analiza loga z hjt
prosze o analize loga:
ogfile of HijackThis v1.97.7
Scan saved at 15:09:05, on 2004–12–05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesSymantec AntiVirusDefWatch.exe
C:PROGRA~1NORTON~1NORTON~3GHOSTS~2.EXE
C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
C:WINDOWSsystem32 vsvc32.exe
C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:Program FilesD–Toolsdaemon.exe
C:Program FilesLogitechiTouchiTouch.exe
C:Program FilesMultiResMultiRes.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesNetMeterNetMeter.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesOpera76opera.exe
E: óźneHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 – HKLM..Run: [DAEMON Tools–1033] "C:Program FilesD–Toolsdaemon.exe" –lang 1045
O4 – HKLM..Run: [zBrowser Launcher] C:Program FilesLogitechiTouchiTouch.exe
O4 – HKLM..Run: [MultiRes] C:Program FilesMultiResMultiRes.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [RivaTunerStartupDaemon] "C:Program FilesRivaTunerRivaTuner.exe" /S
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [C:Program FilesNetMeterNetMeter.exe] C:Program FilesNetMeterNetMeter.exe
O17 – HKLMSystemCCSServicesTcpip..{A6BBDCE4–5A88–4987–8611–39DB57186661}: NameServer = 194.204.152.34 217.98.63.164
ogfile of HijackThis v1.97.7
Scan saved at 15:09:05, on 2004–12–05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesSymantec AntiVirusDefWatch.exe
C:PROGRA~1NORTON~1NORTON~3GHOSTS~2.EXE
C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
C:WINDOWSsystem32 vsvc32.exe
C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:Program FilesD–Toolsdaemon.exe
C:Program FilesLogitechiTouchiTouch.exe
C:Program FilesMultiResMultiRes.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesNetMeterNetMeter.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesOpera76opera.exe
E: óźneHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 – HKLM..Run: [DAEMON Tools–1033] "C:Program FilesD–Toolsdaemon.exe" –lang 1045
O4 – HKLM..Run: [zBrowser Launcher] C:Program FilesLogitechiTouchiTouch.exe
O4 – HKLM..Run: [MultiRes] C:Program FilesMultiResMultiRes.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [RivaTunerStartupDaemon] "C:Program FilesRivaTunerRivaTuner.exe" /S
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [C:Program FilesNetMeterNetMeter.exe] C:Program FilesNetMeterNetMeter.exe
O17 – HKLMSystemCCSServicesTcpip..{A6BBDCE4–5A88–4987–8611–39DB57186661}: NameServer = 194.204.152.34 217.98.63.164
Odpowiedzi: 1
Kosmetyka w zasadzie
Napraw:
Prewencja ??
Napraw:
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
Prewencja ??
Strona 1 / 1