Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    KOLOBOS- re!!!!!!!!

    IP: .48.213.* / 217.153.194.* 21.03.05, 22:18
    Dzięki że odpisałeś.
    Uruchomiłam w trybie awaryjnym i zeskanowałam komputer. Niestety trojan nie
    został usunięty. Poniżej dołączam log z hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 21:27:31, on 2005-03-21
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\GADU-G~1\gg.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\EWA\Ustawienia lokalne\Temporary Internet
    Files\Content.IE5\OBBVAGT1\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*www.yahoo.co
    m/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*www.yahoo.co
    m
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.wp.pl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*www.yahoo.co
    m
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    F3 - REG:win.ini: load=C:\YDPDict\watch.exe
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
    \NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
    Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
    atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program
    Files\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Pobierz wszystko przez Net Transport -
    C:\Program
    Files\Xi\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar2.dll/cmtrans.html
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.
    cab?1102625117489
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
    Class) -
    www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
    C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -

    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


    Z góry dziękuję:-)
    Obserwuj wątek

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin