Jak w wielu przypadkach win 32 agent lnk ;(

adrian1234 · 28 Styczeń 2008 11:49

Dzien dobry wszystkim. Moj problem polega na tym, iz nie moge usunac tego trojana, a robi mi baaardzo zle w moim komputerze…widzialem juz kilku ludzi ma tutaj posty o tej tematyce aczkolwiek rady kierowane do nich nie pomagaly mi. Bardzo prosze o pomoc ponizej wklejam swojlog z hijack this z gory dziekuje:

Logfile of HijackThis v1.99.1

Scan saved at 12:48:17, on 2008-01-28

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\PnkBstrA.exe

C:\WINDOWS\System32\PnkBstrB.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\iTunes\tunes\iTunesHelper.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime

O4 - HKLM…\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\tunes\iTunesHelper.exe”

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Super Turbo Tango Patcher Reloader.lnk = C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)

O17 - HKLM\System\CCS\Services\Tcpip…{9B031AB7-7D1E-43A8-AE67-90A1F056F0C5}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

arekmalek · 28 Styczeń 2008 12:23

W logu nic nie widać

adrian1234 · 28 Styczeń 2008 13:47

kiedy ciagle wyskakuje mi informacja o tym trojanie. Dodam ze trojan pokazuje sie dopiero po polaczeniu z internetem wczesniej nic sie nie dzieje

arekmalek · 28 Styczeń 2008 14:25

Podaj ścieżkę do zainfekowanego pliku

EDIT: pobierz WWDC Po użyciu tego narzędzia wymagany jest reset sysa.

i ustaw w nim znaczki na zielono

Gutek · 28 Styczeń 2008 18:11

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350