| Author |
Message
|
Radek102
Poziom 18
Joined: 25 Nov 2004
Posts: 503
Location: ¦wiecie
|
 #1
 15 May 2005 14:54 Trojan-1252 |
|
|
|
Witam od wczoraj zago[ciB u mie chyba wirusik czy cos tam podobnego
Przeskanowalem system antywirusem AVAST!4,6 i pokazaB mi sie komunikat
C/Windows/system32/exe
nazwa paso|yta Win32:trojan-1252
niewiem jak go usun na dobre bo zachwile powraca
zwalnia mi komp nie moge otwierac Exploera itd.
I nie moge odBczy poBczenia z internetep
POMOCY 8O
|
|
| Back to top |
|
 |
jankolo
Poziom 26
Joined: 10 Jan 2005
Posts: 28259
Location: ŁódĽ
|
#2
15 May 2005 14:59 Re: Trojan-1252 |
|
|
|
¦ci±gnij sobie hijackthis (www.hihackthis.de), uruchom, zrób log i wklej go na forum. Zobaczymy, co tam masz jeszcze.
|
|
| Back to top |
|
|
Google
|
| #
15 May 2005 14:59 |
|
|
|
|
|
| Back to top |
|
|
Radek102
Poziom 18
Joined: 25 Nov 2004
Posts: 503
Location: ¦wiecie
|
#3
15 May 2005 15:12 Re: Trojan-1252 |
|
|
|
mam [cigneBem i nie wiem jak go zapisa do notatnika |eby go tu przenie[ nieznam jzyków obcych :oops:
Dodano po 2 [minuty]:
Juz wiem chyba oto chodzi
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Isass.exe
C:\Documents and Settings\Radek\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla hijackthisy.zip\HijackThis.exe
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
#4
15 May 2005 15:14 Trojan-1252 |
|
|
|
:arrow: Radek102
Uzyj przcisku zmien i wklej CALA zawartosc pliku, a nie tylko poczatek ;-)
|
|
| Back to top |
|
|
Radek102
Poziom 18
Joined: 25 Nov 2004
Posts: 503
Location: ¦wiecie
|
#5
15 May 2005 15:24 Re: Trojan-1252 |
|
|
|
oto chodzi?
StartupList report, 2005-05-15, 15:55:53
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Radek\Ustawienia lokalne\Temp\Katalog tymczasowy 3 dla hijackthisy.zip\HijackThis.EXE
Detected: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Isass.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Radek\Ustawienia lokalne\Temp\Katalog tymczasowy 3 dla hijackthisy.zip\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Smapp = C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Default) =
ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SpeedTouch USB Diagnostics = "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
Windows Logon Application = C:\WINDOWS\System32\winIogon.exe
Local Security Authority Service = C:\WINDOWS\System32\Isass.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
Gadu-Gadu = "C:\Program Files\Gadu-Gadu\gg.exe" /tray
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Download Program Files:
[MailCfg Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\mailcfg.ocx
CODEBASE = http://poczta.wp.pl/d105/mailcfg.ocx
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 5 066 bytes
Report generated in 0,070 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
#6
15 May 2005 15:32 Trojan-1252 |
|
|
|
:arrow: Radek102
Nie, wklej to co wczesniej tylko cale bo wkleiles tylko sam poczatek.
|
|
| Back to top |
|
|
Radek102
Poziom 18
Joined: 25 Nov 2004
Posts: 503
Location: ¦wiecie
|
#7
15 May 2005 15:46 Re: Trojan-1252 |
|
|
|
Logfile of HijackThis v1.99.1
Scan saved at 16:18:59, on 2005-05-15
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Isass.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Radek\Ustawienia lokalne\Temp\Katalog tymczasowy 6 dla hijackthisy.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ł±cza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/d105/mailcfg.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC44C041-6744-4F0E-8332-23A0F01BF0D5}: NameServer = 195.114.161.61 195.114.181.130
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
|
| Back to top |
|
|
Google
|
| #
15 May 2005 15:55 |
|
|
|
|
|
| Back to top |
|
|
Radek102
Poziom 18
Joined: 25 Nov 2004
Posts: 503
Location: ¦wiecie
|
#9
15 May 2005 16:38 Re: Trojan-1252 |
|
|
|
ZrobiBem tak jak radziBe[ jest ok
Ale z tym wirusem to nie wiem jak go usun
Jesto
C/windows/system32/exe
nazwa pasozyta Win 32:Trojan 1251
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
#10
15 May 2005 16:48 Trojan-1252 |
|
|
|
Skoro antyvirus Ci go wykrywa to chyba jest tam opcja usun?
Mozesz go tez usunac killboxem tak jak wczesniej, wklejasz do niego:
C:\Windows\System32.exe
|
|
| Back to top |
|
|
Radek102
Poziom 18
Joined: 25 Nov 2004
Posts: 503
Location: ¦wiecie
|
#11
15 May 2005 17:07 Re: Trojan-1252 |
|
|
|
Chyba jest to samo zawiesil sie i wylaczylo mi kompa : wyskoczyl kwadrat w którym odliczal sie czas od 1 min wdul i sie wylaczyl
pisalo ze system windows musi by uruchomiony ponownie ....
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
|
| Back to top |
|
|
Radek102
Poziom 18
Joined: 25 Nov 2004
Posts: 503
Location: ¦wiecie
|
#13
15 May 2005 18:33 Re: Trojan-1252 |
|
|
|
dziki jestes wielki
mze wiesz dlaczego nie mam polskich liter ale tylko w internecie w wordzie ok
|
|
| Back to top |
|
|
jankolo
Poziom 26
Joined: 10 Jan 2005
Posts: 28259
Location: ŁódĽ
|
#14
15 May 2005 18:37 Re: Trojan-1252 |
|
|
|
| Radek102 wrote: |
| moze wiesz dlaczego nie mam polskich liter ale tylko w internecie w wordzie ok |
Odinstaluj Google Toolbar.
|
|
| Back to top |
|
|
Radek102
Poziom 18
Joined: 25 Nov 2004
Posts: 503
Location: ¦wiecie
|
#15
15 May 2005 18:42 Re: Trojan-1252 |
|
|
|
Jak widzisz pomogło ale jak mam co¶ wyszukiwa masz jak±¶ alternatywe
¶¶¶¶¶¶¶¶¶¶ńńńńńńńńńńńńńńńłłłłłłłłłłłł±±±±±±±±±±±ęęęęęęęęęęę
|
|
| Back to top |
|
|
jankolo
Poziom 26
Joined: 10 Jan 2005
Posts: 28259
Location: ŁódĽ
|
#16
15 May 2005 18:46 Re: Trojan-1252 |
|
|
|
Przyznaję, że niespecjalnie rozumiem, w jaki sposób brak paska uniemożliwia Ci wyszukiwanie informacji. Ja żadnych pasków nie uzywam, wchodzę po prostu na stronę www.google.pl. Przy nieco bardziej wymy¶lnych wyszukiwaniach posługuję się klientem systemu Copernic (www.copernic.com)-polecam.
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
#17
15 May 2005 18:54 Trojan-1252 |
|
|
|
Mozna tez sprobowac jeszcze raz zainstalowac pasek google albo np. nakladke na IE AvantBrowser, ktora ma swoj pasek google:
http://www.avantbrowser.com/
|
|
| Back to top |
|
|
Google
|
| #
15 May 2005 18:54 |
|
|
|
|
|
| Back to top |
|
|
Radek102
Poziom 18
Joined: 25 Nov 2004
Posts: 503
Location: ¦wiecie
|
#18
16 May 2005 08:08 Re: Trojan-1252 |
|
|
|
Dzięki za t± wyszukiwarke chodzi ekstra szybciutko
|
|
| Back to top |
|
|
