesniej.

                Uzyj tego:
                www.pandasoftware.com/resources/sop/uninst_v1.0.0.2.zip
                oraz:
                www.avast.com/eng/avast_uninstall_util.html
                • szakal165 Re: trojan 13.07.06, 14:28
                  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
                  Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) -
                  Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
                  O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA
                  GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
                  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32
                  \Ati2evxx.exe
                  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
                  Files\Ahead\InCD\InCDsrv.exe
                  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC
                  Austria AG. - C:\WINDOWS\system32\UAService7.exe
      • szakal165 Re: trojan 13.07.06, 14:36
        i wyskoczylo mi jakies okno ze za chwile zamknie sie system i tzreba zapisac
        wszystkie informacje!!! pomocy!
      • Gość: proszę o ponowne s Re: trojan IP: *.com / *.internetdsl.tpnet.pl 13.07.06, 17:16
        Logfile of HijackThis v1.99.1
        Scan saved at 14:22:47, on 2006-07-13
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Ahead\InCD\InCDsrv.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\UAService7.exe
        C:\WINDOWS\SYSTEM32\Ati2evxx.exe
        C:\WINDOWS\system32\WgaTray.exe
        C:\WINDOWS\Explorer.EXE
        C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
        C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
        C:\Program Files\Ahead\InCD\InCD.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\D-Link AirPlus\AirPlus.exe
        C:\Program Files\VIA\RAID\raid_tool.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
        C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
        C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
        C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
        C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe
        C:\Documents and Settings\Martuśka\Pulpit\uninst_v1.0.0.2\SMCLpav.exe
        C:\Documents and Settings\Martuśka\Pulpit\hijackthis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.epuls.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
        C:\Program Files\ICQToolbar\toolbaru.dll
        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
        Files\Java\jre1.5.0_06\bin\ssv.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
        c:\program files\google\googletoolbar1.dll
        O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program
        Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
        files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
        Solution\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
        Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
        Files\Java\jre1.5.0_06\bin\jusched.exe
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition
        Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [PPFW] c:\program files\panda software\panda platinum 2006
        internet security\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:platinum
        /mod:3 /flg:2 /ver:10.2.0
        O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum
        2006 Internet Security\Inicio.exe"
        O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum
        2006 Internet Security\APVXDWIN.EXE" /s
        O4 - HKLM\..\RunOnce: [SMCL BorrarDir] CMD /C RMDIR /S /Q "x"
        O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
        O4 - HKCU\..\Run: [Komunikator] "C:\Program Files\Tlen.pl\tlen.exe" --confdir=home
        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
        /minimized
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - Global Startup: D-Link AirPlus.lnk = ?
        O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
        O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
        O8 - Extra context menu item: &Google Search - res://C:\Program
        Files\Google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
        Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
        O8 - Extra context menu item: &Translate English Word - res://C:\Program
        Files\Google\GoogleToolbar1.dll/cmwordtrans.html
        O8 - Extra context menu item: Backward Links - res://C:\Program
        Files\Google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
        Files\Google\GoogleToolbar1.dll/cmcache.html
        O8 - Extra context menu item: Similar Pages - res://C:\Program
        Files\Google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Translate Page into English - res://C:\Program
        Files\Google\GoogleToolbar1.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console -
        {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
        Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger -
        {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
        www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
        O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
        mks.com.pl/skaner/SkanerOnline.cab
        O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
        - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
        67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
        Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) -
        Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA
        GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
        Files\Ahead\InCD\InCDsrv.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC
        Austria AG. - C:\WINDOWS\system32\UAService7.exe
        • Gość: Kolobos Re: trojan IP: *.warszawa.sdi.tpnet.pl 13.07.06, 21:33
          Log jest ok.

          Jak juz pisalem pare razy, podaj w koncu nazwe zainfekowanego pliku.
          Do tego przeskanuj system przy pomocy ewido.
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji